[A] Window has encountered a critical problem and will restart automatically in one minute

Inactive
By shadowmen124
Jul 28, 2012
Topic Status:
Not open for further replies.
  1. Hi, I think its a virus, because my microsoft security essential keeps on detecting the sirefef virus and whenever I remove it, it will still appear and will show the message "Window has encountered a critical problem and will restart automatically in one minute" I have done the farbar recovery scan. I will attach the log file. And I have also done scanning using MalwareBytes I will attach the log file too. I have tried system restore point.. It still doesnt work, it can only work when I go into safe mode in my laptop. And also I have attach my computer's specs log too. Hope to get your reply soon. Thanks!

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Please read forum rules: http://www.techspot.com/community/topics/read-this-or-you-might-not-get-help.182638/
  3. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    Hi again, here is the log for malware Bytes:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.02

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    Ryuu :: RYUU-PC [administrator]

    29/7/2012 2:22:19 PM
    mbam-log-2012-07-29 (14-22-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 262159
    Time elapsed: 4 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 11
    HKCR\Typelib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I WANT THIS (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

    Files Detected: 9
    C:\Users\Ryuu\AppData\Roaming\apntsb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Administrator\Desktop\GX_HP_AP_TRAINER_V1.2.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Users\Ryuu\AppData\Roaming\SkyrimLauncher.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Ryuu\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

    (end)

    The Gmer log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-29 15:14:13
    Windows 6.1.7601 Service Pack 1
    Running: mst6egvp.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9f8c9ac
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x42 0x29 0xC7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1F 0x43 0x8A 0x62 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE3 0x76 0xDA 0xB8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE6 0x16 0x15 0x26 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x06 0xB0 0x73 0x99 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x3F 0x2F 0x08 0xC7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x3F 0x2F 0x08 0xC7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xA8 0x4D 0xEB 0x8F ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9f8c9ac (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x42 0x29 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1F 0x43 0x8A 0x62 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE3 0x76 0xDA 0xB8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE6 0x16 0x15 0x26 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x06 0xB0 0x73 0x99 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x3F 0x2F 0x08 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x3F 0x2F 0x08 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xA8 0x4D 0xEB 0x8F ...

    ---- EOF - GMER 1.0.15 ----

    The DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Ryuu at 15:21:03 on 2012-07-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8044.6929 [GMT 8:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=0a9026c700000000000002004c4f4f50
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={BF131707-A10F-11E1-9CB4-B870F4AA8650}
    uInternet Settings,ProxyServer = proxy.trueinternet.co.th:8080
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    uURLSearchHooks: UsProvider Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - C:\Program Files (x86)\Minibar\Minibar.dll
    uURLSearchHooks: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
    mURLSearchHooks: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: VideoFileDownload: {0931bd3f-547e-45c1-b133-d0e995645dba} - C:\Program Files (x86)\OApps\bho_project.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Minibar.dll
    BHO: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB: Show Xmlbar Toolbar: {6b896adb-4a82-46e2-858c-13134782ce34} - C:\Program Files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll
    TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
    TB: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Google Update] "C:\Users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\Users\Ryuu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
    IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
    IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: Download with Xilisoft Online Video Downloader - C:\Program Files (x86)\Xilisoft\Online Video Downloader\upod_link.HTM
    IE: Download with Xilisoft YouTube Video Converter - C:\Program Files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    LSP: mswsock.dll
    DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{85E57DC0-DA1F-48FF-A109-B0B9AAE0727E} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{85E57DC0-DA1F-48FF-A109-B0B9AAE0727E}\25975757 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{85E57DC0-DA1F-48FF-A109-B0B9AAE0727E}\3594E4744554C4D233638373 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{F16D49FC-A893-4B5D-AA61-4E03F53C5BB1} : DhcpNameServer = 192.168.42.129
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: VideoFileDownload: {0931BD3F-547E-45C1-B133-D0E995645DBA} - C:\Program Files (x86)\OApps\bho_project.dll
    BHO-X64: BHO_PROJECT - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
    BHO-X64: Web Assistant Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll
    BHO-X64: MinibarBHO - No File
    BHO-X64: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
    BHO-X64: FreeMake - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO-X64: SWEETIE - No File
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB-X64: Show Xmlbar Toolbar: {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll
    TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB-X64: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
    TB-X64: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    IE-X64: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ryuu\AppData\Roaming\Mozilla\Firefox\Profiles\8ztbwxdo.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll
    FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
    FF - plugin: C:\Users\Ryuu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Ryuu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extentions.y2layers.installId - 17eb04dd-eb6e-43d4-b51e-557eefece8b2
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    .
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.BabylonToolbar_i.hardId - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15489
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:27:44
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQAB82eZf&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.incredibar_i.instlDay - 15507
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:34:02
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQAB82eZf
    FF - user.js: extensions.incredibar_i.upn2n - 92543067446074589
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 36
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\drivers\b57xdbd.sys --> C:\Windows\system32\drivers\b57xdbd.sys [?]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\drivers\b57xdmp.sys --> C:\Windows\system32\drivers\b57xdmp.sys [?]
    R3 bScsiMSa;bScsiMSa;C:\Windows\system32\drivers\bScsiMSa.sys --> C:\Windows\system32\drivers\bScsiMSa.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
    S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
    S2 MSSQL$DRAGONICA;SQL Server (DRAGONICA);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe [2011-6-17 43040096]
    S2 RelevantKnowledge;RelevantKnowledge; [x]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
    S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    S3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
    S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-6-26 23816]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S3 SRS_AE_Service;SRS Audio Essentials;C:\Windows\system32\drivers\SRS_AE_amd64.sys --> C:\Windows\system32\drivers\SRS_AE_amd64.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-5-20 661600]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-24 250056]
    S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-3-20 490840]
    S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-21 353360]
    S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-11-8 872552]
    S4 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
    S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-18 29696]
    S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-21 13592]
    S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-21 244624]
    S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
    S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
    S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
    S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-12 1262400]
    S4 SQLAgent$DRAGONICA;SQL Server Agent (DRAGONICA);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 370016]
    S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-8 2656280]
    S4 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
    S4 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-6-16 185856]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-29 06:31:09 328704 ----a-w- C:\Windows\System32\services.exe.B25ED5FF07112164
    2012-07-29 06:30:13 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\offreg.dll
    2012-07-29 06:16:20 328704 ----a-w- C:\Windows\System32\services.exe.ABD0E22A81008886
    2012-07-29 06:10:41 328704 ----a-w- C:\Windows\System32\services.exe.04DD8A8E342C08BB
    2012-07-29 06:01:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-29 05:54:03 328704 ----a-w- C:\Windows\System32\services.exe.66F487C048984A95
    2012-07-29 04:36:07 -------- d-----w- C:\FRST
    2012-07-28 23:29:47 328704 ----a-w- C:\Windows\System32\services.exe.869D5BCC9E8E983A
    2012-07-28 12:28:58 328704 ----a-w- C:\Windows\System32\services.exe.38BB1D571143E4D0
    2012-07-28 09:52:23 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Malwarebytes
    2012-07-28 09:52:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-28 09:52:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 09:34:39 -------- d-----w- C:\d51ee645f6d2af991e9c9d0cf0e4
    2012-07-28 09:20:37 -------- d-----w- C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
    2012-07-28 08:46:26 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Systweak
    2012-07-28 08:45:09 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
    2012-07-28 07:53:33 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\mpengine.dll
    2012-07-28 07:51:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-07-28 07:51:41 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-07-27 05:10:12 0 ----a-w- C:\Windows\SysWow64\shoC467.tmp
    2012-07-25 15:28:19 0 ----a-w- C:\Windows\SysWow64\shoCA95.tmp
    2012-07-24 14:39:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-24 14:39:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-24 05:26:00 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-07-24 05:25:37 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-23 09:16:33 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
    2012-07-23 08:22:36 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\FALCOM
    2012-07-23 07:53:26 -------- d-----w- C:\ProgramData\RELOADED
    2012-07-23 07:50:03 -------- d-----w- C:\Program Files (x86)\Ys Origin
    2012-07-21 09:21:26 -------- d-----w- C:\Users\Ryuu\AppData\Local\Activision
    2012-07-21 07:11:23 -------- d-----w- C:\Program Files (x86)\Activision
    2012-07-20 09:55:10 -------- d-----w- C:\Program Files (x86)\OApps
    2012-07-20 09:55:09 -------- d-----w- C:\Program Files (x86)\TorrentSearch
    2012-07-20 09:55:02 -------- d-----w- C:\Program Files (x86)\smartdl
    2012-07-20 09:43:00 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
    2012-07-20 09:37:48 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2012-07-20 07:59:11 9267008 ----a-w- C:\Users\Ryuu\RelicCOH.exe
    2012-07-20 07:59:11 -------- d-----w- C:\Users\Ryuu\validators
    2012-07-19 11:37:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-18 09:52:28 359424 ----a-w- C:\Users\Ryuu\Steamclient.dll
    2012-07-18 09:52:28 18679808 ----a-w- C:\Users\Ryuu\SpecOpsTheLine.exe
    2012-07-18 09:52:27 124296 ----a-w- C:\Users\Ryuu\steam_api.dll
    2012-07-18 09:50:08 -------- d-sh--w- C:\Windows\ftpcache
    2012-07-18 09:47:12 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Spec Ops The Line
    2012-07-18 09:19:09 -------- d-----w- C:\Program Files (x86)\R.G. Mechanics
    2012-07-16 13:27:08 0 ----a-w- C:\Windows\SysWow64\sho29FA.tmp
    2012-07-16 10:39:28 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
    2012-07-16 10:39:23 -------- d-----w- C:\Users\Ryuu\AppData\Local\Wondershare
    2012-07-16 10:39:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
    2012-07-16 01:03:42 184891 ----a-w- C:\torrent.exe
    2012-07-14 05:27:01 -------- d-----w- C:\Program Files (x86)\JoWooD Entertainment AG
    2012-07-13 11:16:49 0 ----a-w- C:\Windows\SysWow64\sho933A.tmp
    2012-07-13 10:47:12 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-13 10:35:24 -------- d-----w- C:\Windows\SysWow64\NV
    2012-07-13 10:35:24 -------- d-----w- C:\Windows\System32\NV
    2012-07-12 14:25:07 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-07-12 14:25:07 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll
    2012-07-12 14:25:07 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-07-12 14:25:07 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-07-12 14:25:07 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
    2012-07-12 14:25:07 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-07-12 14:25:07 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-07-12 14:25:07 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-07-12 14:25:07 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-07-12 14:24:46 68928 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-07-12 14:24:46 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-07-12 14:24:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-07-11 06:55:03 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-11 06:55:03 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-07-11 06:55:03 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-07-11 06:55:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2012-07-11 06:55:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2012-07-11 06:55:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-07-07 13:34:46 73568 ----a-w- C:\Windows\SysWow64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
    2012-07-07 13:02:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-07 13:02:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-07 12:47:54 -------- d-----w- C:\Program Files (x86)\THQ
    2012-07-04 09:12:41 0 ----a-w- C:\Windows\SysWow64\sho456C.tmp
    2012-06-30 12:04:28 0 ----a-w- C:\Windows\SysWow64\sho7BBD.tmp
    .
    ==================== Find3M ====================
    .
    2012-07-12 11:00:02 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-08 06:09:46 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-08 06:09:46 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-05 14:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-03 11:30:23 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-29 05:54:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-06-27 09:03:32 0 ----a-w- C:\Windows\SysWow64\shoC66B.tmp
    2012-06-21 08:37:14 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe
    2012-06-21 08:29:47 0 ----a-w- C:\Windows\SysWow64\sho5254.tmp
    2012-06-20 14:00:30 0 ----a-w- C:\Windows\SysWow64\sho6748.tmp
    2012-06-20 02:11:47 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-06-20 02:11:47 839096 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-06-16 03:25:33 0 ----a-w- C:\Windows\SysWow64\sho5BF6.tmp
    2012-06-16 01:04:45 0 ----a-w- C:\Windows\SysWow64\sho40F7.tmp
    2012-06-12 18:22:41 0 ----a-w- C:\Windows\SysWow64\sho4E24.tmp
    2012-06-11 18:52:46 0 ----a-w- C:\Windows\SysWow64\sho21D3.tmp
    2012-06-10 16:21:59 21504 ----a-w- C:\Windows\jestertb.dll
    2012-06-07 08:53:45 0 ----a-w- C:\Windows\SysWow64\shoB6C2.tmp
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-05 19:24:30 0 ----a-w- C:\Windows\SysWow64\sho9A96.tmp
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 07:29:40 0 ----a-w- C:\Windows\SysWow64\shoA952.tmp
    2012-06-02 07:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 07:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 04:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-30 18:16:22 0 ----a-w- C:\Windows\SysWow64\shoEDD8.tmp
    2012-05-27 18:48:47 0 ----a-w- C:\Windows\SysWow64\shoE7B0.tmp
    2012-05-26 12:54:23 0 ----a-w- C:\Windows\SysWow64\sho7087.tmp
    2012-05-25 19:23:04 0 ----a-w- C:\Windows\SysWow64\shoA67C.tmp
    2012-05-20 07:06:23 0 ----a-w- C:\Windows\SysWow64\sho3109.tmp
    2012-05-20 06:15:43 661600 ----a-w- C:\Windows\SysWow64\xsherlock.xem
    2012-05-11 06:46:06 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
    2012-05-10 10:55:15 0 ----a-w- C:\Windows\SysWow64\shoF70B.tmp
    2012-05-07 07:45:13 0 ----a-w- C:\Windows\SysWow64\shoA1CC.tmp
    2012-05-05 07:03:09 0 ----a-w- C:\Windows\SysWow64\sho25DC.tmp
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-04 07:04:04 421888 ----a-w- C:\Windows\SysWow64\RealMediaSplitter.ax
    2012-05-04 07:04:00 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2010-01-26 03:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
    .
    ============= FINISH: 15:21:48.87 ===============
  4. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    The Attach Log:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/11/2011 4:53:09 PM
    System Uptime: 29/7/2012 2:32:27 PM (1 hours ago)
    .
    Motherboard: Acer | | JV51_HR
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 1995/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 59.07 GiB free.
    D: is FIXED (NTFS) - 224 GiB total, 43.26 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    H: is CDROM ()
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd
    .
    ==== System Restore Points ===================
    .
    RP325: 27/7/2012 6:35:02 PM - Installed Microsoft Fix it 50267
    RP327: 28/7/2012 3:54:31 PM - Microsoft Antimalware Checkpoint
    RP329: 28/7/2012 8:12:23 PM - Microsoft Antimalware Checkpoint
    RP331: 28/7/2012 8:26:12 PM - Microsoft Antimalware Checkpoint
    .
    ==== Installed Programs ======================
    .
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    オTorrent
    1ClickDownloader
    4Media FLV to MP4 Converter
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Action Replay Code Manager
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3) MUI
    Adobe Shockwave Player 11.6
    Advanced SystemCare 5
    Akamai NetSession Interface
    ALTools Update
    android converter
    Any Flv Converter 2.7.0
    AnyDVD
    Apple Application Support
    Assassin's Creed Brotherhood
    AVS Screen Capture version 2.0.1
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS Video Recorder 2.4
    AVS Video ReMaker 4.0.8.140
    AVS4YOU Software Navigator 1.4
    Babylon toolbar on IE
    BabylonObjectInstaller
    Backup Manager V3
    Bandisoft MPEG-1 Decoder
    Bing Bar
    BufferChm
    Bus Driver 1.5
    Bus Simulator
    Bus Simulator 2008 Demo
    Call of Duty: Black Ops
    CamStudio OSS Desktop Recorder
    Cheat Engine 6.1
    Cheat Engine 6.2
    clear.fi
    clear.fi Client
    Company of Heroes
    Company of Heroes - FAKEMSI
    Copy
    D3DX10
    DAEMON Tools Pro
    Debut Video Capture Software
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    Divine Souls
    DivX Setup
    DJ_AIO_03_F2200_Software_Min
    Dolby Advanced Audio v2
    Download Accelerator Plus (DAP)
    Dragon Nest SEA
    DSL Speed V7.1
    DVD43 Plug-in v1.0.0.5
    eBay Worldwide
    Efficient Calendar Free 3.0
    Eligium
    Express Burn Disc Burning Software
    Express Rip
    F2200
    Facebook Messenger 2.1.4590.0
    Facebook Video Calling 1.2.0.159
    File Type Assistant
    FilesFrog Update Checker
    Final Media Player 2011
    FLV Downloader(xmlbar)(remove only)
    FLV Player
    Forsaken World Halcyon
    Free Video to MP3 Converter version 5.0.10.423
    FreeMake Toolbar
    Freemake Video Converter version 3.0.2
    Game Booster 3
    GAMEVIL
    Garena Plus
    Gears of War
    GetFLV 9.0.6.3
    Gmaniac Dragonica 1.01
    Google Chrome
    Google SketchUp Pro 8
    GPBaseService2
    Graboid Video 3.1
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Identity Card
    Incredibar Toolbar on IE
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Internet Download Manager
    InterVideo DeviceService
    IPU RustyHearts
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Junk Mail filter update
    K-Lite Codec Pack 7.9.0 (Full)
    Kingdoms of Amalur Reckoning
    Launch Manager
    Lavalon Dragonica
    LG United Mobile Driver
    LG USB WML Modem Driver
    Lion Skin Pack 3.0
    LogonStudio
    Magic DVD Ripper V6.0.2
    Malwarebytes Anti-Malware version 1.62.0.1300
    MapleStory
    MarketResearch
    Mass Effect 3 N7 Collector's Edition DLC
    Mass Effect・3
    MegaTrainer eXperience V1.0.2.8
    Mesh Runtime
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2010
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    MID Converter 4.2
    MKV Player 2.0.1
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL Tools for 5.0
    Need for Speed・The Run
    newsXpresso
    Nexon Game Manager
    Norton Online Backup
    NTI Media Maker 9
    NVIDIA PhysX
    Pando Media Booster
    PC Wizard 2012.2.0
    PhotoPad Image Editor
    PhotoStage Slideshow Producer
    Pixillion Image Converter
    PlayDGN version 2.1.11
    Prism Video File Converter
    PunkBuster Services
    Puzzle Pirates
    QuickTime
    Rainmeter
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Replay Media Catcher 4 (4.4.1)
    RGF HotSpot version 0.6b
    Righteous ROSE Online
    ROCCAT Pyra Mouse Driver
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Service Pack 1 for SQL Server 2008 R2 (KB2528583)
    Shutdown Timer
    Skype・5.3
    SmartWebPrinting
    SolutionCenter
    Spec Ops The Line
    SpeedBit Video Accelerator
    SQL Server 2008 R2 SP1 Common Files
    SQL Server 2008 R2 SP1 Database Engine Services
    SQL Server 2008 R2 SP1 Database Engine Shared
    SQL Server 2008 R2 SP1 Management Studio
    Sql Server Customer Experience Improvement Program
    SRose Online
    Status
    Steam
    Stellar Phoenix Photo Recovery
    SweetIM for Messenger 3.6
    SweetPacks Toolbar for Internet Explorer 4.6
    swMSM
    Synthesia (remove only)
    System Requirements Lab CYRI
    Tipard MKV Video Converter
    Tom Clancy's Ghost Recon Future Soldier
    Toolbox
    TrayApp
    Ubisoft Game Launcher
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Update Manager for SweetPacks 1.0
    VC80CRTRedist - 8.0.50727.6195
    VDownloader 3.9.1195
    Veoh Giraffic Video Accelerator
    Veoh Web Player
    Video Download Button
    Video Download Toolbar 2.6.0.0
    VideoFileDownload
    VideoPad Video Editor
    Virtual Villagers - New Believers Just For Fun Games
    Virtual Villagers 4 - The Tree of Life
    VLC media player 1.0.1
    vReveal
    vReveal 3
    WavePad Sound Editor
    WebReg
    WEBZEN Browser Extension
    Welcome Center
    WIDI Recognition System Pro 4.11 (remove only)
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinPcap 4.1.1
    WolfTeam International
    Wondershare DVD Ripper Platinum(Build 4.4.7.0)
    Wondershare Video Converter Ultimate(Build 5.7.5.4)
    Xham downloader
    Xilisoft HD Video Converter 6
    Xilisoft Online Video Downloader
    Xilisoft Video Converter Standard
    Xilisoft YouTube Video Converter
    Xvid Video Codec
    Yinyuetai Downloader(xmlbar)(remove only)
    YourFileDownloader
    Youtube Downloader HD v. 2.6
    Youtube to MP3 Converter v. 1.4
    Ys Origin version 1
  5. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    ==== Event Viewer Messages From Past Week ========
    .
    29/7/2012 7:33:18 AM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    29/7/2012 7:33:18 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: A dynamic link library (DLL) initialization routine failed.
    29/7/2012 7:29:46 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:34:23 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    29/7/2012 2:34:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    29/7/2012 2:34:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    29/7/2012 2:34:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    29/7/2012 2:34:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    29/7/2012 2:33:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    29/7/2012 2:33:20 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    29/7/2012 2:32:33 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:22:39 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 2:19:34 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error %%-2147418113.
    29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The system cannot find the path specified.
    29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The system cannot find the path specified.
    29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The system cannot find the path specified.
    29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The media is write protected.
    29/7/2012 2:19:22 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    29/7/2012 2:18:54 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    29/7/2012 2:18:42 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    29/7/2012 2:15:13 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
  6. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    29/7/2012 2:15:13 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:15:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:12:57 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "3859F9570189" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
    29/7/2012 2:10:26 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:10:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/7/2012 1:57:47 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 1:57:47 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 1:53:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 1:53:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 1:49:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    29/7/2012 1:49:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    28/7/2012 8:45:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    28/7/2012 8:45:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    28/7/2012 8:13:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    28/7/2012 7:55:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (DRAGONICA) service to connect.
    28/7/2012 7:55:16 PM, Error: Service Control Manager [7000] - The SQL Server (DRAGONICA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    28/7/2012 7:44:26 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
    28/7/2012 7:44:23 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
    28/7/2012 5:40:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    28/7/2012 5:40:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    28/7/2012 5:40:30 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: A system shutdown is in progress.
    28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: A system shutdown is in progress.
    28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: A system shutdown is in progress.
    28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: A system shutdown is in progress.
    28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
    28/7/2012 5:39:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
    28/7/2012 5:08:41 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    28/7/2012 4:11:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.853.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    28/7/2012 3:54:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.853.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    28/7/2012 3:52:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    28/7/2012 3:51:47 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.131.132.0;1.131.132.0 Engine version: 1.1.8601.0
    28/7/2012 3:24:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    28/7/2012 11:04:26 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    28/7/2012 11:03:59 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    28/7/2012 11:03:56 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    25/7/2012 4:40:55 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
    24/7/2012 12:47:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    23/7/2012 10:04:31 PM, Error: Service Control Manager [7000] - The StarWind AE Service service failed to start due to the following error: The system cannot find the file specified.
    22/7/2012 2:23:32 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    22/7/2012 1:05:22 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 12.
    .
    ==== End Of File ===========================
  7. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  8. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    Okay here is the FRST.txt

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 30-07-2012 00:03:29
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKU\Mike\...\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Mike\...\Run: [Facebook Update] "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
    HKU\Mike\...\Run: [GarenaMessenger] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" [5649752 2012-03-05] ()
    HKU\Mike\...\Policies\system: [LogonHoursAction] 2
    HKU\Mike\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Ryuu\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-18] (BitTorrent, Inc.)
    HKU\Ryuu\...\Run: [Google Update] "C:\Users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-27] (Google Inc.)
    HKU\Ryuu\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3417496 2011-07-31] (Tonec Inc.)
    HKU\Ryuu\...\Policies\system: [LogonHoursAction] 2
    HKU\Ryuu\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Ryuu\...\Winlogon: [Shell] Explorer.exe
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Startup: C:\Users\Ryuu\Start Menu\Programs\Startup\Facebook Messenger.lnk
    ShortcutTarget: Facebook Messenger.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
    3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
    4 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
    2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-12] (Akamai Technologies, Inc)
    4 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [198168 2007-03-05] (InterVideo Inc.)
    4 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360 2011-06-30] (Dritek System Inc.)
    4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
    4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-25] (Acer Incorporated)
    4 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$DRAGONICA; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe" -sDRAGONICA [43040096 2011-06-17] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    4 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-28] ()
    4 SQLAgent$DRAGONICA; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE" -I DRAGONICA [370016 2011-06-17] (Microsoft Corporation)
    4 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
    4 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [265928 2011-12-02] (SpeedBit Ltd.)
    4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-23] ()

    ========================== Drivers (Whitelisted) =============

    3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-06] (LG Electronics Inc.)
    3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-06] (LG Electronics Inc.)
    3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-06] (LG Electronics Inc.)
    3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-06] (LG Electronics Inc.)
    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
    3 appliand; C:\Windows\System32\Drivers\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
    3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
    3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [51240 2011-05-16] (Broadcom Corporation)
    3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [86056 2011-05-06] (Broadcom Corporation)
    3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2011-11-30] (DT Soft Ltd)
    2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [145008 2011-07-06] (Tonec Inc.)
    3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
    4 MySQL; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL [8919 2012-05-09] ()
    2 npf; C:\Windows\System32\Drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
    3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2011-03-09] (NTI Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-20] (Duplex Secure Ltd.)
    3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [513824 2011-07-31] ()
    3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2011-03-09] (NTI Corporation)
    1 aalobgfe; \??\C:\Windows\system32\drivers\aalobgfe.sys [x]
    4 bdselfpr; [x]
    3 dump_wmimmc; [x]
    3 EagleX64; [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    2 RelevantKnowledge; [x]
    3 wolf; [x]
    1 wxutdbmc; \??\C:\Windows\system32\drivers\wxutdbmc.sys [x]
    3 X6va005; [x]
    3 xsherlock; C:\Windows\system32\xsherlock.xem [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-29 08:00 - 2012-07-29 08:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C93AB17FCC9803A1
    2012-07-29 08:00 - 2012-07-29 08:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpfwysoc.sys
    2012-07-29 07:45 - 2012-07-29 07:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.708E78416D21F6C8
    2012-07-29 00:53 - 2012-07-29 00:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7CF3CBC5CBD25884
    2012-07-29 00:47 - 2012-07-29 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B70D5861D85AD664
    2012-07-29 00:42 - 2012-07-29 00:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.705B55BB93B186F1
    2012-07-28 22:31 - 2012-07-28 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B25ED5FF07112164
    2012-07-28 22:29 - 2012-07-28 22:29 - 00002902 ____A C:\Windows\PFRO.log
    2012-07-28 22:16 - 2012-07-28 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABD0E22A81008886
    2012-07-28 22:10 - 2012-07-28 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04DD8A8E342C08BB
    2012-07-28 22:01 - 2012-07-28 22:01 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-28 22:01 - 2012-07-02 21:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-28 21:54 - 2012-07-28 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66F487C048984A95
    2012-07-28 20:36 - 2012-07-28 20:36 - 00000000 ____D C:\FRST
    2012-07-28 15:29 - 2012-07-28 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.869D5BCC9E8E983A
    2012-07-28 04:28 - 2012-07-28 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.38BB1D571143E4D0
    2012-07-28 04:23 - 2012-07-29 07:58 - 00000728 ____A C:\Windows\setupact.log
    2012-07-28 04:23 - 2012-07-28 04:23 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-28 01:52 - 2012-07-28 22:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 01:52 - 2012-07-28 01:52 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Malwarebytes
    2012-07-28 01:52 - 2012-07-28 01:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-28 01:34 - 2012-07-28 20:07 - 00000000 ____D C:\d51ee645f6d2af991e9c9d0cf0e4
    2012-07-28 01:34 - 2012-07-28 01:34 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86_2.msu
    2012-07-28 01:33 - 2012-07-28 01:33 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86.msu
    2012-07-28 01:20 - 2012-07-28 20:07 - 00000000 ____D C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
    2012-07-28 01:19 - 2012-07-28 01:21 - 282001408 ____A C:\Users\Ryuu\Downloads\kav_rescue_10_2.iso
    2012-07-28 00:46 - 2012-07-28 00:46 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Systweak
    2012-07-28 00:45 - 2012-07-28 20:07 - 00000000 ____D C:\Program Files (x86)\Advanced System Optimizer 3
    2012-07-28 00:45 - 2012-07-28 00:45 - 00000000 ____D C:\Users\Ryuu\Desktop\SPC_Report
    2012-07-28 00:38 - 2012-07-28 20:07 - 00000000 ____D C:\Users\Ryuu\Desktop\Advanced System Optimizer 3.2.648.11676 (32+64 bit) + Multilingual + SERIAL KEY
    2012-07-28 00:36 - 2012-07-28 00:38 - 12061016 ____A C:\Users\Ryuu\Downloads\Advanced System Optimizer 3.2.648.11676 (32+64 bit) + Multilingual + SERIAL KEY.rar
    2012-07-27 23:55 - 2012-07-27 23:55 - 00000123 ____A C:\Users\Ryuu\Desktop\Microsoft Fix it.url
    2012-07-27 23:53 - 2012-07-27 23:53 - 00347424 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\MicrosoftFixit.WindowsFirewall.RNP.15626689280230514.1.1.Run.exe
    2012-07-27 23:51 - 2012-07-27 23:54 - 00003221 ____A C:\Windows\WindowsUpdate.log
    2012-07-27 23:51 - 2012-07-27 23:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-27 23:51 - 2012-07-27 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-27 23:50 - 2012-07-27 23:51 - 12621696 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\mseinstall.exe
    2012-07-27 23:49 - 2012-07-27 23:49 - 00201030 ____A C:\Users\Ryuu\Downloads\lspfix.zip
    2012-07-27 19:09 - 2012-07-27 19:42 - 585384918 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Fairy Tail - 141 [1080p].mkv
    2012-07-27 02:51 - 2012-07-27 02:51 - 00000950 ____A C:\Users\Public\Desktop\Alcohol 120%.lnk
    2012-07-27 02:41 - 2012-07-29 00:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
    2012-07-27 02:41 - 2012-07-27 02:51 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
    2012-07-27 02:41 - 2012-07-27 02:41 - 00739856 ____A (Google Inc.) C:\Users\Ryuu\Downloads\ChromeSetup.exe
    2012-07-27 02:34 - 2012-07-27 02:34 - 00980480 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50267.msi
    2012-07-26 21:10 - 2012-07-26 21:10 - 00000000 ____A C:\Windows\SysWOW64\shoC467.tmp
    2012-07-26 20:43 - 2012-07-26 21:16 - 553837264 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Naruto Shippuuden - 271 [1080p].mkv
    2012-07-26 20:22 - 2012-07-26 20:23 - 10198728 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\flashplayer11-4_p1_install_win_pi_071612.exe
    2012-07-26 04:09 - 2012-07-26 04:09 - 00000000 ____D C:\Users\Mike\AppData\Local\{9848E4D9-E6BA-43AE-8509-D95A92F78A2A}
    2012-07-26 04:09 - 2012-07-26 04:09 - 00000000 ____D C:\Users\Mike\AppData\Local\{54EF4436-78A2-424C-A27C-22A622D64C27}
    2012-07-26 01:33 - 2012-07-26 01:35 - 00000000 ____D C:\Users\Ryuu\Downloads\ESET NOD32 Smart Security v5.0.93.7 Final (x86 & x64)
    2012-07-25 23:04 - 2012-07-25 23:26 - 00000000 ____D C:\Users\Ryuu\Downloads\The.Karate.Kid.2010.DVDRip.XviD-TDM.[UsaBit.com]
    2012-07-25 22:57 - 2012-07-25 22:59 - 00000000 ____D C:\Users\Ryuu\Downloads\Hancock[2008]DvDrip-aXXo
    2012-07-25 07:28 - 2012-07-25 07:28 - 00000000 ____A C:\Windows\SysWOW64\shoCA95.tmp
    2012-07-25 01:39 - 2012-07-25 01:40 - 00000000 ____D C:\Users\Mike\AppData\Local\{0CBEC15D-A26E-46F0-A439-8B668A5A584E}
    2012-07-25 01:39 - 2012-07-25 01:39 - 00000000 ____D C:\Users\Mike\AppData\Local\{744B44C2-9764-48D8-B1D6-17DE62A5F7A5}
    2012-07-25 00:27 - 2012-07-25 00:27 - 00003352 ____N C:\bootsqm.dat
    2012-07-24 06:50 - 2012-07-25 22:49 - 00000000 ____D C:\Users\Ryuu\Downloads\I.Am.Legend[2007]DvDrip[Eng]-aXXo
    2012-07-24 06:39 - 2012-07-29 00:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-24 06:39 - 2012-07-24 06:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-24 06:39 - 2012-07-24 06:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-24 06:38 - 2012-07-24 06:38 - 09822920 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\install_flash_player.exe
    2012-07-24 03:21 - 2012-07-24 03:21 - 00063886 ____A C:\Users\Mike\Downloads\TOTALLYBOREED
    2012-07-23 22:30 - 2012-07-23 22:30 - 00000000 ____D C:\Users\Mike\AppData\Local\{8D658D3E-048C-44AD-ABAA-711775EE882C}
    2012-07-23 22:30 - 2012-07-23 22:30 - 00000000 ____D C:\Users\Mike\AppData\Local\{5161F28F-5A4A-4280-B11B-D857B0E81C1A}
    2012-07-23 21:26 - 2012-07-23 21:26 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-07-23 21:25 - 2012-07-05 06:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-23 21:25 - 2012-07-05 06:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-23 21:24 - 2012-07-23 21:25 - 06723616 ____A (Adobe Systems Inc.) C:\Users\Ryuu\Downloads\Shockwave_Installer_Slim.exe
    2012-07-23 21:24 - 2012-07-23 21:24 - 00893936 ____A (Oracle Corporation) C:\Users\Ryuu\Downloads\jxpiinstall.exe
    2012-07-23 21:02 - 2012-07-23 21:02 - 00650240 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50199.msi
    2012-07-23 20:56 - 2012-07-23 20:56 - 00641253 ____A C:\Users\Ryuu\Downloads\ ??????????? (SAO) [Crossing field].mp4
    2012-07-23 01:16 - 2012-07-23 01:16 - 07275072 ____A (Dark Byte ) C:\Users\Ryuu\Downloads\CheatEngine62.exe
    2012-07-23 01:16 - 2012-07-23 01:16 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
    2012-07-23 01:15 - 2012-07-16 01:07 - 00099328 ____A C:\Users\Ryuu\Desktop\Trainer.EXE
    2012-07-23 01:14 - 2012-07-23 01:14 - 00062345 ____A C:\Users\Ryuu\Downloads\YS Origin STEAM Update 3 +6 Trainer.rar
    2012-07-23 00:22 - 2012-07-23 00:22 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\FALCOM
    2012-07-23 00:20 - 2012-07-23 00:20 - 00001261 ____A C:\Users\Ryuu\Downloads\Ys Origin.CT
    2012-07-23 00:19 - 2012-07-23 00:19 - 00011366 ____A C:\Users\Ryuu\Downloads\YSO_Mini_Image.rar
    2012-07-23 00:19 - 2007-10-07 08:32 - 00831488 ____A C:\Users\Ryuu\Desktop\YSO_Mini_Image.iso
    2012-07-23 00:17 - 2007-03-14 05:33 - 00000000 ____D C:\Users\Ryuu\Desktop\yso_1100
    2012-07-22 23:53 - 2012-07-22 23:53 - 00000000 ____D C:\Users\All Users\RELOADED
    2012-07-22 23:51 - 2012-07-22 23:51 - 00000790 ____A C:\Users\Public\Desktop\Ys Origin.lnk
    2012-07-22 23:50 - 2012-07-22 23:53 - 00000000 ____D C:\Program Files (x86)\Ys Origin
    2012-07-22 02:48 - 2012-07-22 02:48 - 00000000 ____D C:\Users\Mike\AppData\Local\{C61B5BA8-BED9-4BA5-A82A-92B12C2FEFB4}
    2012-07-22 02:47 - 2012-07-22 02:48 - 00000000 ____D C:\Users\Mike\AppData\Local\{17E23103-E7DF-4588-95D8-18142A052C03}
    2012-07-21 23:31 - 2012-07-22 23:50 - 00000000 ____D C:\Users\Ryuu\Desktop\Patch
    2012-07-21 23:31 - 2010-02-10 11:08 - 00001068 ____A C:\Users\Ryuu\Desktop\Instructions.txt
    2012-07-21 22:31 - 2012-07-21 23:53 - 00000000 ____D C:\Users\Ryuu\Desktop\Company of heroes image
    2012-07-21 07:32 - 2012-07-21 07:32 - 00000000 ____D C:\Users\Mike\AppData\Local\Activision
    2012-07-21 05:58 - 2012-07-21 05:58 - 00000000 ____D C:\Users\Mike\AppData\Local\{343DFACB-6D68-4544-8F9D-C2C95D5A4D8C}
    2012-07-21 05:58 - 2012-07-21 05:58 - 00000000 ____D C:\Users\Mike\AppData\Local\{18902BDE-E91B-47E0-90D2-227DF51529B8}
    2012-07-21 04:36 - 2012-07-21 04:36 - 00005532 ____A C:\Users\Ryuu\Downloads\777 We can sing a song~ lyrics.txt
    2012-07-21 01:24 - 2012-07-21 01:24 - 00073622 ____A C:\Users\Ryuu\Downloads\bws-0637.rar
    2012-07-21 01:24 - 2010-11-11 17:14 - 00412672 ____A C:\Users\Ryuu\Desktop\bw-codbo.exe
    2012-07-21 01:24 - 2010-11-11 02:58 - 00011057 ____A C:\Users\Ryuu\Desktop\BReWErS.nfo
    2012-07-21 01:21 - 2012-07-21 01:21 - 00000000 ____D C:\Users\Ryuu\AppData\Local\Activision
    2012-07-21 01:00 - 2012-07-21 01:00 - 00002214 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
    2012-07-21 01:00 - 2012-07-21 01:00 - 00002200 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
    2012-07-21 00:55 - 2012-07-21 00:59 - 00000000 ____D C:\Users\Ryuu\Downloads\Call Of Duty Black Ops Updates 1-2-3-4-5-6 + Cracks {HotIce}
    2012-07-21 00:52 - 2012-07-21 00:52 - 00000000 ____D C:\Users\Ryuu\Downloads\(PC) Call of Duty Black Ops + crack (SKIDROW)
    2012-07-21 00:17 - 2012-07-21 00:18 - 03791728 ____A C:\Users\Ryuu\Downloads\BlackOps_by_GradenT_[Update_5-6]_[+23].rar
    2012-07-21 00:13 - 2010-12-17 08:13 - 68058032 ____A ( ) C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops.Update.4.exe
    2012-07-21 00:13 - 2010-12-17 08:13 - 00019625 ____A C:\Users\Ryuu\Downloads\skidrow.nfo
    2012-07-21 00:13 - 2010-12-17 08:13 - 00000000 ____D C:\Users\Ryuu\Downloads\SKIDROW
    2012-07-20 23:47 - 2010-11-13 03:09 - 00000000 ____D C:\Users\Ryuu\Downloads\sr-cod71-Mbb
    2012-07-20 23:46 - 2010-12-01 05:06 - 00000000 ____D C:\Users\Ryuu\Downloads\sr-cod723-Mbb
    2012-07-20 23:42 - 2012-07-21 00:03 - 00000000 ____D C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops.Update.4.Read.Nfo-SKIDROW
    2012-07-20 23:42 - 2012-07-20 23:50 - 00000000 ____D C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops.Update.5.and.6-SKIDROW [ALEX]
    2012-07-20 23:40 - 2012-07-20 23:44 - 15809643 ____A C:\Users\Ryuu\Downloads\sr-cod723-Mbb.rar
    2012-07-20 23:40 - 2012-07-20 23:44 - 14468514 ____A C:\Users\Ryuu\Downloads\sr-cod71-Mbb.rar
    2012-07-20 23:11 - 2012-07-20 23:11 - 00000000 ____D C:\Program Files (x86)\Activision
    2012-07-20 22:47 - 2010-11-09 01:09 - 3523459072 ____A C:\Users\Ryuu\Desktop\sr-codbo.iso
    2012-07-20 08:48 - 2012-07-27 20:12 - 00001211 ____A C:\Users\Ryuu\Documents\ax_files.xml
    2012-07-20 04:03 - 2012-07-20 04:03 - 00000000 ____D C:\Users\Mike\AppData\Local\Wondershare
    2012-07-20 03:27 - 2012-07-28 20:22 - 00000000 ____D C:\Users\Ryuu\Desktop\Company of heroes trainer
    2012-07-20 01:57 - 2012-07-20 01:57 - 00000000 ____D C:\Users\Ryuu\Downloads\Company of Heroes Tales of Valor [Uploaded By SunShine®]
    2012-07-20 01:55 - 2012-07-28 20:22 - 00000000 ____D C:\Program Files (x86)\smartdl
    2012-07-20 01:55 - 2012-07-20 01:55 - 00000000 ____D C:\Program Files (x86)\TorrentSearch
    2012-07-20 01:54 - 2012-07-20 01:54 - 00191444 ____A C:\Users\Ryuu\Downloads\COMPANY_OF_HEROES_TALES_OF_VALOR_MEGA_TRAINER_2_602_rar.exe
    2012-07-20 01:53 - 2012-07-20 01:53 - 00009324 ___RA C:\Users\Ryuu\RelicCOH_TOV_v2602.CT
    2012-07-20 01:50 - 2012-07-20 01:50 - 03020105 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_-_ToV_v2.602_+_9_Trainer.rar
    2012-07-20 01:43 - 2012-07-20 01:43 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
    2012-07-20 01:37 - 2012-07-20 01:37 - 00834544 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
    2012-07-20 01:36 - 2012-07-20 01:36 - 00000000 ____D C:\Users\Ryuu\Downloads\Alcohol 120 v2.0.0.1331+Patch(Works with w7) [ kk ]
    2012-07-20 01:32 - 2012-07-20 01:32 - 02416536 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_Tales_of_Valor_NoCDNoDVD_[2.602].7z
    2012-07-20 01:20 - 2012-07-20 01:20 - 00290128 ____A C:\Users\Ryuu\Downloads\Ys.Origins-RELOADED_PublicHD.exe
    2012-07-20 00:38 - 2009-04-11 01:27 - 00001659 ____A C:\Users\Ryuu\Desktop\NS-TOV_DC-poseden.nfo
    2012-07-20 00:30 - 2012-07-20 00:56 - 164254690 ____A C:\Users\Ryuu\Downloads\EN_2601_2602_Patch.exe
    2012-07-20 00:28 - 2012-07-20 00:56 - 28143440 ____A C:\Users\Ryuu\Downloads\EN_2600_2601_Patch.exe
    2012-07-19 23:59 - 2009-07-13 11:25 - 00000000 ____D C:\Users\Ryuu\validators
    2012-07-19 23:59 - 2009-07-09 19:10 - 00001349 ____A C:\Users\Ryuu\readme.txt
    2012-07-19 23:59 - 2009-07-09 18:40 - 09267008 ____A (THQ Canada Inc.) C:\Users\Ryuu\RelicCOH.exe
    2012-07-19 23:04 - 2012-07-19 23:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
    2012-07-19 23:04 - 2012-07-19 23:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
    2012-07-19 07:37 - 2012-07-19 07:39 - 00000000 ____D C:\Users\Ryuu\Downloads\Company Of Heroes Tales Of Valor Crack Only - RELOADED
    2012-07-19 07:02 - 2012-07-19 23:09 - 00000000 ____D C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops-SKIDROW
    2012-07-19 06:23 - 2012-07-19 06:24 - 47593217 ____A C:\Users\Ryuu\Downloads\EN_2502_2600_Patch.exe
    2012-07-19 06:22 - 2012-07-19 06:24 - 32765297 ____A C:\Users\Ryuu\Downloads\EN_2501_2502_Patch.exe
    2012-07-19 03:37 - 2012-07-19 03:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-19 03:15 - 2012-07-19 03:19 - 112496474 ____A C:\Users\Ryuu\Downloads\EN_2500_2501_Patch.exe
    2012-07-19 02:51 - 2012-07-19 03:09 - 00000000 ____D C:\Users\Ryuu\Downloads\Crack
    2012-07-18 08:12 - 2012-07-28 20:22 - 00000000 ____D C:\Users\Ryuu\Downloads\TuneUp.Utilities.2012.v12.0.2160.13.Incl.Keymaker-CORE
    2012-07-18 02:36 - 2012-07-18 02:36 - 00007014 ____A C:\Users\Ryuu\Downloads\SpecOpsTheLine_v10.CT
    2012-07-18 01:52 - 2012-06-26 12:32 - 18679808 ____A (Take-Two Interactive Software, Inc.) C:\Users\Ryuu\SpecOpsTheLine.exe
    2012-07-18 01:52 - 2012-06-26 12:32 - 00359424 ____A (SKIDROW) C:\Users\Ryuu\Steamclient.dll
    2012-07-18 01:52 - 2012-06-26 12:32 - 00124296 ____A (Valve Corporation) C:\Users\Ryuu\steam_api.dll
    2012-07-18 01:50 - 2012-07-18 01:50 - 00000000 __SHD C:\Windows\ftpcache
    2012-07-18 01:47 - 2012-07-18 01:47 - 00002448 ____A C:\Users\Ryuu\Desktop\Spec Ops The Line.lnk
    2012-07-18 01:47 - 2012-07-18 01:47 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Spec Ops The Line
    2012-07-18 01:39 - 2012-07-19 03:33 - 00000000 ____D C:\Users\Ryuu\Desktop\Patches
    2012-07-18 01:19 - 2012-07-18 01:19 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
    2012-07-17 07:43 - 2012-07-17 07:43 - 00000000 ____D C:\Users\Ryuu\Downloads\Xilisoft Video Converter Platinum 7.3.0.20120529 + Serial
    2012-07-17 07:15 - 2012-07-27 06:10 - 47692675 ____A C:\Users\Ryuu\Downloads\xivico7.3.zip
    2012-07-16 05:27 - 2012-07-16 05:27 - 00000000 ____A C:\Windows\SysWOW64\sho29FA.tmp
    2012-07-16 02:39 - 2012-07-16 02:53 - 00000000 ____D C:\Users\Ryuu\Documents\Wondershare Video Converter Ultimate
    2012-07-16 02:39 - 2012-07-16 02:39 - 00001419 ____A C:\Users\Ryuu\Desktop\Wondershare Video Converter Ultimate.lnk
    2012-07-16 02:39 - 2012-07-16 02:39 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
    2012-07-16 02:39 - 2012-07-16 02:39 - 00000000 ____D C:\Users\Ryuu\AppData\Local\Wondershare
    2012-07-16 02:38 - 2012-07-16 02:38 - 00000000 ____D C:\Users\Ryuu\Downloads\Wondershare.Video.Converter.Ultimate.v5.7.5.Incl.Keygen-Lz0
    2012-07-15 17:03 - 2012-07-15 17:03 - 00184891 ____A C:\torrent.exe
    2012-07-14 08:47 - 2012-07-14 08:47 - 00000000 ____D C:\Users\Mike\Documents\ArcaniA - Gothic 4
    2012-07-14 05:11 - 2012-07-14 08:47 - 00000000 ____D C:\Users\Mike\AppData\Roaming\NVIDIA
    2012-07-14 04:42 - 2012-07-14 04:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{DAE40D97-A3F0-48C5-8EF4-340ECF9B12A3}
    2012-07-14 04:41 - 2012-07-14 04:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{800D2AF3-81CC-4AF7-B455-E164E9A421E2}
    2012-07-14 02:33 - 2012-07-17 11:03 - 2009704706 ____A C:\Users\Ryuu\Downloads\Company Of Heroes (2006) + CoH - Opposing Fronts (2007).rar
    2012-07-14 01:22 - 2012-07-14 02:23 - 00000000 ____D C:\Users\Ryuu\Documents\ArcaniA - Gothic 4
    2012-07-13 21:27 - 2012-07-15 00:35 - 00000000 ____D C:\Program Files (x86)\JoWooD Entertainment AG
    2012-07-13 16:41 - 2012-07-13 16:41 - 00000000 ____D C:\Users\Mike\AppData\Local\{9842B7B9-6B09-41DF-B9E8-786DE7BF94F1}
    2012-07-13 16:41 - 2012-07-13 16:41 - 00000000 ____D C:\Users\Mike\AppData\Local\{3A725E55-99FB-49B0-834D-6D33B9739679}
    2012-07-13 07:42 - 2012-07-13 07:42 - 00000000 __RHD C:\Users\Ryuu\AppData\Roaming\SecuROM
    2012-07-13 03:16 - 2012-07-13 03:16 - 00000000 ____A C:\Windows\SysWOW64\sho933A.tmp
    2012-07-13 02:47 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-13 02:42 - 2012-07-13 02:43 - 00000000 ____D C:\Users\Mike\AppData\Local\{9161B958-5EC3-4E27-9386-D79944872708}
    2012-07-13 02:42 - 2012-07-13 02:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{A0213D9D-0D37-43DE-A26D-22344FDEE598}
    2012-07-13 02:41 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-13 02:41 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-13 02:41 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-13 02:41 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-13 02:41 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-13 02:41 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-13 02:41 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-13 02:41 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-13 02:41 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-13 02:41 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-13 02:41 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-13 02:41 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-13 02:41 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-13 02:41 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-13 02:41 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-13 02:41 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-13 02:41 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-13 02:41 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-13 02:41 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-13 02:41 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-13 02:41 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-13 02:41 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-13 02:41 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-13 02:41 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-13 02:41 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-13 02:40 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-13 02:40 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-13 02:40 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-13 02:35 - 2012-07-13 03:18 - 00000000 ____D C:\Windows\SysWOW64\NV
    2012-07-13 02:35 - 2012-07-13 03:18 - 00000000 ____D C:\Windows\System32\NV
    2012-07-12 07:36 - 2012-07-12 07:36 - 00659211 ____A C:\Users\Ryuu\Downloads\RelicCOH.CT
    2012-07-12 06:25 - 2012-07-13 02:35 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-07-12 06:25 - 2012-07-12 06:25 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-12 06:25 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-07-12 06:25 - 2012-05-15 01:29 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-07-12 06:25 - 2012-05-15 01:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-07-12 06:25 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-07-12 06:25 - 2012-05-15 01:29 - 00858944 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
    2012-07-12 06:25 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-07-12 06:25 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-07-12 06:25 - 2012-05-15 01:29 - 00055616 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
    2012-07-12 06:25 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-07-12 06:25 - 2012-05-11 23:22 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2008
    2012-07-12 06:25 - 2012-05-11 23:20 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2005
    2012-07-12 06:25 - 2012-05-11 23:20 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
    2012-07-12 06:24 - 2012-07-12 06:24 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
    2012-07-12 06:24 - 2012-05-15 02:48 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-07-12 06:24 - 2012-05-15 02:48 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-07-12 06:18 - 2012-05-15 02:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-07-12 06:18 - 2012-05-15 02:48 - 00028992 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
    2012-07-12 06:18 - 2012-05-15 02:48 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-07-12 04:52 - 2012-07-12 04:52 - 00000000 ____D C:\Users\Mike\AppData\Local\{361641CC-DA41-4980-8A0C-ED2E519EFC5D}
    2012-07-12 04:52 - 2012-07-12 04:52 - 00000000 ____D C:\Users\Mike\AppData\Local\{18D2B928-7F9E-442F-9205-CDA5BA7694CB}
    2012-07-12 04:23 - 2012-07-12 04:23 - 00003120 ____A C:\Windows\SysWOW64\ALLFSAF8a.ocx
    2012-07-12 04:23 - 2012-07-12 04:23 - 00002114 ____A C:\Users\Public\Desktop\LayOut 3.lnk
    2012-07-12 04:23 - 2012-07-12 04:23 - 00002029 ____A C:\Users\Public\Desktop\Google SketchUp 8.lnk
    2012-07-12 04:19 - 2012-07-28 20:22 - 00000000 ____D C:\Users\Ryuu\Downloads\Google Sketchup 8 with Keygen
    2012-07-12 03:15 - 2012-07-12 05:31 - 00000000 ____D C:\Users\Ryuu\Downloads\????@????@????[ONED-136]
    2012-07-10 22:55 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 22:55 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 22:55 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 22:55 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 22:55 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 22:55 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 22:55 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 22:55 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 22:54 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 22:54 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 22:54 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 22:54 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 22:54 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 22:54 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 22:54 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 22:54 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 22:54 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 22:54 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 22:54 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 07:04 - 2012-07-10 07:04 - 298992036 ____A C:\Users\Ryuu\Downloads\EX-ANL.mp4
    2012-07-09 02:45 - 2007-12-28 21:58 - 23755200 ____A C:\Users\Ryuu\Downloads\Company of Heroes.iso
    2012-07-07 23:50 - 2012-07-07 23:50 - 00000000 ____D C:\Users\Mike\AppData\Local\{5D1701F2-79AA-4D47-94FE-9488C5352CFF}
    2012-07-07 23:50 - 2012-07-07 23:50 - 00000000 ____D C:\Users\Mike\AppData\Local\{4C12E2F4-07BF-464F-B221-FA16DDAB4095}
    2012-07-07 08:28 - 2012-07-07 08:28 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-07-07 05:34 - 2010-04-02 19:51 - 00073568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
    2012-07-07 05:32 - 2012-07-07 05:32 - 00000000 ____D C:\Users\Mike\AppData\Local\{50A3E4E4-48C5-4773-8581-CA72831FC400}
    2012-07-07 05:32 - 2012-07-07 05:32 - 00000000 ____D C:\Users\Mike\AppData\Local\{03C474F3-F851-40F6-A588-EE00BD6F86D5}
    2012-07-07 05:02 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-07-07 05:02 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-07-07 04:47 - 2012-07-07 04:47 - 00000000 ____D C:\Program Files (x86)\THQ
    2012-07-06 02:29 - 2012-07-06 02:29 - 00000000 ____D C:\Users\Mike\AppData\Local\{F41B1A50-BAB2-47A0-A278-890972A3262D}
    2012-07-06 02:29 - 2012-07-06 02:29 - 00000000 ____D C:\Users\Mike\AppData\Local\{347CA914-7402-4971-99C8-6312B8E21DD6}
    2012-07-06 00:24 - 2012-07-06 00:24 - 00000000 ____D C:\Users\Mike\AppData\Local\{D5A16A4D-C97D-4236-AA98-F84A04631A2F}
    2012-07-04 01:12 - 2012-07-04 01:12 - 00000000 ____A C:\Windows\SysWOW64\sho456C.tmp
    2012-07-03 21:15 - 2012-07-03 21:15 - 00000000 ____D C:\Users\Mike\AppData\Local\{9333AC1F-D027-45BF-BD23-C4C06017B527}
    2012-07-03 21:13 - 2012-07-03 21:15 - 00000000 ____D C:\Users\Mike\AppData\Local\{7E9D2A0D-09A9-4ED2-8855-21BE27730916}
    2012-07-01 00:42 - 2012-07-01 00:43 - 00000000 ____D C:\Users\Mike\AppData\Local\{3A15D7AC-E1FF-4D86-9BF7-9C9A486482D0}
    2012-07-01 00:42 - 2012-07-01 00:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{6EBD30FC-A9C1-41C0-8BDE-F199B901448D}
    2012-06-30 04:25 - 2012-06-30 04:25 - 00000000 ____D C:\Users\Mike\AppData\Local\{D3B5A1EA-0DDB-4752-8A79-92A5CBF47AD1}
    2012-06-30 04:24 - 2012-06-30 04:25 - 00000000 ____D C:\Users\Mike\AppData\Local\{6BCCD5BE-DFF7-48FE-B3AD-B6200264B657}
    2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____A C:\Windows\SysWOW64\sho7BBD.tmp
  9. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    ============ 3 Months Modified Files ========================

    2012-07-29 08:00 - 2012-07-29 08:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C93AB17FCC9803A1
    2012-07-29 08:00 - 2012-07-29 08:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpfwysoc.sys
    2012-07-29 07:58 - 2012-07-28 04:23 - 00000728 ____A C:\Windows\setupact.log
    2012-07-29 07:58 - 2011-11-22 00:33 - 00000408 ____A C:\Windows\Tasks\Final Media Player Update Checker.job
    2012-07-29 07:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-29 07:53 - 2009-07-13 21:13 - 00876922 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-29 07:45 - 2012-07-29 07:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.708E78416D21F6C8
    2012-07-29 07:42 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-29 07:42 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-29 00:53 - 2012-07-29 00:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7CF3CBC5CBD25884
    2012-07-29 00:51 - 2012-07-27 02:41 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
    2012-07-29 00:47 - 2012-07-29 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B70D5861D85AD664
    2012-07-29 00:44 - 2012-07-24 06:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-29 00:43 - 2009-07-13 21:08 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-29 00:42 - 2012-07-29 00:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.705B55BB93B186F1
    2012-07-28 22:31 - 2012-07-28 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B25ED5FF07112164
    2012-07-28 22:29 - 2012-07-28 22:29 - 00002902 ____A C:\Windows\PFRO.log
    2012-07-28 22:16 - 2012-07-28 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABD0E22A81008886
    2012-07-28 22:10 - 2012-07-28 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04DD8A8E342C08BB
    2012-07-28 22:01 - 2012-07-28 22:01 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-28 21:54 - 2012-07-28 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66F487C048984A95
    2012-07-28 15:29 - 2012-07-28 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.869D5BCC9E8E983A
    2012-07-28 04:28 - 2012-07-28 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.38BB1D571143E4D0
    2012-07-28 04:23 - 2012-07-28 04:23 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-28 04:10 - 2011-11-08 00:53 - 00125968 ____A C:\Users\Ryuu\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-28 01:34 - 2012-07-28 01:34 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86_2.msu
    2012-07-28 01:33 - 2012-07-28 01:33 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86.msu
    2012-07-28 01:21 - 2012-07-28 01:19 - 282001408 ____A C:\Users\Ryuu\Downloads\kav_rescue_10_2.iso
    2012-07-28 00:38 - 2012-07-28 00:36 - 12061016 ____A C:\Users\Ryuu\Downloads\Advanced System Optimizer 3.2.648.11676 (32+64 bit) + Multilingual + SERIAL KEY.rar
    2012-07-27 23:55 - 2012-07-27 23:55 - 00000123 ____A C:\Users\Ryuu\Desktop\Microsoft Fix it.url
    2012-07-27 23:54 - 2012-07-27 23:51 - 00003221 ____A C:\Windows\WindowsUpdate.log
    2012-07-27 23:54 - 2011-12-07 19:19 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-27 23:53 - 2012-07-27 23:53 - 00347424 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\MicrosoftFixit.WindowsFirewall.RNP.15626689280230514.1.1.Run.exe
    2012-07-27 23:51 - 2012-07-27 23:50 - 12621696 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\mseinstall.exe
    2012-07-27 23:51 - 2012-01-23 02:03 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
    2012-07-27 23:51 - 2011-11-19 23:06 - 00882768 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-27 23:49 - 2012-07-27 23:49 - 00201030 ____A C:\Users\Ryuu\Downloads\lspfix.zip
    2012-07-27 22:57 - 2011-12-23 08:06 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005UA.job
    2012-07-27 20:12 - 2012-07-20 08:48 - 00001211 ____A C:\Users\Ryuu\Documents\ax_files.xml
    2012-07-27 19:42 - 2012-07-27 19:09 - 585384918 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Fairy Tail - 141 [1080p].mkv
    2012-07-27 07:45 - 2011-11-18 18:11 - 00005344 ____A C:\Windows\SysWOW64\debug.log
    2012-07-27 06:10 - 2012-07-17 07:15 - 47692675 ____A C:\Users\Ryuu\Downloads\xivico7.3.zip
    2012-07-27 04:57 - 2011-12-23 08:06 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005Core.job
    2012-07-27 02:51 - 2012-07-27 02:51 - 00000950 ____A C:\Users\Public\Desktop\Alcohol 120%.lnk
    2012-07-27 02:51 - 2012-07-27 02:41 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
    2012-07-27 02:51 - 2012-01-23 02:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
    2012-07-27 02:41 - 2012-07-27 02:41 - 00739856 ____A (Google Inc.) C:\Users\Ryuu\Downloads\ChromeSetup.exe
    2012-07-27 02:34 - 2012-07-27 02:34 - 00980480 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50267.msi
    2012-07-26 21:16 - 2012-07-26 20:43 - 553837264 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Naruto Shippuuden - 271 [1080p].mkv
    2012-07-26 21:10 - 2012-07-26 21:10 - 00000000 ____A C:\Windows\SysWOW64\shoC467.tmp
    2012-07-26 20:24 - 2011-12-17 08:39 - 01851392 ____A C:\Users\Ryuu\Documents\MyCalendar.ecfx
    2012-07-26 20:23 - 2012-07-26 20:22 - 10198728 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\flashplayer11-4_p1_install_win_pi_071612.exe
    2012-07-26 20:04 - 2011-11-24 07:13 - 00000024 ____A C:\Windows\LogonStudio.ini
    2012-07-25 07:28 - 2012-07-25 07:28 - 00000000 ____A C:\Windows\SysWOW64\shoCA95.tmp
    2012-07-25 00:37 - 2012-02-28 05:27 - 00002411 ____A C:\Windows\SysWOW64\lgAxconfig.ini
    2012-07-25 00:27 - 2012-07-25 00:27 - 00003352 ____N C:\bootsqm.dat
    2012-07-24 06:39 - 2012-07-24 06:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-24 06:39 - 2012-07-24 06:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-24 06:38 - 2012-07-24 06:38 - 09822920 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\install_flash_player.exe
    2012-07-24 03:21 - 2012-07-24 03:21 - 00063886 ____A C:\Users\Mike\Downloads\TOTALLYBOREED
    2012-07-23 21:25 - 2012-07-23 21:24 - 06723616 ____A (Adobe Systems Inc.) C:\Users\Ryuu\Downloads\Shockwave_Installer_Slim.exe
    2012-07-23 21:25 - 2012-04-08 07:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-23 21:25 - 2012-04-08 07:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-23 21:24 - 2012-07-23 21:24 - 00893936 ____A (Oracle Corporation) C:\Users\Ryuu\Downloads\jxpiinstall.exe
    2012-07-23 21:02 - 2012-07-23 21:02 - 00650240 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50199.msi
    2012-07-23 20:56 - 2012-07-23 20:56 - 00641253 ____A C:\Users\Ryuu\Downloads\ ??????????? (SAO) [Crossing field].mp4
    2012-07-23 01:16 - 2012-07-23 01:16 - 07275072 ____A (Dark Byte ) C:\Users\Ryuu\Downloads\CheatEngine62.exe
    2012-07-23 01:14 - 2012-07-23 01:14 - 00062345 ____A C:\Users\Ryuu\Downloads\YS Origin STEAM Update 3 +6 Trainer.rar
    2012-07-23 00:20 - 2012-07-23 00:20 - 00001261 ____A C:\Users\Ryuu\Downloads\Ys Origin.CT
    2012-07-23 00:19 - 2012-07-23 00:19 - 00011366 ____A C:\Users\Ryuu\Downloads\YSO_Mini_Image.rar
    2012-07-22 23:51 - 2012-07-22 23:51 - 00000790 ____A C:\Users\Public\Desktop\Ys Origin.lnk
    2012-07-21 04:36 - 2012-07-21 04:36 - 00005532 ____A C:\Users\Ryuu\Downloads\777 We can sing a song~ lyrics.txt
    2012-07-21 01:24 - 2012-07-21 01:24 - 00073622 ____A C:\Users\Ryuu\Downloads\bws-0637.rar
    2012-07-21 01:00 - 2012-07-21 01:00 - 00002214 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
    2012-07-21 01:00 - 2012-07-21 01:00 - 00002200 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
    2012-07-21 00:18 - 2012-07-21 00:17 - 03791728 ____A C:\Users\Ryuu\Downloads\BlackOps_by_GradenT_[Update_5-6]_[+23].rar
    2012-07-20 23:44 - 2012-07-20 23:40 - 15809643 ____A C:\Users\Ryuu\Downloads\sr-cod723-Mbb.rar
    2012-07-20 23:44 - 2012-07-20 23:40 - 14468514 ____A C:\Users\Ryuu\Downloads\sr-cod71-Mbb.rar
    2012-07-20 01:54 - 2012-07-20 01:54 - 00191444 ____A C:\Users\Ryuu\Downloads\COMPANY_OF_HEROES_TALES_OF_VALOR_MEGA_TRAINER_2_602_rar.exe
    2012-07-20 01:53 - 2012-07-20 01:53 - 00009324 ___RA C:\Users\Ryuu\RelicCOH_TOV_v2602.CT
    2012-07-20 01:50 - 2012-07-20 01:50 - 03020105 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_-_ToV_v2.602_+_9_Trainer.rar
    2012-07-20 01:37 - 2012-07-20 01:37 - 00834544 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
    2012-07-20 01:32 - 2012-07-20 01:32 - 02416536 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_Tales_of_Valor_NoCDNoDVD_[2.602].7z
    2012-07-20 01:20 - 2012-07-20 01:20 - 00290128 ____A C:\Users\Ryuu\Downloads\Ys.Origins-RELOADED_PublicHD.exe
    2012-07-20 00:56 - 2012-07-20 00:30 - 164254690 ____A C:\Users\Ryuu\Downloads\EN_2601_2602_Patch.exe
    2012-07-20 00:56 - 2012-07-20 00:28 - 28143440 ____A C:\Users\Ryuu\Downloads\EN_2600_2601_Patch.exe
    2012-07-19 06:24 - 2012-07-19 06:23 - 47593217 ____A C:\Users\Ryuu\Downloads\EN_2502_2600_Patch.exe
    2012-07-19 06:24 - 2012-07-19 06:22 - 32765297 ____A C:\Users\Ryuu\Downloads\EN_2501_2502_Patch.exe
    2012-07-19 03:19 - 2012-07-19 03:15 - 112496474 ____A C:\Users\Ryuu\Downloads\EN_2500_2501_Patch.exe
    2012-07-18 02:36 - 2012-07-18 02:36 - 00007014 ____A C:\Users\Ryuu\Downloads\SpecOpsTheLine_v10.CT
    2012-07-18 01:47 - 2012-07-18 01:47 - 00002448 ____A C:\Users\Ryuu\Desktop\Spec Ops The Line.lnk
    2012-07-17 11:03 - 2012-07-14 02:33 - 2009704706 ____A C:\Users\Ryuu\Downloads\Company Of Heroes (2006) + CoH - Opposing Fronts (2007).rar
    2012-07-16 05:27 - 2012-07-16 05:27 - 00000000 ____A C:\Windows\SysWOW64\sho29FA.tmp
    2012-07-16 02:39 - 2012-07-16 02:39 - 00001419 ____A C:\Users\Ryuu\Desktop\Wondershare Video Converter Ultimate.lnk
    2012-07-16 01:07 - 2012-07-23 01:15 - 00099328 ____A C:\Users\Ryuu\Desktop\Trainer.EXE
    2012-07-16 00:21 - 2012-01-24 23:17 - 00086528 __ASH C:\Users\Ryuu\Documents\Thumbs.db
    2012-07-15 17:03 - 2012-07-15 17:03 - 00184891 ____A C:\torrent.exe
    2012-07-13 03:18 - 2009-07-13 20:45 - 00459728 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-13 03:16 - 2012-07-13 03:16 - 00000000 ____A C:\Windows\SysWOW64\sho933A.tmp
    2012-07-13 02:41 - 2011-12-05 09:54 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-12 07:36 - 2012-07-12 07:36 - 00659211 ____A C:\Users\Ryuu\Downloads\RelicCOH.CT
    2012-07-12 06:25 - 2012-07-12 06:25 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-12 04:23 - 2012-07-12 04:23 - 00003120 ____A C:\Windows\SysWOW64\ALLFSAF8a.ocx
    2012-07-12 04:23 - 2012-07-12 04:23 - 00002114 ____A C:\Users\Public\Desktop\LayOut 3.lnk
    2012-07-12 04:23 - 2012-07-12 04:23 - 00002029 ____A C:\Users\Public\Desktop\Google SketchUp 8.lnk
    2012-07-12 03:00 - 2012-04-19 04:00 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-07-10 07:04 - 2012-07-10 07:04 - 298992036 ____A C:\Users\Ryuu\Downloads\EX-ANL.mp4
    2012-07-07 22:09 - 2012-06-28 22:37 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-07 22:09 - 2011-12-06 02:25 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-07 08:28 - 2012-07-07 08:28 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-07-05 06:06 - 2012-07-23 21:25 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-05 06:06 - 2012-07-23 21:25 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-05 06:06 - 2011-11-08 22:37 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-04 01:12 - 2012-07-04 01:12 - 00000000 ____A C:\Windows\SysWOW64\sho456C.tmp
    2012-07-03 03:30 - 2011-12-06 02:25 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-02 21:46 - 2012-07-28 22:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____A C:\Windows\SysWOW64\sho7BBD.tmp
    2012-06-28 21:54 - 2011-12-06 02:25 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-06-27 01:03 - 2012-06-27 01:03 - 00000000 ____A C:\Windows\SysWOW64\shoC66B.tmp
    2012-06-26 12:32 - 2012-07-18 01:52 - 18679808 ____A (Take-Two Interactive Software, Inc.) C:\Users\Ryuu\SpecOpsTheLine.exe
    2012-06-26 12:32 - 2012-07-18 01:52 - 00359424 ____A (SKIDROW) C:\Users\Ryuu\Steamclient.dll
    2012-06-26 12:32 - 2012-07-18 01:52 - 00124296 ____A (Valve Corporation) C:\Users\Ryuu\steam_api.dll
    2012-06-25 21:12 - 2012-06-25 21:12 - 00001164 ____A C:\Users\Ryuu\Desktop\PC Wizard 2012.lnk
    2012-06-22 04:38 - 2012-06-22 04:38 - 00002231 ____A C:\Users\Mike\Desktop\Fable - The Lost Chapters.lnk
    2012-06-22 04:38 - 2012-06-22 04:38 - 00002231 ____A C:\Users\Guest\Desktop\Fable - The Lost Chapters.lnk
    2012-06-22 02:49 - 2012-06-22 02:49 - 00001186 ____A C:\Users\Mike\Desktop\MID Converter 4.2.lnk
    2012-06-22 02:49 - 2012-06-22 02:49 - 00001186 ____A C:\Users\Guest\Desktop\MID Converter 4.2.lnk
    2012-06-21 00:37 - 2012-06-21 00:37 - 03166792 ____N C:\Windows\SysWOW64\pbsvc.exe
    2012-06-21 00:29 - 2012-06-21 00:29 - 00000000 ____A C:\Windows\SysWOW64\sho5254.tmp
    2012-06-20 07:38 - 2012-03-15 09:45 - 00001897 ____A C:\user.js
    2012-06-20 06:00 - 2012-06-20 06:00 - 00000000 ____A C:\Windows\SysWOW64\sho6748.tmp
    2012-06-19 18:11 - 2012-06-19 18:12 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-06-19 18:11 - 2012-06-19 18:12 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-19 18:11 - 2012-06-19 18:12 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-19 18:11 - 2012-06-19 18:12 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-19 18:11 - 2012-06-19 18:12 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-17 10:41 - 2012-06-17 10:41 - 00001241 ____A C:\Users\Ryuu\Desktop\AVS Video Converter.lnk
    2012-06-15 19:25 - 2012-06-15 19:25 - 00000000 ____A C:\Windows\SysWOW64\sho5BF6.tmp
    2012-06-15 17:04 - 2012-06-15 17:04 - 00000000 ____A C:\Windows\SysWOW64\sho40F7.tmp
    2012-06-15 16:42 - 2012-06-15 16:42 - 00001324 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
    2012-06-14 06:22 - 2012-06-14 05:47 - 00000023 ____A C:\Windows\BlendSettings.ini
    2012-06-12 10:22 - 2012-06-12 10:22 - 00000000 ____A C:\Windows\SysWOW64\sho4E24.tmp
    2012-06-11 19:08 - 2012-07-13 02:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 10:52 - 2012-06-11 10:52 - 00000000 ____A C:\Windows\SysWOW64\sho21D3.tmp
    2012-06-10 08:21 - 2012-06-10 08:21 - 00021504 ____A C:\Windows\jestertb.dll
    2012-06-08 21:43 - 2012-07-10 22:55 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 22:55 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-07 00:53 - 2012-06-07 00:53 - 00000000 ____A C:\Windows\SysWOW64\shoB6C2.tmp
    2012-06-05 22:06 - 2012-07-10 22:55 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 22:55 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 22:54 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 22:55 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 22:55 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 22:54 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-05 11:24 - 2012-06-05 11:24 - 00000000 ____A C:\Windows\SysWOW64\sho9A96.tmp
    2012-06-02 14:19 - 2012-06-18 18:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 18:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 18:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 18:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 18:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 18:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 18:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 10:46 - 2012-05-27 22:34 - 00000040 ___AH C:\Users\Ryuu\Desktop\x_acii_keys.xtr
    2012-06-02 04:49 - 2012-07-13 02:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-13 02:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-13 02:41 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-13 02:41 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-13 02:41 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-13 02:41 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-13 02:41 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-13 02:41 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-13 02:41 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-13 02:41 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-13 02:41 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-13 02:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-13 02:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-13 02:41 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-13 02:41 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-13 02:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-13 02:41 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-13 02:41 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-13 02:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-13 02:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-13 02:41 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-13 02:41 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-13 02:41 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-13 02:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-13 02:41 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-13 02:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-13 02:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-13 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 23:29 - 2012-06-01 23:29 - 00000000 ____A C:\Windows\SysWOW64\shoA952.tmp
    2012-06-01 23:19 - 2012-06-18 18:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:15 - 2012-06-18 18:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-10 22:54 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 22:54 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 22:54 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 22:54 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 22:54 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 22:54 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 22:54 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 22:54 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 22:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-30 20:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-30 10:16 - 2012-05-30 10:16 - 00000000 ____A C:\Windows\SysWOW64\shoEDD8.tmp
    2012-05-29 05:21 - 2012-04-03 03:42 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll
    2012-05-28 07:38 - 2011-12-13 18:44 - 00000632 _RASH C:\Users\Ryuu\ntuser.pol
    2012-05-27 10:48 - 2012-05-27 10:48 - 00000000 ____A C:\Windows\SysWOW64\shoE7B0.tmp
    2012-05-26 04:54 - 2012-05-26 04:54 - 00000000 ____A C:\Windows\SysWOW64\sho7087.tmp
    2012-05-25 11:23 - 2012-05-25 11:23 - 00000000 ____A C:\Windows\SysWOW64\shoA67C.tmp
    2012-05-24 23:01 - 2012-05-24 23:01 - 00001683 ____A C:\Users\Public\Desktop\Dragon Nest.lnk
    2012-05-19 23:06 - 2012-05-19 23:06 - 00000000 ____A C:\Windows\SysWOW64\sho3109.tmp
    2012-05-19 22:15 - 2012-05-19 22:15 - 00661600 ____A (Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem
    2012-05-17 20:33 - 2012-05-17 20:33 - 00000387 ___AH C:\IPH.PH
    2012-05-17 20:33 - 2012-05-17 20:33 - 00000335 ____A C:\Windows\nsreg.dat
    2012-05-17 02:32 - 2012-05-17 02:32 - 00001276 ____A C:\Users\Mike\Desktop\Graboid Video.lnk
    2012-05-17 02:32 - 2012-05-17 02:32 - 00001276 ____A C:\Users\Guest\Desktop\Graboid Video.lnk
    2012-05-15 02:48 - 2012-07-12 06:24 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2012-07-12 06:24 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-07-12 06:18 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-05-15 02:48 - 2012-07-12 06:18 - 00028992 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
    2012-05-15 02:48 - 2012-07-12 06:18 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 01:29 - 2012-07-12 06:25 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2012-07-12 06:25 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-05-15 01:29 - 2012-07-12 06:25 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-05-15 01:29 - 2012-07-12 06:25 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2012-07-12 06:25 - 00858944 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
    2012-05-15 01:29 - 2012-07-12 06:25 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2012-07-12 06:25 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:29 - 2012-07-12 06:25 - 00055616 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
    2012-05-15 01:28 - 2012-07-12 06:25 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 21:04 - 2012-05-14 21:04 - 00001317 ____A C:\Users\Mike\Desktop\Yinyuetai Downloader.lnk
    2012-05-14 21:04 - 2012-05-14 21:04 - 00001317 ____A C:\Users\Guest\Desktop\Yinyuetai Downloader.lnk
    2012-05-14 21:04 - 2012-05-14 21:04 - 00001245 ____A C:\Users\Mike\Desktop\Video Downloader.lnk
    2012-05-14 21:04 - 2012-05-14 21:04 - 00001245 ____A C:\Users\Guest\Desktop\Video Downloader.lnk
    2012-05-14 05:11 - 2012-05-14 05:11 - 00001975 ____A C:\Users\Mike\Desktop\GamezAion Launcher.lnk
    2012-05-14 05:11 - 2012-05-14 05:11 - 00001975 ____A C:\Users\Guest\Desktop\GamezAion Launcher.lnk
    2012-05-12 21:34 - 2011-12-13 18:48 - 00125968 ____A C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-12 08:49 - 2012-05-10 03:07 - 00000040 ___SH C:\Users\All Users\.zreglib
    2012-05-10 22:46 - 2012-05-10 22:46 - 00644400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
    2012-05-10 02:55 - 2012-05-10 02:55 - 00000000 ____A C:\Windows\SysWOW64\shoF70B.tmp
    2012-05-10 02:09 - 2011-12-06 02:53 - 00020242 ____A C:\Users\Ryuu\Documents\Uninstall Dragon Age 2.log
    2012-05-09 09:55 - 2012-05-09 09:51 - 00164626 ____A C:\Windows\hpoins27.dat
    2012-05-09 09:55 - 2012-05-09 09:51 - 00000812 ____A C:\Users\All Users\hpzinstall.log
    2012-05-09 09:55 - 2009-07-13 18:34 - 00000545 ____A C:\Windows\win.ini
    2012-05-09 00:06 - 2012-05-09 00:06 - 00000020 ____A C:\Windows\Øôà
    2012-05-06 23:45 - 2012-05-06 23:45 - 00000000 ____A C:\Windows\SysWOW64\shoA1CC.tmp
    2012-05-04 23:03 - 2012-05-04 23:03 - 00000000 ____A C:\Windows\SysWOW64\sho25DC.tmp
    2012-05-04 03:06 - 2012-06-14 00:57 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-07-07 05:02 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-14 00:57 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-14 00:57 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-07-07 05:02 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-05-03 23:04 - 2012-05-03 23:04 - 00421888 ____A (Gabest) C:\Windows\SysWOW64\RealMediaSplitter.ax
    2012-05-03 23:04 - 2012-05-03 23:04 - 00278528 ____A (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
    2012-05-03 23:04 - 2012-05-03 23:04 - 00181736 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

    ZeroAccess:
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\@
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L\00000004.@
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L\201d3dde
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@

    ZeroAccess:
    C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}
    C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\@
    C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L
    C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U
    C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L\00000004.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 8043.86 MB
    Available physical RAM: 7080.58 MB
    Total Pagefile: 8042.06 MB
    Available Pagefile: 7079.43 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: (Acer) (Fixed) (Total:223.45 GB) (Free:59.11 GB) NTFS
    2 Drive e: (DATA) (Fixed) (Total:224.21 GB) (Free:43.26 GB) NTFS
    3 Drive f: (PQSERVICE) (Fixed) (Total:18 GB) (Free:7.72 GB) NTFS
    5 Drive h: () (Removable) (Total:3.73 GB) (Free:1.1 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 3819 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 18 GB 1024 KB
    Partition 2 Primary 100 MB 18 GB
    Partition 3 Primary 223 GB 18 GB
    Partition 4 Primary 224 GB 241 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F PQSERVICE NTFS Partition 18 GB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Acer NTFS Partition 223 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E DATA NTFS Partition 224 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 3818 MB Healthy

    ==================================================================================

    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


    ==========================================================

    Last Boot: 2012-07-17 09:54

    ======================= End Of Log ==========================
  10. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    Search.txt

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 00:05:56
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  11. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

     
  12. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    Fix Log

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 10:59:04 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    aalobgfe service deleted successfully.
    C:\Windows\System32\services.exe.C93AB17FCC9803A1 moved successfully.
    C:\Windows\System32\Drivers\vpfwysoc.sys not found.
    C:\Windows\System32\services.exe.708E78416D21F6C8 moved successfully.
    C:\Windows\System32\services.exe.7CF3CBC5CBD25884 moved successfully.
    C:\Windows\System32\services.exe.B70D5861D85AD664 moved successfully.
    C:\Windows\System32\services.exe.705B55BB93B186F1 moved successfully.
    C:\Windows\System32\services.exe.B25ED5FF07112164 moved successfully.
    C:\Windows\System32\services.exe.ABD0E22A81008886 moved successfully.
    C:\Windows\System32\services.exe.04DD8A8E342C08BB moved successfully.
    C:\Windows\System32\services.exe.66F487C048984A95 moved successfully.
    C:\Windows\System32\services.exe.869D5BCC9E8E983A moved successfully.
    C:\Windows\System32\services.exe.38BB1D571143E4D0 moved successfully.
    C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641} moved successfully.
    C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    The operation completed successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  13. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    ComBo Fix Log

    ComboFix 12-07-29.02 - Ryuu 30/07/2012 11:12:09.1.8 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8044.6918 [GMT 8:00]
    Running from: c:\users\Ryuu\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\2
    c:\program files (x86)\2\0\1.cmd
    c:\program files\Web Assistant\ExTEnsion32.dll
    c:\programdata\1323230167.bdinstall.bin
    c:\programdata\1323233335.bdinstall.bin
    c:\programdata\Amazon.ico
    c:\programdata\MercadoLivre.ico
    c:\users\Ryuu\AppData\Local\Minibar
    c:\users\Ryuu\AppData\Local\Minibar\common.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome.manifest
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\content.xul
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\main.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
    c:\users\Ryuu\AppData\Local\Minibar\firefox\install.rdf
    c:\users\Ryuu\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll
    c:\users\Ryuu\AppData\Local\Minibar\firefox_installer.js
    c:\users\Ryuu\AppData\Local\Minibar\ie_installer.js
    c:\users\Ryuu\AppData\Local\Minibar\minibar.xpi
    c:\users\Ryuu\AppData\Local\Minibar\Uninstall.exe
    c:\users\Ryuu\AppData\Local\TempDIR
    c:\users\Ryuu\hosts
    c:\users\Ryuu\RelicCOH.exe
    c:\users\Ryuu\SpecOpsTheLine.exe
    c:\users\Ryuu\steam_api.dll
    c:\users\Ryuu\Steamclient.dll
    c:\windows\jestertb.dll
    c:\windows\RazorDOX
    c:\windows\RazorDOX\RazorDOX.dll
    c:\windows\RazorDOX\RazorDOX.ini
    c:\windows\SysWow64\DEBUG.log
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\themeui.dll.tmp
    c:\windows\SysWow64\uxtheme.dll.tmp
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    -------\Service_RelevantKnowledge
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 03:21 . 2012-07-30 03:21 -------- d-----w- c:\users\Mike\AppData\Local\temp
    2012-07-30 03:21 . 2012-07-30 03:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-07-30 03:21 . 2012-07-30 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-30 02:49 . 2012-07-30 02:49 328704 ----a-w- c:\windows\system32\services.exe.4D866F236C783CD8
    2012-07-29 06:01 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-29 04:36 . 2012-07-29 04:36 -------- d-----w- C:\FRST
    2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Malwarebytes
    2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-28 09:52 . 2012-07-29 06:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 09:34 . 2012-07-29 04:07 -------- d-----w- C:\d51ee645f6d2af991e9c9d0cf0e4
    2012-07-28 09:20 . 2012-07-29 04:07 -------- d-----w- C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
    2012-07-28 08:46 . 2012-07-28 08:46 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Systweak
    2012-07-28 08:45 . 2012-07-29 04:07 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
    2012-07-28 07:53 . 2012-07-15 18:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\mpengine.dll
    2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-27 05:10 . 2012-07-27 05:10 0 ----a-w- c:\windows\SysWow64\shoC467.tmp
    2012-07-25 15:28 . 2012-07-25 15:28 0 ----a-w- c:\windows\SysWow64\shoCA95.tmp
    2012-07-24 14:39 . 2012-07-24 14:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-24 14:39 . 2012-07-24 14:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Oracle
    2012-07-24 05:25 . 2012-07-05 14:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-23 09:16 . 2012-07-23 09:16 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
    2012-07-23 08:22 . 2012-07-23 08:22 -------- d-----w- c:\users\Ryuu\AppData\Roaming\FALCOM
    2012-07-23 07:53 . 2012-07-23 07:53 -------- d-----w- c:\programdata\RELOADED
    2012-07-23 07:50 . 2012-07-23 07:53 -------- d-----w- c:\program files (x86)\Ys Origin
    2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Mike\AppData\Local\Activision
    2012-07-21 09:21 . 2012-07-21 09:21 -------- d-----w- c:\users\Ryuu\AppData\Local\Activision
    2012-07-21 07:11 . 2012-07-21 07:11 -------- d-----w- c:\program files (x86)\Activision
    2012-07-20 12:03 . 2012-07-20 12:03 -------- d-----w- c:\users\Mike\AppData\Local\Wondershare
    2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\OApps
    2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\TorrentSearch
    2012-07-20 09:55 . 2012-07-29 04:22 -------- d-----w- c:\program files (x86)\smartdl
    2012-07-20 09:43 . 2012-07-20 09:43 -------- d-----w- c:\program files (x86)\Alcohol Soft
    2012-07-20 09:37 . 2012-07-20 09:37 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-07-20 07:59 . 2009-07-13 19:25 -------- d-----w- c:\users\Ryuu\validators
    2012-07-20 07:04 . 2012-07-20 07:04 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
    2012-07-19 11:37 . 2012-07-19 11:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-18 09:50 . 2012-07-18 09:50 -------- d-sh--w- c:\windows\ftpcache
    2012-07-18 09:47 . 2012-07-18 09:47 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Spec Ops The Line
    2012-07-18 09:19 . 2012-07-18 09:19 -------- d-----w- c:\program files (x86)\R.G. Mechanics
    2012-07-16 13:27 . 2012-07-16 13:27 0 ----a-w- c:\windows\SysWow64\sho29FA.tmp
    2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
    2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Local\Wondershare
    2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
    2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
    2012-07-14 13:11 . 2012-07-14 16:47 -------- d-----w- c:\users\Mike\AppData\Roaming\NVIDIA
    2012-07-14 05:27 . 2012-07-15 08:35 -------- d-----w- c:\program files (x86)\JoWooD Entertainment AG
    2012-07-13 15:42 . 2012-07-13 15:42 -------- d--h--r- c:\users\Ryuu\AppData\Roaming\SecuROM
    2012-07-13 11:16 . 2012-07-13 11:16 0 ----a-w- c:\windows\SysWow64\sho933A.tmp
    2012-07-13 10:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-13 10:40 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-07-13 10:40 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\SysWow64\NV
    2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\system32\NV
    2012-07-12 14:25 . 2012-07-13 10:35 -------- d-----w- c:\programdata\NVIDIA
    2012-07-12 14:25 . 2012-07-29 04:22 -------- d-----w- c:\users\UpdatusUser
    2012-07-12 14:25 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-07-12 14:25 . 2012-05-15 09:29 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
    2012-07-12 14:25 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-07-12 14:25 . 2012-05-15 09:29 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2012-07-12 14:25 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-07-12 14:25 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-07-12 14:25 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-07-12 14:25 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-07-12 14:25 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-07-12 14:24 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-07-12 14:24 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-07-12 14:24 . 2012-07-12 14:24 -------- d-----w- c:\programdata\NVIDIA Corporation
    2012-07-11 06:55 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 06:55 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 06:55 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 06:55 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 06:55 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 06:55 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-11 06:55 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-07 13:34 . 2010-04-03 03:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
    2012-07-07 13:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-07 13:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-07 12:47 . 2012-07-07 12:47 -------- d-----w- c:\program files (x86)\THQ
    2012-07-06 16:38 . 2012-07-06 16:38 -------- d-----w- c:\users\Mike\AppData\Local\Diagnostics
    2012-07-04 09:12 . 2012-07-04 09:12 0 ----a-w- c:\windows\SysWow64\sho456C.tmp
    2012-06-30 12:04 . 2012-06-30 12:04 0 ----a-w- c:\windows\SysWow64\sho7BBD.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-13 10:41 . 2011-12-05 17:54 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-12 11:00 . 2012-04-19 12:00 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-08 06:09 . 2012-06-29 06:37 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-08 06:09 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-05 14:06 . 2011-11-09 06:37 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-03 11:30 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-29 05:54 . 2011-12-06 10:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-06-27 09:03 . 2012-06-27 09:03 0 ----a-w- c:\windows\SysWow64\shoC66B.tmp
    2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
    2012-06-21 08:29 . 2012-06-21 08:29 0 ----a-w- c:\windows\SysWow64\sho5254.tmp
    2012-06-20 14:00 . 2012-06-20 14:00 0 ----a-w- c:\windows\SysWow64\sho6748.tmp
    2012-06-20 02:11 . 2012-06-20 02:12 268720 ----a-w- c:\windows\system32\javaws.exe
    2012-06-20 02:11 . 2012-06-20 02:12 189360 ----a-w- c:\windows\system32\javaw.exe
    2012-06-20 02:11 . 2012-06-20 02:12 188840 ----a-w- c:\windows\system32\java.exe
    2012-06-20 02:11 . 2012-06-20 02:12 839096 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-20 02:11 . 2012-06-20 02:12 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-16 03:25 . 2012-06-16 03:25 0 ----a-w- c:\windows\SysWow64\sho5BF6.tmp
    2012-06-16 01:04 . 2012-06-16 01:04 0 ----a-w- c:\windows\SysWow64\sho40F7.tmp
    2012-06-12 18:22 . 2012-06-12 18:22 0 ----a-w- c:\windows\SysWow64\sho4E24.tmp
    2012-06-11 18:52 . 2012-06-11 18:52 0 ----a-w- c:\windows\SysWow64\sho21D3.tmp
    2012-06-07 08:53 . 2012-06-07 08:53 0 ----a-w- c:\windows\SysWow64\shoB6C2.tmp
    2012-06-05 19:24 . 2012-06-05 19:24 0 ----a-w- c:\windows\SysWow64\sho9A96.tmp
    2012-06-02 22:19 . 2012-06-19 02:53 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 02:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 02:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 02:53 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 02:53 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 02:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 02:53 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 07:29 . 2012-06-02 07:29 0 ----a-w- c:\windows\SysWow64\shoA952.tmp
    2012-06-02 07:19 . 2012-06-19 02:53 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 07:15 . 2012-06-19 02:53 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-30 18:16 . 2012-05-30 18:16 0 ----a-w- c:\windows\SysWow64\shoEDD8.tmp
    2012-05-27 18:48 . 2012-05-27 18:48 0 ----a-w- c:\windows\SysWow64\shoE7B0.tmp
    2012-05-26 12:54 . 2012-05-26 12:54 0 ----a-w- c:\windows\SysWow64\sho7087.tmp
    2012-05-25 19:23 . 2012-05-25 19:23 0 ----a-w- c:\windows\SysWow64\shoA67C.tmp
    2012-05-20 07:06 . 2012-05-20 07:06 0 ----a-w- c:\windows\SysWow64\sho3109.tmp
    2012-05-20 06:15 . 2012-05-20 06:15 661600 ----a-w- c:\windows\SysWow64\xsherlock.xem
    2012-05-11 06:46 . 2012-05-11 06:46 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx
    2012-05-10 10:55 . 2012-05-10 10:55 0 ----a-w- c:\windows\SysWow64\shoF70B.tmp
    2012-05-07 07:45 . 2012-05-07 07:45 0 ----a-w- c:\windows\SysWow64\shoA1CC.tmp
    2012-05-05 07:03 . 2012-05-05 07:03 0 ----a-w- c:\windows\SysWow64\sho25DC.tmp
    2012-05-04 11:06 . 2012-06-14 08:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 08:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 08:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-04 07:04 . 2012-05-04 07:04 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
    2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
    2012-05-01 05:40 . 2012-06-14 08:57 209920 ----a-w- c:\windows\system32\profsvc.dll
    2010-01-26 03:11 . 2012-06-20 15:40 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0931BD3F-547E-45C1-B133-D0E995645DBA}]
    2012-07-13 17:44 92160 ----a-w- c:\program files (x86)\OApps\bho_project.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{adca5064-9e30-43fe-9856-58b07a3149fe}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\FreeMake\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2012-04-24 06:24 1310000 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6B896ADB-4A82-46e2-858C-13134782CE34}"= "c:\program files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll" [2009-12-15 413696]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
    "{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{6b896adb-4a82-46e2-858c-13134782ce34}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{D4FB30ED-7DDB-4e2c-A7F2-C7B905D5D771}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-01 3417496]
    .
    c:\users\Ryuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Facebook Messenger.lnk - c:\users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-20 834544]
    R1 wxutdbmc;wxutdbmc;c:\windows\system32\drivers\wxutdbmc.sys [x]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
    R2 MSSQL$DRAGONICA;SQL Server (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
    R3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
    R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]
    R3 dump_wmimmc;dump_wmimmc; [x]
    R3 EagleX64;EagleX64; [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys [2011-08-01 513824]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
    R3 wolf;wolf; [x]
    R3 X6va005;X6va005; [x]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 250056]
    R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
    R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
    R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
    R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
    R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
    R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
    R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
    R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R4 SQLAgent$DRAGONICA;SQL Server Agent (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
    R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-12-03 265928]
    R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-01 272448]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-01-21 67624]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-01-21 19496]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [2011-05-16 51240]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 14:39]
    .
    2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
    - c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
    .
    2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
    - c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
    .
    2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005Core.job
    - c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
    .
    2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005UA.job
    - c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
    .
    2012-07-29 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-11-22 07:24]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
    - c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
    - c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
    2012-05-24 07:23 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF22011.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "combofix"="c:\combofix\CF22011.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=0a9026c700000000000002004c4f4f50
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={BF131707-A10F-11E1-9CB4-B870F4AA8650}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = proxy.trueinternet.co.th:8080
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
    IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
    IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Download with Xilisoft Online Video Downloader - c:\program files (x86)\Xilisoft\Online Video Downloader\upod_link.HTM
    IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
    LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    TCP: DhcpNameServer = 192.168.1.254
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
    FF - ProfilePath - c:\users\Ryuu\AppData\Roaming\Mozilla\Firefox\Profiles\8ztbwxdo.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - about:home
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extentions.y2layers.installId - 17eb04dd-eb6e-43d4-b51e-557eefece8b2
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.BabylonToolbar_i.hardId - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15489
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:27
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQAB82eZf&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.incredibar_i.instlDay - 15507
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:34
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQAB82eZf
    FF - user.js: extensions.incredibar_i.upn2n - 92543067446074589
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 36
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{ADCA5064-9E30-43FE-9856-58B07A3149FE} - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?áÍ"=hex:1b,9b,39,f0,14,f1,ff,ff,fa,4f,cf,e4,60,03,0a,d7,ae,03,45,85,4b,fd,55,
    e9,82,03,7a,92,e3,c3,a8,0e,ec,b0,a8,c2,22,d4,df,0d,41,45,94,3a,a2,31,c7,28,\
    "·³²»"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):a9,69,f1,57,a1,be,2b,db,20,3c,1a,3b,ff,4e,f5,81,cd,ac,e7,b3,de,
    99,7a,b4,dd,8d,bf,72,6e,01,ba,d0,91,65,bb,00,21,ba,bb,12,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):80,39,9c,5c,b0,39,0d,c8,eb,5c,b0,92,7e,ad,fc,fa,31,b1,25,c7,c9,
    8b,82,3a,b9,8e,62,13,c4,f8,d5,40,4e,5e,00,05,20,ef,eb,f8,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{dfdd4cb2-21b3-4558-94e5-942b7730ddd3}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000153
    "Therad"=dword:0000001d
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{ee3e00c3-d68e-4e3c-bb70-97d257f91d6d}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000028
    "Therad"=dword:00000015
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-30 11:31:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 03:31
    .
    Pre-Run: 62,927,572,992 bytes free
    Post-Run: 62,688,063,488 bytes free
    .
    - - End Of File - - F36F00D7193B3BB5731689CCC6B0FA3A
  14. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Uninstall Advanced System Optimizer 3.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =============================================

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\services.exe.4D866F236C783CD8
    c:\windows\system32\drivers\wxutdbmc.sys
    
    DDS::
    uInternet Settings,ProxyServer = proxy.trueinternet.co.th:8080
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    
    Driver::
    wxutdbmc
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  15. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    Combofix.txt

    ComboFix 12-07-29.02 - Ryuu 30/07/2012 14:20:55.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8044.6027 [GMT 8:00]
    Running from: c:\users\Ryuu\Desktop\ComboFix.exe
    Command switches used :: c:\users\Ryuu\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\wxutdbmc.sys"
    "c:\windows\system32\services.exe.4D866F236C783CD8"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\services.exe.4D866F236C783CD8
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_wxutdbmc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 06:28 . 2012-07-30 06:28 -------- d-----w- c:\users\Mike\AppData\Local\temp
    2012-07-30 06:28 . 2012-07-30 06:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-07-30 06:28 . 2012-07-30 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-29 06:01 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-29 04:36 . 2012-07-29 04:36 -------- d-----w- C:\FRST
    2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Malwarebytes
    2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-28 09:52 . 2012-07-29 06:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 09:34 . 2012-07-29 04:07 -------- d-----w- C:\d51ee645f6d2af991e9c9d0cf0e4
    2012-07-28 09:20 . 2012-07-29 04:07 -------- d-----w- C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
    2012-07-28 08:46 . 2012-07-28 08:46 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Systweak
    2012-07-28 07:53 . 2012-07-15 18:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\mpengine.dll
    2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-27 05:10 . 2012-07-27 05:10 0 ----a-w- c:\windows\SysWow64\shoC467.tmp
    2012-07-25 15:28 . 2012-07-25 15:28 0 ----a-w- c:\windows\SysWow64\shoCA95.tmp
    2012-07-24 14:39 . 2012-07-24 14:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-24 14:39 . 2012-07-24 14:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Oracle
    2012-07-24 05:25 . 2012-07-05 14:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-23 09:16 . 2012-07-23 09:16 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
    2012-07-23 08:22 . 2012-07-23 08:22 -------- d-----w- c:\users\Ryuu\AppData\Roaming\FALCOM
    2012-07-23 07:53 . 2012-07-23 07:53 -------- d-----w- c:\programdata\RELOADED
    2012-07-23 07:50 . 2012-07-23 07:53 -------- d-----w- c:\program files (x86)\Ys Origin
    2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Mike\AppData\Local\Activision
    2012-07-21 09:21 . 2012-07-21 09:21 -------- d-----w- c:\users\Ryuu\AppData\Local\Activision
    2012-07-21 07:11 . 2012-07-21 07:11 -------- d-----w- c:\program files (x86)\Activision
    2012-07-20 12:03 . 2012-07-20 12:03 -------- d-----w- c:\users\Mike\AppData\Local\Wondershare
    2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\OApps
    2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\TorrentSearch
    2012-07-20 09:55 . 2012-07-29 04:22 -------- d-----w- c:\program files (x86)\smartdl
    2012-07-20 09:43 . 2012-07-20 09:43 -------- d-----w- c:\program files (x86)\Alcohol Soft
    2012-07-20 09:37 . 2012-07-20 09:37 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-07-20 07:59 . 2009-07-13 19:25 -------- d-----w- c:\users\Ryuu\validators
    2012-07-20 07:04 . 2012-07-20 07:04 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
    2012-07-19 11:37 . 2012-07-19 11:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-18 09:50 . 2012-07-18 09:50 -------- d-sh--w- c:\windows\ftpcache
    2012-07-18 09:47 . 2012-07-18 09:47 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Spec Ops The Line
    2012-07-18 09:19 . 2012-07-18 09:19 -------- d-----w- c:\program files (x86)\R.G. Mechanics
    2012-07-16 13:27 . 2012-07-16 13:27 0 ----a-w- c:\windows\SysWow64\sho29FA.tmp
    2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
    2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Local\Wondershare
    2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
    2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
    2012-07-14 13:11 . 2012-07-14 16:47 -------- d-----w- c:\users\Mike\AppData\Roaming\NVIDIA
    2012-07-14 05:27 . 2012-07-15 08:35 -------- d-----w- c:\program files (x86)\JoWooD Entertainment AG
    2012-07-13 15:42 . 2012-07-13 15:42 -------- d--h--r- c:\users\Ryuu\AppData\Roaming\SecuROM
    2012-07-13 11:16 . 2012-07-13 11:16 0 ----a-w- c:\windows\SysWow64\sho933A.tmp
    2012-07-13 10:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-13 10:40 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-07-13 10:40 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\SysWow64\NV
    2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\system32\NV
    2012-07-12 14:25 . 2012-07-13 10:35 -------- d-----w- c:\programdata\NVIDIA
    2012-07-12 14:25 . 2012-07-29 04:22 -------- d-----w- c:\users\UpdatusUser
    2012-07-12 14:25 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-07-12 14:25 . 2012-05-15 09:29 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
    2012-07-12 14:25 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-07-12 14:25 . 2012-05-15 09:29 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2012-07-12 14:25 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-07-12 14:25 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-07-12 14:25 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-07-12 14:25 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-07-12 14:25 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-07-12 14:24 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-07-12 14:24 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-07-12 14:24 . 2012-07-12 14:24 -------- d-----w- c:\programdata\NVIDIA Corporation
    2012-07-11 06:55 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 06:55 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 06:55 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 06:55 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 06:55 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 06:55 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-11 06:55 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-07 13:34 . 2010-04-03 03:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
    2012-07-07 13:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-07 13:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-07 12:47 . 2012-07-07 12:47 -------- d-----w- c:\program files (x86)\THQ
    2012-07-06 16:38 . 2012-07-06 16:38 -------- d-----w- c:\users\Mike\AppData\Local\Diagnostics
    2012-07-04 09:12 . 2012-07-04 09:12 0 ----a-w- c:\windows\SysWow64\sho456C.tmp
    2012-06-30 12:04 . 2012-06-30 12:04 0 ----a-w- c:\windows\SysWow64\sho7BBD.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-13 10:41 . 2011-12-05 17:54 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-12 11:00 . 2012-04-19 12:00 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-08 06:09 . 2012-06-29 06:37 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-08 06:09 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-05 14:06 . 2011-11-09 06:37 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-03 11:30 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-29 05:54 . 2011-12-06 10:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-06-27 09:03 . 2012-06-27 09:03 0 ----a-w- c:\windows\SysWow64\shoC66B.tmp
    2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
    2012-06-21 08:29 . 2012-06-21 08:29 0 ----a-w- c:\windows\SysWow64\sho5254.tmp
    2012-06-20 14:00 . 2012-06-20 14:00 0 ----a-w- c:\windows\SysWow64\sho6748.tmp
    2012-06-20 02:11 . 2012-06-20 02:12 268720 ----a-w- c:\windows\system32\javaws.exe
    2012-06-20 02:11 . 2012-06-20 02:12 189360 ----a-w- c:\windows\system32\javaw.exe
    2012-06-20 02:11 . 2012-06-20 02:12 188840 ----a-w- c:\windows\system32\java.exe
    2012-06-20 02:11 . 2012-06-20 02:12 839096 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-20 02:11 . 2012-06-20 02:12 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-16 03:25 . 2012-06-16 03:25 0 ----a-w- c:\windows\SysWow64\sho5BF6.tmp
    2012-06-16 01:04 . 2012-06-16 01:04 0 ----a-w- c:\windows\SysWow64\sho40F7.tmp
    2012-06-12 18:22 . 2012-06-12 18:22 0 ----a-w- c:\windows\SysWow64\sho4E24.tmp
    2012-06-11 18:52 . 2012-06-11 18:52 0 ----a-w- c:\windows\SysWow64\sho21D3.tmp
    2012-06-07 08:53 . 2012-06-07 08:53 0 ----a-w- c:\windows\SysWow64\shoB6C2.tmp
    2012-06-05 19:24 . 2012-06-05 19:24 0 ----a-w- c:\windows\SysWow64\sho9A96.tmp
    2012-06-02 22:19 . 2012-06-19 02:53 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 02:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 02:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 02:53 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 02:53 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 02:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 02:53 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 07:29 . 2012-06-02 07:29 0 ----a-w- c:\windows\SysWow64\shoA952.tmp
    2012-06-02 07:19 . 2012-06-19 02:53 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 07:15 . 2012-06-19 02:53 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-30 18:16 . 2012-05-30 18:16 0 ----a-w- c:\windows\SysWow64\shoEDD8.tmp
    2012-05-27 18:48 . 2012-05-27 18:48 0 ----a-w- c:\windows\SysWow64\shoE7B0.tmp
    2012-05-26 12:54 . 2012-05-26 12:54 0 ----a-w- c:\windows\SysWow64\sho7087.tmp
    2012-05-25 19:23 . 2012-05-25 19:23 0 ----a-w- c:\windows\SysWow64\shoA67C.tmp
    2012-05-20 07:06 . 2012-05-20 07:06 0 ----a-w- c:\windows\SysWow64\sho3109.tmp
    2012-05-20 06:15 . 2012-05-20 06:15 661600 ----a-w- c:\windows\SysWow64\xsherlock.xem
    2012-05-11 06:46 . 2012-05-11 06:46 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx
    2012-05-10 10:55 . 2012-05-10 10:55 0 ----a-w- c:\windows\SysWow64\shoF70B.tmp
    2012-05-07 07:45 . 2012-05-07 07:45 0 ----a-w- c:\windows\SysWow64\shoA1CC.tmp
    2012-05-05 07:03 . 2012-05-05 07:03 0 ----a-w- c:\windows\SysWow64\sho25DC.tmp
    2012-05-04 11:06 . 2012-06-14 08:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 08:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 08:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-04 07:04 . 2012-05-04 07:04 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
    2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
    2010-01-26 03:11 . 2012-06-20 15:40 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-30_03.24.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-07-30 03:52 93168 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-30 06:32 38416 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-11-08 08:54 . 2012-07-30 06:32 21222 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3545194168-222157450-2924182206-1001_UserData.bin
    - 2012-07-30 03:23 . 2012-07-30 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-30 06:30 . 2012-07-30 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-30 06:30 . 2012-07-30 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-30 03:23 . 2012-07-30 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-07-30 05:23 733752 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-30 05:23 152108 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-07-30 06:29 422092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-28 09:10 422092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0931BD3F-547E-45C1-B133-D0E995645DBA}]
    2012-07-13 17:44 92160 ----a-w- c:\program files (x86)\OApps\bho_project.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{adca5064-9e30-43fe-9856-58b07a3149fe}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\FreeMake\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2012-04-24 06:24 1310000 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6B896ADB-4A82-46e2-858C-13134782CE34}"= "c:\program files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll" [2009-12-15 413696]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
    "{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{6b896adb-4a82-46e2-858c-13134782ce34}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{D4FB30ED-7DDB-4e2c-A7F2-C7B905D5D771}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-01 3417496]
    .
    c:\users\Ryuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Facebook Messenger.lnk - c:\users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
    R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]
    R3 dump_wmimmc;dump_wmimmc; [x]
    R3 EagleX64;EagleX64; [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys [2011-08-01 513824]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
    R3 wolf;wolf; [x]
    R3 X6va005;X6va005; [x]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 250056]
    R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
    R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
    R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
    R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
    R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
    R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
    R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
    R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R4 SQLAgent$DRAGONICA;SQL Server Agent (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
    R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-12-03 265928]
    R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-20 834544]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-01 272448]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
    S2 MSSQL$DRAGONICA;SQL Server (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-01-21 67624]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-01-21 19496]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [2011-05-16 51240]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 14:39]
    .
    2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
    - c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
    .
    2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
    - c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
    .
    2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005Core.job
    - c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
    .
    2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005UA.job
    - c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
    .
    2012-07-30 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-11-22 07:24]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
    - c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
    - c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF26801.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=0a9026c700000000000002004c4f4f50
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={BF131707-A10F-11E1-9CB4-B870F4AA8650}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
    IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
    IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Download with Xilisoft Online Video Downloader - c:\program files (x86)\Xilisoft\Online Video Downloader\upod_link.HTM
    IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
    LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    TCP: DhcpNameServer = 192.168.1.254
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
    FF - ProfilePath - c:\users\Ryuu\AppData\Roaming\Mozilla\Firefox\Profiles\8ztbwxdo.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - about:home
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extentions.y2layers.installId - 17eb04dd-eb6e-43d4-b51e-557eefece8b2
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.BabylonToolbar_i.hardId - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15489
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:27
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQAB82eZf&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 0a9026c700000000000002004c4f4f50
    FF - user.js: extensions.incredibar_i.instlDay - 15507
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:34
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQAB82eZf
    FF - user.js: extensions.incredibar_i.upn2n - 92543067446074589
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 36
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{ADCA5064-9E30-43FE-9856-58B07A3149FE} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?áÍ"=hex:1b,9b,39,f0,14,f1,ff,ff,fa,4f,cf,e4,60,03,0a,d7,ae,03,45,85,4b,fd,55,
    e9,82,03,7a,92,e3,c3,a8,0e,ec,b0,a8,c2,22,d4,df,0d,41,45,94,3a,a2,31,c7,28,\
    "·³²»"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):a9,69,f1,57,a1,be,2b,db,20,3c,1a,3b,ff,4e,f5,81,cd,ac,e7,b3,de,
    99,7a,b4,dd,8d,bf,72,6e,01,ba,d0,91,65,bb,00,21,ba,bb,12,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):80,39,9c,5c,b0,39,0d,c8,eb,5c,b0,92,7e,ad,fc,fa,31,b1,25,c7,c9,
    8b,82,3a,b9,8e,62,13,c4,f8,d5,40,4e,5e,00,05,20,ef,eb,f8,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{dfdd4cb2-21b3-4558-94e5-942b7730ddd3}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000153
    "Therad"=dword:0000001d
    .
    [HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{ee3e00c3-d68e-4e3c-bb70-97d257f91d6d}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000028
    "Therad"=dword:00000015
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-30 14:38:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 06:38
    ComboFix2.txt 2012-07-30 03:31
    .
    Pre-Run: 61,358,522,368 bytes free
    Post-Run: 61,938,155,520 bytes free
    .
    - - End Of File - - B423B905E6D7909711BF4FE0CD2EE366
  16. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Looks good :)

    Any current issues?

    ======================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    Malware Byte

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ryuu :: RYUU-PC [administrator]

    31/7/2012 11:31:05 AM
    mbam-log-2012-07-31 (11-31-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 266931
    Time elapsed: 4 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  18. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    Hi, when using the OTL to scan.. and it scan normally until it start to scan the firefox setting, then the program starts to not respond.. I waited long already.. still not responding..
  19. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Run it from safe mode.
  20. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    I have tried on safe mode too.. doesnt work..
  21. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    What happens?
  22. shadowmen124

    shadowmen124 Newcomer, in training Topic Starter

    It just freezes there and nothing happen.. I did close my firefox browser, checked that the firefox isnt running in my task manager..
  23. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Still with me?
  25. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.