RUNDLL ERRORS

Arliia · Jun 1, 2013

think is a regedit thing manybe..i am lost in that.

Fiery · Jun 1, 2013

Hi Arliia and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
I would like a different diagnostic on your PC.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <>e:\frst64</> and press <>Enter</>
<>Note:</> Replace letter <>e</> with the drive letter of your flash drive.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

Arliia · Jun 1, 2013

frst report

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02
Ran by SYSTEM on 01-06-2013 22:41:38
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]
HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [12656 2012-06-18] (Alienware)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBRC.exe" [201608 2012-11-06] (GFI Software)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-09-22] (Softthinks)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\Ar\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\Ar\...\Run: [SoftThinks] rundll32 "C:\Users\Ar\AppData\Local\Microsoft Help\SoftThinks\wkhnzka.dll",DllRegisterServer [x]
HKU\Ar\...\Run: [Red 5 Studios] RUNDLL32.EXE "C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll",wtpmeppnraztwciltqturql [x]
HKU\Ar\...\Run: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] ()
HKU\Ar\...\Run: [TimeServer] "C:\Users\Ar\AppData\Roaming\Dell\WIN79D2.exe" [126976 2013-06-01] ()
HKU\Ar\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] ()
HKU\Ar\...\Winlogon: [Shell] explorer.exe
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File

==================== Services (Whitelisted) =================

S2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249128 2013-04-08] (Avanquest Software)
S2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2013-04-08] (Avanquest Software)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 Fix-It Task Manager; C:\PROGRA~2\AVANQU~1\Fix-It\MxTask.exe [537504 2013-04-08] (Avanquest Software)
S2 SBAMSvc; C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [86400 2013-04-08] (Avanquest Software North America)

==================== Drivers (Whitelisted) ====================

S3 AQFileRestore; C:\Windows\SysWow64\DRIVERS\AQFileRestore.sys [20496 2013-04-08] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-06-01] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-10-24] (Razer USA Ltd)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2012-10-24] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-10-24] (Razer USA Ltd)
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 gfiark; system32\drivers\gfiark.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-01 22:41 - 2013-06-01 22:41 - 00000000 ____D C:\FRST
2013-06-01 19:57 - 2013-06-01 19:57 - 00001275 ____A C:\AdwCleaner[S2].txt
2013-06-01 12:03 - 2013-06-01 12:03 - 00001199 ____A C:\Users\Ar\Desktop\AdwCleaner[R1].txt
2013-06-01 12:02 - 2013-06-01 12:02 - 00001422 ____A C:\Users\Ar\Desktop\adwcleaner.exe - Shortcut.lnk
2013-06-01 12:02 - 2013-06-01 12:02 - 00001199 ____A C:\AdwCleaner[R1].txt
2013-06-01 11:53 - 2013-06-01 11:53 - 00108130 ____A C:\Users\Ar\Desktop\OTL.Txt
2013-06-01 10:25 - 2013-06-01 10:25 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-06-01 10:23 - 2013-06-01 10:23 - 00001408 ____A C:\Users\Clay\Desktop\HitmanPro_20130601_1023.log
2013-06-01 10:23 - 2013-06-01 10:23 - 00000356 ____A C:\Windows\System32\.crusader
2013-06-01 10:14 - 2013-06-01 10:14 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-01 10:13 - 2013-06-01 10:23 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-01 10:13 - 2013-06-01 10:23 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-01 10:11 - 2013-06-01 10:11 - 09818384 ____A (SurfRight B.V.) C:\Users\Clay\Desktop\HitmanPro_x64.exe
2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-06-01 03:02 - 2013-06-01 03:05 - 169354200 ____A C:\Users\Clay\Desktop\setup_11.0.0.1245.x01_2013_06_01_06_26.exe
2013-06-01 03:01 - 2013-06-01 03:01 - 00000255 ____A C:\Users\Clay\Desktop\est text.txt
2013-06-01 01:25 - 2013-06-01 01:25 - 02347384 ____A (ESET) C:\Users\Clay\Desktop\esetsmartinstaller_enu.exe
2013-06-01 01:25 - 2013-06-01 01:25 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Clay\Desktop\mbar-1.06.0.1003
2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\My Documents\mbar-1.06.0.1003
2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\Documents\mbar-1.06.0.1003
2013-06-01 00:26 - 2013-06-01 00:26 - 00001496 ____A C:\Users\Clay\Desktop\JRT.txt
2013-06-01 00:23 - 2013-06-01 00:23 - 00000000 ____D C:\Windows\ERUNT
2013-06-01 00:22 - 2013-06-01 00:23 - 00000000 ____D C:\JRT
2013-06-01 00:22 - 2013-06-01 00:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Desktop\JRT.exe
2013-06-01 00:21 - 2013-06-01 00:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Downloads\JRT.exe
2013-06-01 00:16 - 2013-06-01 00:16 - 00001346 ____A C:\AdwCleaner[S1].txt
2013-06-01 00:15 - 2013-06-01 00:15 - 00632031 ____A C:\Users\Clay\Desktop\adwcleaner.exe
2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\Users\Clay\My Backup Files
2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\census.cache
2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\Application Data\census.cache
2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\AppData\Local\census.cache
2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\ars.cache
2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\Application Data\ars.cache
2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\AppData\Local\ars.cache
2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\housecall.guid.cache
2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\Application Data\housecall.guid.cache
2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\AppData\Local\housecall.guid.cache
2013-05-31 16:52 - 2012-06-05 02:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2013-05-31 16:50 - 2013-05-31 16:50 - 00000000 ____D C:\Users\Clay\Desktop\log
2013-05-31 15:28 - 2013-05-31 15:28 - 00000000 ____D C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\Application Data\skype.ini
2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\AppData\Roaming\skype.ini
2013-05-31 15:20 - 2013-05-31 15:20 - 00126976 ____A C:\Users\Ar\opera.exe
2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\teamviewer.exe
2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\skype.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\vlcplayer.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\icq.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\googleupdate.exe
2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\mstsc.exe
2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\msconfig.exe
2013-05-31 09:08 - 2013-06-01 21:00 - 00000318 ___AH C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvwgf2um.dll
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvd3dum.dll
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvapi.dll
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\eEBUtil.dll
2013-05-28 22:44 - 2013-05-28 22:44 - 00232221 ____A C:\Users\Ar\Downloads\Wowhead_Client.zip
2013-05-25 14:26 - 2013-05-25 14:26 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\Application Data\Malwarebytes
2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Malwarebytes
2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 00:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\My Documents\AlienFX
2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\Documents\AlienFX
2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\Application Data\Adobe
2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Adobe
2013-05-20 10:35 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-20 10:35 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-20 10:35 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-20 10:35 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-20 10:34 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-20 10:34 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-20 10:34 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-20 10:34 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-20 10:34 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-20 10:34 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-20 10:34 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-20 10:34 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-20 10:34 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-20 10:34 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-20 10:34 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-20 10:34 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-20 10:34 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-20 10:34 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-20 10:34 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-20 10:34 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-20 10:34 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-20 10:34 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-20 10:34 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-20 10:34 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-20 10:34 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-20 10:34 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-20 10:34 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-20 10:34 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-20 10:34 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-20 10:34 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-20 10:34 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-20 10:34 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-20 10:33 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-20 10:33 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-20 10:33 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-20 10:33 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-20 10:33 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-20 10:33 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-20 10:33 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-20 10:33 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-20 10:33 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-20 10:33 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-20 10:33 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-20 10:33 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-20 10:33 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-20 10:33 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\Program Files\iTunes
2013-05-18 09:00 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iPod
2013-05-15 11:26 - 2013-05-15 11:28 - 00000000 ____D C:\Users\Ar\Desktop\Brittany's
2013-05-13 20:55 - 2012-11-06 11:20 - 00047496 ____N (GFI Software) C:\Windows\System32\sbbd.exe
2013-05-13 20:55 - 2012-02-09 12:58 - 00035000 ____A C:\Windows\System32\mxntdfg.exe

==================== One Month Modified Files and Folders =======

2013-06-01 22:41 - 2013-06-01 22:41 - 00000000 ____D C:\FRST
2013-06-01 21:37 - 2012-01-25 14:21 - 01079936 ____A C:\Windows\WindowsUpdate.log
2013-06-01 21:37 - 2009-07-13 23:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-01 21:37 - 2009-07-13 23:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-01 21:36 - 2012-01-25 21:45 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2013-06-01 21:32 - 2012-01-25 23:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-01 21:32 - 2012-01-25 23:41 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-06-01 21:32 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-01 21:32 - 2009-07-13 23:51 - 00053925 ____A C:\Windows\setupact.log
2013-06-01 21:30 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-01 21:00 - 2013-05-31 09:08 - 00000318 ___AH C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job
2013-06-01 20:47 - 2012-12-19 10:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 19:57 - 2013-06-01 19:57 - 00001275 ____A C:\AdwCleaner[S2].txt
2013-06-01 19:47 - 2013-04-18 14:05 - 00000000 ___HD C:\_Backup
2013-06-01 19:10 - 2012-08-20 17:06 - 00000000 ____D C:\Users\Ar\Application Data\Dell
2013-06-01 19:10 - 2012-08-20 17:06 - 00000000 ____D C:\Users\Ar\AppData\Roaming\Dell
2013-06-01 19:06 - 2012-01-26 17:17 - 00071772 ____A C:\Windows\PFRO.log
2013-06-01 18:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-01 12:03 - 2013-06-01 12:03 - 00001199 ____A C:\Users\Ar\Desktop\AdwCleaner[R1].txt
2013-06-01 12:02 - 2013-06-01 12:02 - 00001422 ____A C:\Users\Ar\Desktop\adwcleaner.exe - Shortcut.lnk
2013-06-01 12:02 - 2013-06-01 12:02 - 00001199 ____A C:\AdwCleaner[R1].txt
2013-06-01 11:53 - 2013-06-01 11:53 - 00108130 ____A C:\Users\Ar\Desktop\OTL.Txt
2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Apple Computer
2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\Local Settings\Apple Computer
2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\AppData\Local\Apple Computer
2013-06-01 10:25 - 2013-06-01 10:25 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-06-01 10:23 - 2013-06-01 10:23 - 00001408 ____A C:\Users\Clay\Desktop\HitmanPro_20130601_1023.log
2013-06-01 10:23 - 2013-06-01 10:23 - 00000356 ____A C:\Windows\System32\.crusader
2013-06-01 10:23 - 2013-06-01 10:13 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-01 10:23 - 2013-06-01 10:13 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-01 10:14 - 2013-06-01 10:14 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-01 10:11 - 2013-06-01 10:11 - 09818384 ____A (SurfRight B.V.) C:\Users\Clay\Desktop\HitmanPro_x64.exe
2013-06-01 04:05 - 2012-01-26 09:00 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-01 04:05 - 2012-01-26 09:00 - 00002515 ____A C:\ProgramData\Desktop\Skype.lnk
2013-06-01 04:05 - 2012-01-26 09:00 - 00000000 ____D C:\ProgramData\Skype
2013-06-01 04:05 - 2012-01-26 09:00 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\Local Settings\Red 5 Studios
2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Red 5 Studios
2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\AppData\Local\Red 5 Studios
2013-06-01 03:11 - 2012-01-25 12:51 - 00000000 ____D C:\users\Ar
2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-06-01 03:05 - 2013-06-01 03:02 - 169354200 ____A C:\Users\Clay\Desktop\setup_11.0.0.1245.x01_2013_06_01_06_26.exe
2013-06-01 03:01 - 2013-06-01 03:01 - 00000255 ____A C:\Users\Clay\Desktop\est text.txt
2013-06-01 01:25 - 2013-06-01 01:25 - 02347384 ____A (ESET) C:\Users\Clay\Desktop\esetsmartinstaller_enu.exe
2013-06-01 01:25 - 2013-06-01 01:25 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Clay\Desktop\mbar-1.06.0.1003
2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\My Documents\mbar-1.06.0.1003
2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\Documents\mbar-1.06.0.1003
2013-06-01 00:26 - 2013-06-01 00:26 - 00001496 ____A C:\Users\Clay\Desktop\JRT.txt
2013-06-01 00:23 - 2013-06-01 00:23 - 00000000 ____D C:\Windows\ERUNT
2013-06-01 00:23 - 2013-06-01 00:22 - 00000000 ____D C:\JRT
2013-06-01 00:22 - 2013-06-01 00:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Desktop\JRT.exe
2013-06-01 00:21 - 2013-06-01 00:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Downloads\JRT.exe
2013-06-01 00:16 - 2013-06-01 00:16 - 00001346 ____A C:\AdwCleaner[S1].txt
2013-06-01 00:15 - 2013-06-01 00:15 - 00632031 ____A C:\Users\Clay\Desktop\adwcleaner.exe
2013-06-01 00:02 - 2013-05-31 15:23 - 00000004 ____A C:\Users\Ar\Application Data\skype.ini
2013-06-01 00:02 - 2013-05-31 15:23 - 00000004 ____A C:\Users\Ar\AppData\Roaming\skype.ini
2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\Users\Clay\My Backup Files
2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\Local Settings\SoftThinks
2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\Local Settings\Application Data\SoftThinks
2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\AppData\Local\SoftThinks
2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\users\Clay
2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\census.cache
2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\Application Data\census.cache
2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\AppData\Local\census.cache
2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\ars.cache
2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\Application Data\ars.cache
2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\AppData\Local\ars.cache
2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\housecall.guid.cache
2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\Application Data\housecall.guid.cache
2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\AppData\Local\housecall.guid.cache
2013-05-31 16:50 - 2013-05-31 16:50 - 00000000 ____D C:\Users\Clay\Desktop\log
2013-05-31 15:28 - 2013-05-31 15:28 - 00000000 ____D C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 15:20 - 2013-05-31 15:20 - 00126976 ____A C:\Users\Ar\opera.exe
2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\teamviewer.exe
2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\skype.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\vlcplayer.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\icq.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\googleupdate.exe
2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\mstsc.exe
2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\msconfig.exe
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\Local Settings\Deployment
2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Deployment
2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\AppData\Local\Deployment
2013-05-30 17:47 - 2012-01-26 09:00 - 00000000 ____D C:\Users\Ar\Application Data\Skype
2013-05-30 17:47 - 2012-01-26 09:00 - 00000000 ____D C:\Users\Ar\AppData\Roaming\Skype
2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\Local Settings\ars.cache
2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\Local Settings\Application Data\ars.cache
2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\AppData\Local\ars.cache
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvwgf2um.dll
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvd3dum.dll
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvapi.dll
2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\eEBUtil.dll
2013-05-28 22:44 - 2013-05-28 22:44 - 00232221 ____A C:\Users\Ar\Downloads\Wowhead_Client.zip
2013-05-28 22:37 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-25 14:26 - 2013-05-25 14:26 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-25 14:26 - 2012-05-19 18:53 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-25 14:26 - 2012-05-19 18:53 - 00001845 ____A C:\ProgramData\Desktop\QuickTime Player.lnk
2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\Application Data\Malwarebytes
2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Malwarebytes
2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\My Documents\AlienFX
2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\Documents\AlienFX
2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\Application Data\Adobe
2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Adobe
2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\Local Settings\Microsoft Help
2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Microsoft Help
2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\AppData\Local\Microsoft Help
2013-05-23 23:04 - 2012-01-26 12:51 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-05-21 15:04 - 2012-08-20 17:06 - 00000000 ____D C:\Program Files\AlienAutopsy
2013-05-21 15:03 - 2012-08-20 17:06 - 00000000 ____D C:\ProgramData\PCDr
2013-05-21 15:03 - 2012-08-20 17:06 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-05-21 08:35 - 2012-05-14 16:33 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-05-20 12:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-20 11:32 - 2009-07-13 23:45 - 00327256 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-20 10:40 - 2012-10-18 21:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-20 10:40 - 2012-10-18 21:43 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-05-20 10:38 - 2012-01-26 17:00 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iTunes
2013-05-18 09:01 - 2012-09-15 14:49 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-18 09:01 - 2012-09-15 14:49 - 00001783 ____A C:\ProgramData\Desktop\iTunes.lnk
2013-05-18 09:01 - 2012-06-16 14:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-18 09:00 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iPod
2013-05-15 11:28 - 2013-05-15 11:26 - 00000000 ____D C:\Users\Ar\Desktop\Brittany's
2013-05-15 00:47 - 2012-04-04 12:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 00:47 - 2012-01-25 19:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 20:54 - 2012-01-25 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-10 08:16 - 2013-03-09 01:01 - 00000000 ____D C:\users\UpdatusUser.ARLENE
2013-05-05 16:36 - 2013-05-20 10:35 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 16:16 - 2013-05-20 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 14:25 - 2013-05-20 10:35 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 14:12 - 2013-05-20 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\Users\Ar\googleupdate.exe
C:\Users\Ar\icq.exe
C:\Users\Ar\msconfig.exe
C:\Users\Ar\mstsc.exe
C:\Users\Ar\opera.exe
C:\Users\Ar\skype.exe
C:\Users\Ar\teamviewer.exe
C:\Users\Ar\vlcplayer.exe
C:\Users\Ar\AppData\Roaming\skype.ini
C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-28 00:00:08
Restore point made on: 2013-05-31 19:43:24
Restore point made on: 2013-06-01 00:48:52
Restore point made on: 2013-06-01 10:47:20

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 9206.99 MB
Available physical RAM: 8379.63 MB
Total Pagefile: 9205.14 MB
Available Pagefile: 8369.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:925.23 GB) (Free:817.62 GB) NTFS (Disk=0 Partition=2)
Drive j: () (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT (Disk=1 Partition=1)
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive l: (RECOVERY) (Fixed) (Total:6.18 GB) (Free:2.25 GB) NTFS (Disk=0 Partition=3)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6ECA5067)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=925 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 949 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=949 MB) - (Type=0E)

Last Boot: 2013-05-24 02:01

==================== End Of Log ============================

Arliia · Jun 1, 2013

btw..internet *seems* to be leveling out

Fiery · Jun 1, 2013

Hi,

Lot's of malware still on your PC.

Open notepad and copy & paste the following:

HKU\Ar\...\Run: [SoftThinks] rundll32 "C:\Users\Ar\AppData\Local\Microsoft Help\SoftThinks\wkhnzka.dll",DllRegisterServer [x]
HKU\Ar\...\Run: [Red 5 Studios] RUNDLL32.EXE "C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll",wtpmeppnraztwciltqturql [x]
HKU\Ar\...\Run: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] ()
HKU\Ar\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] ()
HKU\Ar\...\Winlogon: [Shell] explorer.exe
013-05-31 15:28 - 2013-05-31 15:28 - 00000000 ____D C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\Application Data\skype.ini
2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\AppData\Roaming\skype.ini
2013-05-31 15:20 - 2013-05-31 15:20 - 00126976 ____A C:\Users\Ar\opera.exe
2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\teamviewer.exe
2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\skype.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\vlcplayer.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\icq.exe
2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\googleupdate.exe
2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\mstsc.exe
2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\msconfig.exe
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad
2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Then boot normally, and Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Download & SAVE to your Desktop RogueKiller or from here

Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select Run as Administrator to start
Wait until Prescan has finished, then click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click delete and wait until it saids deleting finished
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Arliia · Jun 1, 2013

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2013 02
Ran by SYSTEM at 2013-06-02 00:27:12 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Ar\Software\Microsoft\Windows\CurrentVersion\Run\\SoftThinks => Value deleted successfully.
HKEY_USERS\ Ar\Software\Microsoft\Windows\CurrentVersion\Run\\ Red 5 Studios => Value not found.
HKEY_USERS\ Ar\Software\Microsoft\Windows\CurrentVersion\Run\\ Adobe CSS5.1 Manager => Value not found.
HKEY_USERS\ Ar\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Adobe CSS5.1 Manager => Value not found.
HKEY_USERS\ Ar\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.

========================= Folder: C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad ========================

2013-05-31 09:07 - 2013-05-31 09:07 - 0126976 ____A () C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe

====== End of Folder: ======

==== End of Fixlog ====

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.673000 GHz
Memory total: 9654226944, free: 7462510592

Downloaded database version: v2013.06.01.05
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
06/01/2013 19:36:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VKbms.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\rzdaendpt.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\system32\DRIVERS\rzvkeyboard.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\WINDOWS\System32\ntdll.dll
\WINDOWS\System32\smss.exe
\WINDOWS\System32\apisetschema.dll
\WINDOWS\System32\autochk.exe
\WINDOWS\System32\imagehlp.dll
\WINDOWS\System32\msctf.dll
\WINDOWS\System32\difxapi.dll
\WINDOWS\System32\gdi32.dll
\WINDOWS\System32\msvcrt.dll
\WINDOWS\System32\shell32.dll
\WINDOWS\System32\usp10.dll
\WINDOWS\System32\kernel32.dll
\WINDOWS\System32\lpk.dll
\WINDOWS\System32\urlmon.dll
\WINDOWS\System32\setupapi.dll
\WINDOWS\System32\normaliz.dll
\WINDOWS\System32\shlwapi.dll
\WINDOWS\System32\Wldap32.dll
\WINDOWS\System32\rpcrt4.dll
\WINDOWS\System32\iertutil.dll
\WINDOWS\System32\sechost.dll
\WINDOWS\System32\psapi.dll
\WINDOWS\System32\ole32.dll
\WINDOWS\System32\imm32.dll
\WINDOWS\System32\wininet.dll
\WINDOWS\System32\nsi.dll
\WINDOWS\System32\user32.dll
\WINDOWS\System32\advapi32.dll
\WINDOWS\System32\ws2_32.dll
\WINDOWS\System32\clbcatq.dll
\WINDOWS\System32\oleaut32.dll
\WINDOWS\System32\comdlg32.dll
\WINDOWS\System32\comctl32.dll
\WINDOWS\System32\crypt32.dll
\WINDOWS\System32\KernelBase.dll
\WINDOWS\System32\devobj.dll
\WINDOWS\System32\cfgmgr32.dll
\WINDOWS\System32\wintrust.dll
\WINDOWS\System32\msasn1.dll
\WINDOWS\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800a980060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xfffffa800a989750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800a981060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xfffffa800a97c950
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800a979060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xfffffa800961a660
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800a97f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa800a97bb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009975790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa8009978060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80089aa790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800874a1f0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80089aa790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80089aa2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80089aa790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008758520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800874a1f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6ECA5067

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1940348762

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1940555610 Numsec = 12964455

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009975790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009977040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009975790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009978060, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xe)
Partition is ACTIVE.
Partition starts at LBA: 8 Numsec = 1944279
Partition file system is FAT
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 995474944 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800a97f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a989040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a97f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a97bb60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800a979060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a97fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a979060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800961a660, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800a981060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a979b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a981060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a97c950, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800a980060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a981b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a980060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a989750, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_8_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ar :: ARLENE [administrator]

6/1/2013 7:36:23 PM
mbar-log-2013-06-01 (19-36-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 306251
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Arliia · Jun 1, 2013

RK report

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ar [Admin rights]
Mode : Scan -- Date : 06/01/2013 19:55:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 4 ¤¤¤
[SUSP PATH] WIN79D2.exe -- C:\Users\Ar\AppData\Roaming\Dell\WIN79D2.exe [-] -> KILLED [TermProc]
[BLACKLIST] twunk_32.exe -- C:\WINDOWS\twunk_32.exe [7] -> KILLED [TermProc]
[BLACKLIST] twunk_32.exe -- C:\WINDOWS\twunk_32.exe [7] -> KILLED [TermProc]
[BLACKLIST] twunk_32.exe -- C:\WINDOWS\twunk_32.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 17 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Red 5 Studios (RUNDLL32.EXE "C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll",wtpmeppnraztwciltqturql) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Adobe CSS5.1 Manager (C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe) [-] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : TimeServer ("C:\Users\Ar\AppData\Roaming\Dell\WIN79D2.exe") [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3151651794-4019511193-3406183264-1001[...]\Run : Red 5 Studios (RUNDLL32.EXE "C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll",wtpmeppnraztwciltqturql) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3151651794-4019511193-3406183264-1001[...]\Run : Adobe CSS5.1 Manager (C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3151651794-4019511193-3406183264-1001[...]\Run : TimeServer ("C:\Users\Ar\AppData\Roaming\Dell\WIN79D2.exe") [-] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Adobe CSS5.1 Manager (C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3151651794-4019511193-3406183264-1001[...]\RunOnce : Adobe CSS5.1 Manager (C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe) [-] -> FOUND
[TASK][SUSP PATH] {AAC7A130-C70F-4334-BD9E-E86127026A81}.job : C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [-] -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\Ar\AppData\Local\Temp\sbvclle\swpypet\wow64.dll) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] b51d790590dd916419f2c90317de5e7e
[BSP] 7ee2de904d2874fbdde5c76b3ca7c4ac : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 947435 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1940555610 | Size: 6330 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06012013_02d1955.txt >>
RKreport[1]_S_06012013_02d1955.txt

Fiery · Jun 1, 2013

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O4 - HKCU..\Run: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe ()
O4 - HKCU..\Run: [Red 5 Studios] RUNDLL32.EXE "C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll",wtpmeppnraztwciltqturql File not found
O4 - HKCU..\Run: [SoftThinks] rundll32 "C:\Users\Ar\AppData\Local\Microsoft Help\SoftThinks\wkhnzka.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [TimeServer] "C:\Users\Ar\AppData\Roaming\Dell\WIN79D2.exe"tThinks\wkhnzka.dll",DllRegisterServer File not found
O4 - HKCU..\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe ()

:Files
C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad
C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad
C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad
C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad
C:\Users\Ar\googleupdate.exe
C:\Users\Ar\icq.exe
C:\Users\Ar\msconfig.exe
C:\Users\Ar\mstsc.exe
C:\Users\Ar\opera.exe
C:\Users\Ar\skype.exe
C:\Users\Ar\teamviewer.exe
C:\Users\Ar\vlcplayer.exe
C:\Users\Ar\AppData\Roaming\skype.ini
C:\Users\Ar\Application Data\skype.ini
C:\Users\Ar\AppData\Local\Microsoft Help\SoftThinks\wkhnzka.dll
C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Then update Malwarebyes Anti-malware and do a quick scan.

Arliia · Jun 1, 2013

can you post a link to dl OTL..seem to have deleted after scanned earlier

Arliia · Jun 1, 2013

OTL

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager deleted successfully.
C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Red 5 Studios not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SoftThinks not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager deleted successfully.
File C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe not found.
========== FILES ==========
C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad folder moved successfully.
File\Folder C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad not found.
File\Folder C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad not found.
C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad folder moved successfully.
C:\Users\Ar\googleupdate.exe moved successfully.
C:\Users\Ar\icq.exe moved successfully.
C:\Users\Ar\msconfig.exe moved successfully.
C:\Users\Ar\mstsc.exe moved successfully.
C:\Users\Ar\opera.exe moved successfully.
C:\Users\Ar\skype.exe moved successfully.
C:\Users\Ar\teamviewer.exe moved successfully.
C:\Users\Ar\vlcplayer.exe moved successfully.
C:\Users\Ar\AppData\Roaming\skype.ini moved successfully.
File\Folder C:\Users\Ar\Application Data\skype.ini not found.
File\Folder C:\Users\Ar\AppData\Local\Microsoft Help\SoftThinks\wkhnzka.dll not found.
File\Folder C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ar\Desktop\cmd.bat deleted successfully.
C:\Users\Ar\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ar
->Temp folder emptied: 3129386 bytes
->Temporary Internet Files folder emptied: 132778015 bytes
->Java cache emptied: 10513930 bytes
->Flash cache emptied: 528 bytes

User: Clay
->Temp folder emptied: 1621 bytes
->Temporary Internet Files folder emptied: 61570381 bytes
->Flash cache emptied: 57397 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: UpdatusUser.ARLENE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 491936 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 109329 bytes

Total Files Cleaned = 199.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06012013_204250

Files\Folders moved on Reboot...
C:\Users\Ar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

will do malware scan next

Arliia · Jun 1, 2013

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.01.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ar :: ARLENE [administrator]

6/1/2013 8:51:07 PM
mbam-log-2013-06-01 (20-51-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283841
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Fiery · Jun 1, 2013

can you do a new OTL scan for me? Just open it and press Run scan.

Arliia · Jun 1, 2013

starting it now

Arliia · Jun 1, 2013

OTL logfile created on: 6/1/2013 9:11:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ar\Desktop\PcStuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.99 Gb Total Physical Memory | 7.38 Gb Available Physical Memory | 82.13% Memory free
9.24 Gb Paging File | 7.30 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): c:\pagefile.sys 256 512

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 925.23 Gb Total Space | 817.78 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive X: | 6.18 Gb Total Space | 2.25 Gb Free Space | 36.37% Space Free | Partition Type: NTFS

Computer Name: ARLENE | User Name: Ar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ar\Desktop\PcStuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe (Avanquest Software North America)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Alienware)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\AlienRespawn\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\54c496ff6d9d7e1c51cc343620fcc656\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1e8f7367eaa08c5057d78c093982f8f0\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e698a866fd16973a24ca6697218028ad\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\65984247e3e77b0d6fad25ee68f34664\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll ()
MOD - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EpsonScanSvc) -- C:\WINDOWS\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (.AVQWindowsMonitorService) -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe (Avanquest Software)
SRV - (Fix-It Task Manager) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe (Avanquest Software)
SRV - (VCOMCloudAgent) -- C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe (Avanquest Software North America)
SRV - (AQFileRestoreSrv) -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe (Avanquest Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBAMSvc.exe (GFI Software)
SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (hitmanpro37) -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (gfiark) -- C:\WINDOWS\SysNative\drivers\gfiark.sys (ThreatTrack Security)
DRV:64bit: - (AQFileRestore) -- C:\WINDOWS\SysNative\drivers\AQFileRestore.sys ()
DRV:64bit: - (USBAAPL64) -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (rzdaendpt) -- C:\WINDOWS\SysNative\drivers\rzdaendpt.sys (Razer USA Ltd)
DRV:64bit: - (rzvkeyboard) -- C:\WINDOWS\SysNative\drivers\rzvkeyboard.sys (Razer USA Ltd)
DRV:64bit: - (rzudd) -- C:\WINDOWS\SysNative\drivers\rzudd.sys (Razer USA Ltd)
DRV:64bit: - (rzendpt) -- C:\WINDOWS\SysNative\drivers\rzendpt.sys (Razer USA Ltd)
DRV:64bit: - (sbapifs) -- C:\WINDOWS\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NVHDA) -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (VKbms) -- C:\WINDOWS\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (danewFltr) -- C:\WINDOWS\SysNative\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (SBRE) -- C:\WINDOWS\SysNative\drivers\SBREDrv.sys (Sunbelt Software)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (k57nd60a) -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV - (AQFileRestore) -- C:\WINDOWS\SysWOW64\drivers\AQFileRestore.sys ()
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012/12/02 15:32:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2013/06/01 20:43:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBRC.exe (GFI Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7894861-463C-4AC8-8237-ADDD1B48D3D5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{3eb6e76a-47e0-11e1-8b88-a4badb021b81}\Shell - "" = AutoRun
O33 - MountPoints2\{3eb6e76a-47e0-11e1-8b88-a4badb021b81}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/01 22:41:25 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/01 20:42:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/01 19:54:00 | 000,000,000 | ---D | C] -- C:\Users\Ar\Desktop\RK_Quarantine
[2013/06/01 19:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/01 12:03:43 | 000,000,000 | ---D | C] -- C:\Users\Ar\AppData\Local\Diagnostics
[2013/06/01 10:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/01 10:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/01 03:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/06/01 01:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/01 00:23:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/01 00:22:59 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/31 16:52:27 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013/05/25 14:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/25 14:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/05/24 00:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/24 00:54:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/24 00:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/21 15:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013/05/20 10:34:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/20 10:34:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/20 10:34:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/20 10:34:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/20 10:34:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/20 10:34:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/20 10:34:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/20 10:34:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/20 10:34:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/20 10:34:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/20 10:34:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/20 10:34:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/20 10:34:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/20 10:34:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/20 10:34:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/20 10:33:37 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/20 10:33:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/20 10:33:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/20 10:33:36 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/20 10:33:34 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/20 10:33:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/20 10:33:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/18 09:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/18 09:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/18 09:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/18 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/15 11:26:32 | 000,000,000 | ---D | C] -- C:\Users\Ar\Desktop\Brittany's
[2013/05/13 20:55:35 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

========== Files - Modified Within 30 Days ==========

[2013/06/01 21:30:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/01 21:30:53 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/01 21:30:53 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/01 21:09:23 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/01 21:09:23 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/01 21:02:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/01 21:02:08 | 2945,699,839 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/01 20:47:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/01 20:43:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/06/01 10:25:40 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/06/01 10:23:12 | 000,000,356 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/06/01 04:05:58 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/30 15:19:17 | 000,095,811 | ---- | M] () -- C:\Users\Ar\AppData\Local\ars.cache
[2013/05/30 12:12:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\nvwgf2um.dll
[2013/05/30 12:12:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\nvd3dum.dll
[2013/05/30 12:12:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\nvapi.dll
[2013/05/30 12:12:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\eEBUtil.dll
[2013/05/25 14:26:46 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/05/20 11:32:16 | 000,327,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/18 09:01:18 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/15 00:47:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 00:47:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/06/01 10:25:40 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/06/01 10:23:12 | 000,000,356 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/05/30 12:12:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\nvwgf2um.dll
[2013/05/30 12:12:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\nvd3dum.dll
[2013/05/30 12:12:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\nvapi.dll
[2013/05/30 12:12:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\eEBUtil.dll
[2013/05/13 20:55:35 | 000,035,000 | ---- | C] () -- C:\Windows\SysNative\mxntdfg.exe
[2013/05/13 20:55:19 | 000,002,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fix-It Utilities Professional.lnk
[2013/04/10 17:14:34 | 000,020,496 | ---- | C] () -- C:\Windows\SysWow64\drivers\AQFileRestore.sys
[2013/01/29 18:15:49 | 000,000,210 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/12/01 15:27:50 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/19 10:46:24 | 000,000,079 | ---- | C] () -- C:\Windows\XP400.ini
[2012/06/18 16:07:08 | 000,022,384 | ---- | C] () -- C:\Windows\SysWow64\LightFX.dll
[2012/04/19 14:22:41 | 007,967,758 | ---- | C] () -- C:\Users\Ar\AppData\Local\census.cache
[2012/04/19 14:20:20 | 000,095,811 | ---- | C] () -- C:\Users\Ar\AppData\Local\ars.cache
[2012/04/19 13:37:04 | 000,000,036 | ---- | C] () -- C:\Users\Ar\AppData\Local\housecall.guid.cache
[2012/02/11 04:20:30 | 000,000,041 | ---- | C] () -- C:\Users\Ar\jagex_cl_runescape_LIVE.dat
[2012/02/11 04:20:30 | 000,000,024 | ---- | C] () -- C:\Users\Ar\random.dat
[2011/07/01 11:17:22 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Fiery · Jun 1, 2013

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2012/02/11 04:20:30 | 000,000,024 | ---- | C] () -- C:\Users\Ar\random.dat

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
- Scan unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

Arliia · Jun 1, 2013

here are the last 2 reports you asked for Fiery.I need to log and sleep now but will continue in am with whatever we need to do next.thank you for helping me..

========== OTL ==========
C:\Users\Ar\random.dat moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06012013_222528

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

Arliia · Jun 1, 2013

here are the last 2 reports you asked for Fiery.I need to log and sleep now but will continue in am with whatever we need to do next.thank you for helping me..

========== OTL ==========
C:\Users\Ar\random.dat moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06012013_222528

eset report:

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

Fiery · Jun 1, 2013

Hi,

Are you still getting the dll errors? How is your PC running?

Arliia · Jun 1, 2013

forgive the duplicate post please

Arliia · Jun 1, 2013

no dll errors and seems to be running well.

RUNDLL ERRORS

New Member

Attachments

Level 1

New Member

New Member

Level 1

New Member

New Member

Level 1

New Member

New Member

New Member

Level 1

New Member

New Member

Level 1

New Member

New Member

Level 1

New Member

New Member

Similar threads