PDA

View Full Version : Windows Defender stopped working.



wrekone
2012-12-17, 03:20
I am running Windows 8 Pro 64 bit.

Windows Defender won't scan. It will update. Gives error code 0x8007139f.
Started after installing pirated version of Cute FTP Pro 8.3.2., which I am attempting to remove but it tells me "Not all user data could be deleted. It may be locked by the system. C:\Users\wrek_000\ApplicationData\GlobalSCAPE\Cute FTp Pro\8.0".

I cannot find the directory it refers to, even though I have Folder Settings set to show hidden files and folders. I was able to remove it other than that, including removing the program folder in Program Files (x86).

I have had similar problems on Windows 7 machines that had this same pirated software installed, but never worried about it as I used AVG instead of Windows Defender. Now that I have an almost brand new install of Windows 8 it raised more red flags for me. I may have a similar infection on my other PC, a Windows 7 Pro machine, but I have never had any real problems on it other than Windows Defender not running, which I ignored because it also has AVG.

I have no other pirated software on my system (anymore).

I have no P2P programs on my PC.

I have previously installed CCleaner but have not run it and probably never will due to the sticky post about registry cleaners, though I have used it with great success on Win XP, Win Vista & Win 7.

While installing the aforementioned Cute FTP, Windows Defender found Trojan/Win32/Bumat!rts but I ignored it and installed anyway.

I ran a scan with Spybot 2 and let it fix the problems it found before seeking help in this forum. I have not tried any other fixes.

I can not figure out how to disable Tea Timer protection as instructed because I am using Spybot 2, which has a completely different interface than the one referenced in the "BEFORE You POST" sticky.

I cannot post an aswMBR log as it crashes and I get a message that says "avast! Antirootkit has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

I have backed up my registry with ERUNT.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.9.2
Run by wreko_000 at 16:57:07 on 2012-12-16
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.16381.13030 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Bitcasa\Bitcasa.exe
C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Users\wreko_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Plex\Plex Media Center\Plex.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: IGMONObj Class: {02464DDC-3187-11D8-8004-0020ED227566} -
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
uRun: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe
uRun: [CuteFTP TE] "C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
StartupFolder: C:\Users\WREKO_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\wreko_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\WREKO_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\WREKO_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Plex.lnk - C:\Program Files (x86)\Plex\Plex Media Center\Plex.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\USBKVM~1.LNK - C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
IE: LastPass - C:\Users\wreko_000\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\wreko_000\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3C76BF98-ECEC-45D7-A0A3-ABDDDD2AAB71} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\wreko_000\AppData\Roaming\Mozilla\Firefox\Profiles\ejfiqum8.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-13 23:02; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\WINDOWS\System32\Drivers\AppleCharger.sys [2012-12-13 22680]
R1 cbfs3;cbfs3;C:\WINDOWS\System32\Drivers\cbfs3.sys [2012-12-13 352456]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-12-13 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\WINDOWS\System32\BtwRSupportService.exe [2011-12-15 2246184]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-13 168384]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-11-5 191488]
R2 WyseRemoteAccess;Wyse Remote Access;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [2012-11-5 1436160]
R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2012-12-13 98472]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\Drivers\bcbtums.sys [2012-1-27 134696]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\Drivers\BthA2DP.sys [2012-7-25 116352]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\Drivers\BthHfAud.sys [2012-7-25 30720]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\WINDOWS\System32\Drivers\EtronHub3.sys [2012-12-13 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\WINDOWS\System32\Drivers\EtronXHCI.sys [2012-12-13 88832]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-13 30528]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\Drivers\usbfilter.sys [2012-12-13 57000]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-7-25 30208]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-13 25640]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-12-13 160256]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\WINDOWS\System32\Drivers\MijXfilt.sys [2012-12-14 115272]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2012-12-17 00:38:56 -------- d-----w- C:\WINDOWS\System32\appmgmt
2012-12-16 18:42:27 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD5C4D67-9192-40BC-B3A1-201C38914F61}\mpengine.dll
2012-12-16 01:09:39 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2012-12-16 01:09:39 677888 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2012-12-16 01:09:39 673280 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2012-12-16 01:09:39 1172992 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2012-12-16 01:09:38 568832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2012-12-16 01:09:38 513024 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2012-12-16 01:09:37 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2012-12-16 01:09:37 1048064 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2012-12-15 23:13:12 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-12-15 22:13:54 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-12-15 21:30:25 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\WysePocketCloud
2012-12-15 21:30:11 -------- d-----w- C:\Program Files (x86)\Wyse
2012-12-15 17:42:21 -------- d-----w- C:\Users\wreko_000\AppData\Local\Macromedia
2012-12-15 04:16:04 -------- d-----w- C:\Users\wreko_000\AppData\Local\GlobalSCAPE
2012-12-15 04:16:04 -------- d-----w- C:\ProgramData\GlobalSCAPE
2012-12-15 04:13:54 -------- d-----w- C:\Program Files (x86)\GlobalSCAPE
2012-12-15 03:31:56 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\iGetter
2012-12-15 02:52:43 -------- d-----w- C:\Program Files\FileBot
2012-12-15 02:03:30 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\FileBot
2012-12-14 21:44:19 -------- d-----w- C:\WINDOWS\SysWow64\directx
2012-12-14 21:20:38 74960 ----a-w- C:\WINDOWS\System32\drivers\xusb21.sys
2012-12-14 21:20:38 328712 ----a-w- C:\WINDOWS\System32\MijFrc.dll
2012-12-14 21:20:38 1721576 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01009.dll
2012-12-14 21:20:38 115272 ----a-w- C:\WINDOWS\System32\drivers\MijXfilt.sys
2012-12-14 21:20:38 -------- d-----w- C:\Program Files\MotioninJoy
2012-12-14 20:20:31 -------- d-----w- C:\Users\wreko_000\AppData\Local\Mozilla
2012-12-14 20:19:01 517960 ----a-w- C:\WINDOWS\System32\XAudio2_5.dll
2012-12-14 20:19:01 515416 ----a-w- C:\WINDOWS\SysWow64\XAudio2_5.dll
2012-12-14 20:19:00 5554512 ----a-w- C:\WINDOWS\System32\d3dcsx_42.dll
2012-12-14 20:19:00 5501792 ----a-w- C:\WINDOWS\SysWow64\d3dcsx_42.dll
2012-12-14 20:19:00 2582888 ----a-w- C:\WINDOWS\System32\D3DCompiler_42.dll
2012-12-14 20:19:00 238936 ----a-w- C:\WINDOWS\SysWow64\xactengine3_5.dll
2012-12-14 20:19:00 1974616 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_42.dll
2012-12-14 20:19:00 176968 ----a-w- C:\WINDOWS\System32\xactengine3_5.dll
2012-12-14 07:37:16 -------- d-----w- C:\Users\wreko_000\Bitcasa
2012-12-14 07:37:16 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\com.bitcasa.Bitcasa
2012-12-14 07:37:14 352456 ----a-w- C:\WINDOWS\System32\drivers\cbfs3.sys
2012-12-14 07:37:14 223760 ----a-w- C:\WINDOWS\SysWow64\CbFsNetRdr3.dll
2012-12-14 07:37:14 190480 ----a-w- C:\WINDOWS\System32\CbFsMntNtf3.dll
2012-12-14 07:37:14 158224 ----a-w- C:\WINDOWS\SysWow64\CbFsMntNtf3.dll
2012-12-14 07:37:14 141328 ----a-w- C:\WINDOWS\System32\CbFsNetRdr3.dll
2012-12-14 07:37:12 -------- d-----w- C:\Program Files\Bitcasa
2012-12-14 07:33:20 -------- d-----w- C:\Google Nexus 7 ToolKit
2012-12-14 07:31:54 -------- d-----w- C:\Program Files\MPC-HC
2012-12-14 07:27:41 -------- d-----w- C:\Program Files\MediaInfo
2012-12-14 07:27:01 -------- d-----w- C:\Program Files (x86)\WinDirStat
2012-12-14 07:26:38 -------- d-----w- C:\Program Files\Unlocker
2012-12-14 07:17:19 821736 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2012-12-14 07:17:19 746984 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2012-12-14 07:17:17 95208 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2012-12-14 07:02:53 53248 ----a-w- C:\Users\wreko_000\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-14 07:02:48 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys
2012-12-14 06:58:17 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\Unified Remote
2012-12-14 06:58:14 -------- d-----w- C:\Program Files (x86)\Unified Remote
2012-12-14 06:53:49 -------- d-----w- C:\Users\wreko_000\AppData\Local\Plex
2012-12-14 06:53:34 2106216 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_43.dll
2012-12-14 06:53:34 1998168 ----a-w- C:\WINDOWS\SysWow64\D3DX9_43.dll
2012-12-14 06:44:00 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-14 06:43:55 17272 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2012-12-14 06:43:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-14 06:43:05 -------- d-----w- C:\Users\wreko_000\AppData\Local\Programs
2012-12-14 06:42:41 -------- d-----w- C:\Users\wreko_000\AppData\Local\Plex Media Server
2012-12-14 06:42:41 -------- d-----w- C:\Users\wreko_000\AppData\Local\Apple Computer
2012-12-14 06:42:41 -------- d-----w- C:\ProgramData\boost_interprocess
2012-12-14 06:42:20 -------- d-----w- C:\Program Files (x86)\Plex
2012-12-14 06:41:55 -------- d-----w- C:\Program Files\Bonjour
2012-12-14 06:41:55 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-12-14 06:41:05 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\IrfanView
2012-12-14 06:41:04 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-12-14 06:36:36 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-12-14 06:36:35 -------- d-----w- C:\Program Files (x86)\Steam
2012-12-14 06:35:48 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\MotioninJoy
2012-12-14 06:33:39 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\mIRC
2012-12-14 06:33:39 -------- d-----w- C:\Program Files (x86)\mIRC
2012-12-14 06:32:54 -------- d-----w- C:\Program Files (x86)\Mp3tag
2012-12-14 06:28:42 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-12-14 06:20:56 1892184 ----a-w- C:\WINDOWS\SysWow64\D3DX9_42.dll
2012-12-14 06:20:55 2414360 ----a-w- C:\WINDOWS\SysWow64\d3dx9_31.dll
2012-12-14 06:20:41 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-12-14 06:15:08 -------- d-----w- C:\Users\wreko_000\AppData\Local\Diagnostics
2012-12-14 05:55:02 -------- d-----w- C:\Program Files (x86)\Trendnet
2012-12-14 05:52:45 -------- d-sh--w- C:\Users\wreko_000\AppData\Roaming\Common
2012-12-14 05:50:39 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2012-12-14 05:42:23 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2012-12-14 05:42:23 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2012-12-14 05:42:23 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2012-12-14 05:42:23 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2012-12-14 05:42:23 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2012-12-14 05:42:23 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2012-12-14 04:55:33 -------- d-----w- C:\Users\wreko_000\AppData\Local\Apps
2012-12-14 04:10:58 -------- d-----w- C:\Users\wreko_000\AppData\Roaming\Dropbox
2012-12-14 03:44:40 25640 ----a-w- C:\WINDOWS\etdrv.sys
2012-12-14 03:43:53 30528 ----a-w- C:\WINDOWS\GVTDrv64.sys
2012-12-14 03:39:30 -------- d-----w- C:\Program Files\Classic Shell
2012-12-14 03:34:09 -------- d-----w- C:\Intel
2012-12-14 03:34:05 -------- d-----w- C:\Program Files (x86)\AMD
2012-12-14 03:17:31 -------- d-----w- C:\Users\wreko_000\AppData\Local\AMD
2012-12-14 03:17:26 -------- d-----w- C:\Users\wreko_000\AppData\Local\ATI
2012-12-14 03:15:51 -------- d-----w- C:\Program Files (x86)\Etron Technology
2012-12-14 03:13:14 88832 ----a-w- C:\WINDOWS\System32\drivers\EtronXHCI.sys
2012-12-14 03:13:14 65152 ----a-w- C:\WINDOWS\System32\drivers\EtronHub3.sys
2012-12-14 03:10:51 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-12-14 03:10:51 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-12-14 03:10:49 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-12-14 03:10:46 57000 ----a-w- C:\WINDOWS\System32\drivers\usbfilter.sys
2012-12-14 03:10:35 -------- d-----w- C:\ProgramData\AMD
2012-12-14 03:10:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-12-14 03:10:16 -------- d-----w- C:\Program Files\ATI
2012-12-14 03:05:13 -------- d-----w- C:\Program Files\ATI Technologies
2012-12-14 03:03:55 641536 ----a-w- C:\WINDOWS\System32\WSShared.dll
2012-12-14 03:02:05 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-12-14 03:00:07 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2012-12-14 02:58:25 101376 ----a-w- C:\WINDOWS\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-12-14 02:47:01 31272 ----a-w- C:\WINDOWS\System32\AppleChargerSrv.exe
2012-12-14 02:47:01 22680 ----a-w- C:\WINDOWS\System32\drivers\AppleCharger.sys
2012-12-14 02:47:01 -------- d-----w- C:\Program Files\GIGABYTE
2012-12-14 02:47:01 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2012-12-14 02:46:57 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-12-14 02:46:57 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-12-14 02:46:57 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-12-14 02:46:57 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-12-14 02:46:57 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-12-14 02:46:57 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-14 02:46:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-12-14 02:46:57 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-12-14 02:46:57 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-12-14 02:39:51 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-12-14 02:39:41 -------- d-----w- C:\Program Files (x86)\LastPass
2012-12-14 02:30:33 25640 ----a-w- C:\WINDOWS\gdrv.sys
2012-12-14 02:30:11 -------- d-----w- C:\Users\wreko_000\AppData\Local\Google
2012-12-14 02:20:43 279656 ------w- C:\WINDOWS\System32\MpSigStub.exe
2012-12-14 02:19:32 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2012-12-14 02:19:32 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2012-12-14 02:19:32 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2012-12-14 02:19:32 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2012-12-14 02:19:31 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2012-12-14 02:19:31 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2012-12-14 02:19:17 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
2012-12-14 02:19:17 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll
2012-12-14 02:18:40 94208 ----a-w- C:\WINDOWS\System32\synceng.dll
2012-12-14 02:18:40 72192 ----a-w- C:\WINDOWS\SysWow64\synceng.dll
2012-12-14 02:18:39 4056576 ----a-w- C:\WINDOWS\System32\win32k.sys
2012-12-14 02:18:39 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2012-12-14 02:18:39 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
2012-12-14 02:14:58 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-12-14 02:04:44 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2012-12-14 02:03:58 -------- d-----w- C:\Windows.old
2012-12-14 01:56:36 -------- d-----w- C:\WINDOWS\Panther
2012-12-14 00:48:42 -------- d--h--r- C:\ESD
2012-12-14 00:11:44 -------- d-sh--w- C:\Recovery
2012-12-13 23:57:03 -------- d-sh--w- C:\Boot
.
==================== Find3M ====================
.
2012-11-29 23:06:06 80736 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2012-11-29 23:06:06 695648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2012-11-28 04:21:17 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2012-11-20 08:00:23 6971624 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\WINDOWS\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\WINDOWS\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\WINDOWS\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\WINDOWS\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\WINDOWS\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\WINDOWS\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2012-11-13 04:19:14 707584 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2012-11-13 04:19:14 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2012-11-08 04:25:36 523776 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\WINDOWS\SysWow64\dciman32.dll
2012-11-08 04:23:55 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2012-11-08 04:22:20 198656 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\WINDOWS\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\WINDOWS\System32\dciman32.dll
2012-11-08 04:20:26 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
2012-11-08 04:02:16 3072 ----a-w- C:\WINDOWS\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\WINDOWS\SysWow64\lpk.dll
2012-11-08 04:00:59 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
2012-11-08 04:00:11 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2012-11-08 01:56:52 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2012-11-06 07:52:07 445160 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2012-11-06 07:36:14 96488 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2012-11-06 07:35:34 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2012-11-06 07:35:31 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2012-11-06 07:33:46 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\WINDOWS\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2012-11-06 04:54:13 2205696 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\WINDOWS\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2012-11-06 04:17:58 110080 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2012-11-06 04:17:44 718848 ----a-w- C:\WINDOWS\System32\BFE.DLL
2012-11-06 04:17:43 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2012-11-06 04:17:42 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2012-11-06 04:17:41 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2012-11-06 04:17:35 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2012-11-06 04:17:33 322560 ----a-w- C:\WINDOWS\System32\aaclient.dll
2012-11-06 04:17:32 212992 ----a-w- C:\WINDOWS\System32\bthprops.cpl
2012-11-06 04:00:44 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
2012-11-06 04:00:17 16384 ----a-w- C:\WINDOWS\System32\iscsilog.dll
2012-11-06 03:58:53 9728 ----a-w- C:\WINDOWS\System32\wlanhlp.dll
2012-11-06 03:56:35 9728 ----a-w- C:\WINDOWS\SysWow64\wlanhlp.dll
2012-11-06 03:55:44 22528 ----a-w- C:\WINDOWS\System32\drivers\fxppm.sys
2012-11-06 03:55:09 212992 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2012-11-06 03:55:02 90624 ----a-w- C:\WINDOWS\System32\drivers\amdk8.sys
2012-11-06 03:55:02 89088 ----a-w- C:\WINDOWS\System32\drivers\intelppm.sys
2012-11-06 03:55:02 88064 ----a-w- C:\WINDOWS\System32\drivers\amdppm.sys
2012-11-06 03:55:02 87552 ----a-w- C:\WINDOWS\System32\drivers\processr.sys
2012-11-06 03:54:40 74752 ----a-w- C:\WINDOWS\System32\drivers\BTHUSB.SYS
2012-11-06 03:54:09 859136 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2012-11-06 03:53:56 51712 ----a-w- C:\WINDOWS\System32\drivers\bthenum.sys
2012-11-06 03:53:44 560640 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2012-11-06 03:53:12 1171968 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
2012-11-06 03:52:49 366080 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2012-11-06 03:51:47 665600 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2012-11-03 05:26:40 34816 ----a-w- C:\WINDOWS\System32\dpnsvr.exe
2012-11-03 05:26:12 32256 ----a-w- C:\WINDOWS\SysWow64\dpnsvr.exe
2012-11-03 05:24:34 8192 ----a-w- C:\WINDOWS\SysWow64\dpnhupnp.dll
2012-11-03 05:24:34 8192 ----a-w- C:\WINDOWS\SysWow64\dpnhpast.dll
2012-11-03 05:24:34 58880 ----a-w- C:\WINDOWS\SysWow64\dpnathlp.dll
2012-11-03 05:24:34 375808 ----a-w- C:\WINDOWS\SysWow64\dpnet.dll
2012-11-03 05:24:11 9216 ----a-w- C:\WINDOWS\System32\dpnhupnp.dll
2012-11-03 05:24:11 9216 ----a-w- C:\WINDOWS\System32\dpnhpast.dll
2012-11-03 05:24:11 67584 ----a-w- C:\WINDOWS\System32\dpnathlp.dll
2012-11-03 05:24:11 463872 ----a-w- C:\WINDOWS\System32\dpnet.dll
2012-11-03 05:04:21 4096 ----a-w- C:\WINDOWS\System32\dpnlobby.dll
2012-11-03 05:04:19 3584 ----a-w- C:\WINDOWS\System32\dpnaddr.dll
.
============= FINISH: 16:57:16.54 ===============

Robybel
2012-12-21, 07:25
Hi and Welcome!! wrekone :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please be adviced, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! :bigthumb:

Robybel
2012-12-22, 19:34
Hi Wrekone :)

On your machine, is installed the new Windows 8, and many of our tools will not run on windows 8.

Our developers are working to create new tools to work on this OS.

I'm afraid it's time to face the facts and use reformat option, and never install pirated programs on it

wrekone
2012-12-22, 19:51
I'm ok with that. To be honest, it's been torture waiting for help when I knew I could fix it with a wipe. The system's only a couple weeks old, so it's not a big setback. For reference, did you find any obvious problems in my log? I have several external storage drives that I am not going to wipe under any circumstance and I'd like to know if they are a likely source of reinfection after I wipe.

Robybel
2012-12-23, 01:16
Hi wrekone ;)



I'm ok with that.Very good!



To be honest, it's been torture waiting for help when I knew I could fix it with a wipe.We are all volunteers, so sometimes it takes a couple of days to receive a reply


For reference, did you find any obvious problems in my log? There was nothing obvious in the log, however, these tools are not designed to work on Windows8 so if there was something hidden on your machine, it may not show up in the logs




I have several external storage drives that I am not going to wipe under any circumstance
There is a possibility that some of the files on your external drive could be infected, especially if they are pirated programs, torrents or obtained via peer to peer, I suggest running the ESET on-line scan on your external drives and deleting any infected files it finds or you will just keep re-infecting your system when you plug in an infected external drive

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://www.eset.com/online-scanner-popup/)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png




and I'd like to know if they are a likely source of reinfection after I wipe.
If you practice safe surfing and stay away from cracks, keygens and other sketchy sources, then you should be ok, here is an article that may be of some assistance to you

So how did I get infected in the first place? (http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place/)

Robybel
2012-12-26, 21:31
Still with me?

wrekone
2012-12-27, 09:04
I'm still here. I didn't realize that we weren't done.

Robybel
2012-12-28, 18:55
Hi wrekone;)

I was wondering how it went with the ESET scan, or if you have reformatted and is everything OK now? :bigthumb:

wrekone
2012-12-29, 05:17
I did the ESET scan after uninstalling the software I referenced in my earlier post. It came up completely clean but Defender was still borked. I did a refresh after backing up my user data. I was a little worried that my user data may have been infected, but a scan after refresh with Defender, Malwarebytes, and Super Anti Spyware showed it to be fine. Cool thing about refresh is my user data was kept intact so I didn't even have to use my backups. Everything works fine now. I'm not very pleased with the way Win 8 handles a lot of things, but refresh was refreshingly easy. :D:

Robybel
2012-12-29, 16:44
Hi wrekone ;)

Very good job :) I'm very happy. ;)

I will mark this thread as solved.

Happy new year, wrekone :present: