Inactive [A] Window has encountered a critical problem and will restart automatically in one minute

Status
Not open for further replies.
shadowmen124

shadowmen124

Posts: 15   +0
Hi, I think its a virus, because my microsoft security essential keeps on detecting the sirefef virus and whenever I remove it, it will still appear and will show the message "Window has encountered a critical problem and will restart automatically in one minute" I have done the farbar recovery scan. I will attach the log file. And I have also done scanning using MalwareBytes I will attach the log file too. I have tried system restore point.. It still doesnt work, it can only work when I go into safe mode in my laptop. And also I have attach my computer's specs log too. Hope to get your reply soon. Thanks!
 

Attachments

  • FRST.txt
    70.6 KB · Views: 2
  • mbam-log-2012-07-28 (18-04-33).txt
    12 KB · Views: 1
  • Computer Specs.txt
    887 bytes · Views: 2
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Please read forum rules: https://www.techspot.com/community/topics/read-this-or-you-might-not-get-help.182638/
 
Hi again, here is the log for malware Bytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Ryuu :: RYUU-PC [administrator]

29/7/2012 2:22:19 PM
mbam-log-2012-07-29 (14-22-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262159
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\Typelib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I WANT THIS (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Users\Ryuu\AppData\Roaming\apntsb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Administrator\Desktop\GX_HP_AP_TRAINER_V1.2.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Ryuu\AppData\Roaming\SkyrimLauncher.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Ryuu\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

(end)

The Gmer log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-29 15:14:13
Windows 6.1.7601 Service Pack 1
Running: mst6egvp.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9f8c9ac
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x42 0x29 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1F 0x43 0x8A 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE3 0x76 0xDA 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE6 0x16 0x15 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x06 0xB0 0x73 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x3F 0x2F 0x08 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x3F 0x2F 0x08 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xA8 0x4D 0xEB 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9f8c9ac (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x42 0x29 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1F 0x43 0x8A 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE3 0x76 0xDA 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE6 0x16 0x15 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x06 0xB0 0x73 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x3F 0x2F 0x08 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x3F 0x2F 0x08 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xA8 0x4D 0xEB 0x8F ...

---- EOF - GMER 1.0.15 ----

The DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Ryuu at 15:21:03 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8044.6929 [GMT 8:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=0a9026c700000000000002004c4f4f50
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={BF131707-A10F-11E1-9CB4-B870F4AA8650}
uInternet Settings,ProxyServer = proxy.trueinternet.co.th:8080
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: UsProvider Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - C:\Program Files (x86)\Minibar\Minibar.dll
uURLSearchHooks: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
mURLSearchHooks: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: VideoFileDownload: {0931bd3f-547e-45c1-b133-d0e995645dba} - C:\Program Files (x86)\OApps\bho_project.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Minibar.dll
BHO: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Show Xmlbar Toolbar: {6b896adb-4a82-46e2-858c-13134782ce34} - C:\Program Files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
TB: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Ryuu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Download with Xilisoft Online Video Downloader - C:\Program Files (x86)\Xilisoft\Online Video Downloader\upod_link.HTM
IE: Download with Xilisoft YouTube Video Converter - C:\Program Files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll
LSP: mswsock.dll
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{85E57DC0-DA1F-48FF-A109-B0B9AAE0727E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{85E57DC0-DA1F-48FF-A109-B0B9AAE0727E}\25975757 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{85E57DC0-DA1F-48FF-A109-B0B9AAE0727E}\3594E4744554C4D233638373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F16D49FC-A893-4B5D-AA61-4E03F53C5BB1} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: VideoFileDownload: {0931BD3F-547E-45C1-B133-D0E995645DBA} - C:\Program Files (x86)\OApps\bho_project.dll
BHO-X64: BHO_PROJECT - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll
BHO-X64: MinibarBHO - No File
BHO-X64: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
BHO-X64: FreeMake - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Show Xmlbar Toolbar: {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll
TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
TB-X64: FreeMake Toolbar: {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files (x86)\FreeMake\prxtbFree.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
IE-X64: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryuu\AppData\Roaming\Mozilla\Firefox\Profiles\8ztbwxdo.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Ryuu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ryuu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extentions.y2layers.installId - 17eb04dd-eb6e-43d4-b51e-557eefece8b2
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15489
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:27:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQAB82eZf&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:34:02
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQAB82eZf
FF - user.js: extensions.incredibar_i.upn2n - 92543067446074589
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 36
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\drivers\b57xdbd.sys --> C:\Windows\system32\drivers\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\drivers\b57xdmp.sys --> C:\Windows\system32\drivers\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\drivers\bScsiMSa.sys --> C:\Windows\system32\drivers\bScsiMSa.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S2 MSSQL$DRAGONICA;SQL Server (DRAGONICA);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe [2011-6-17 43040096]
S2 RelevantKnowledge;RelevantKnowledge; [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-6-26 23816]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SRS_AE_Service;SRS Audio Essentials;C:\Windows\system32\drivers\SRS_AE_amd64.sys --> C:\Windows\system32\drivers\SRS_AE_amd64.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-5-20 661600]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-24 250056]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-3-20 490840]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-21 353360]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-11-8 872552]
S4 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-18 29696]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-21 13592]
S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-21 244624]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-12 1262400]
S4 SQLAgent$DRAGONICA;SQL Server Agent (DRAGONICA);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 370016]
S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-8 2656280]
S4 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S4 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-6-16 185856]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-29 06:31:09 328704 ----a-w- C:\Windows\System32\services.exe.B25ED5FF07112164
2012-07-29 06:30:13 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\offreg.dll
2012-07-29 06:16:20 328704 ----a-w- C:\Windows\System32\services.exe.ABD0E22A81008886
2012-07-29 06:10:41 328704 ----a-w- C:\Windows\System32\services.exe.04DD8A8E342C08BB
2012-07-29 06:01:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 05:54:03 328704 ----a-w- C:\Windows\System32\services.exe.66F487C048984A95
2012-07-29 04:36:07 -------- d-----w- C:\FRST
2012-07-28 23:29:47 328704 ----a-w- C:\Windows\System32\services.exe.869D5BCC9E8E983A
2012-07-28 12:28:58 328704 ----a-w- C:\Windows\System32\services.exe.38BB1D571143E4D0
2012-07-28 09:52:23 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Malwarebytes
2012-07-28 09:52:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-28 09:52:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 09:34:39 -------- d-----w- C:\d51ee645f6d2af991e9c9d0cf0e4
2012-07-28 09:20:37 -------- d-----w- C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
2012-07-28 08:46:26 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Systweak
2012-07-28 08:45:09 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
2012-07-28 07:53:33 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\mpengine.dll
2012-07-28 07:51:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-28 07:51:41 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-27 05:10:12 0 ----a-w- C:\Windows\SysWow64\shoC467.tmp
2012-07-25 15:28:19 0 ----a-w- C:\Windows\SysWow64\shoCA95.tmp
2012-07-24 14:39:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 14:39:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-24 05:26:00 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-24 05:25:37 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-23 09:16:33 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
2012-07-23 08:22:36 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\FALCOM
2012-07-23 07:53:26 -------- d-----w- C:\ProgramData\RELOADED
2012-07-23 07:50:03 -------- d-----w- C:\Program Files (x86)\Ys Origin
2012-07-21 09:21:26 -------- d-----w- C:\Users\Ryuu\AppData\Local\Activision
2012-07-21 07:11:23 -------- d-----w- C:\Program Files (x86)\Activision
2012-07-20 09:55:10 -------- d-----w- C:\Program Files (x86)\OApps
2012-07-20 09:55:09 -------- d-----w- C:\Program Files (x86)\TorrentSearch
2012-07-20 09:55:02 -------- d-----w- C:\Program Files (x86)\smartdl
2012-07-20 09:43:00 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2012-07-20 09:37:48 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-07-20 07:59:11 9267008 ----a-w- C:\Users\Ryuu\RelicCOH.exe
2012-07-20 07:59:11 -------- d-----w- C:\Users\Ryuu\validators
2012-07-19 11:37:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-18 09:52:28 359424 ----a-w- C:\Users\Ryuu\Steamclient.dll
2012-07-18 09:52:28 18679808 ----a-w- C:\Users\Ryuu\SpecOpsTheLine.exe
2012-07-18 09:52:27 124296 ----a-w- C:\Users\Ryuu\steam_api.dll
2012-07-18 09:50:08 -------- d-sh--w- C:\Windows\ftpcache
2012-07-18 09:47:12 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Spec Ops The Line
2012-07-18 09:19:09 -------- d-----w- C:\Program Files (x86)\R.G. Mechanics
2012-07-16 13:27:08 0 ----a-w- C:\Windows\SysWow64\sho29FA.tmp
2012-07-16 10:39:28 -------- d-----w- C:\Users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
2012-07-16 10:39:23 -------- d-----w- C:\Users\Ryuu\AppData\Local\Wondershare
2012-07-16 10:39:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2012-07-16 01:03:42 184891 ----a-w- C:\torrent.exe
2012-07-14 05:27:01 -------- d-----w- C:\Program Files (x86)\JoWooD Entertainment AG
2012-07-13 11:16:49 0 ----a-w- C:\Windows\SysWow64\sho933A.tmp
2012-07-13 10:47:12 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 10:35:24 -------- d-----w- C:\Windows\SysWow64\NV
2012-07-13 10:35:24 -------- d-----w- C:\Windows\System32\NV
2012-07-12 14:25:07 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-07-12 14:25:07 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-07-12 14:25:07 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-07-12 14:25:07 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-12 14:25:07 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-07-12 14:25:07 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-07-12 14:25:07 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-07-12 14:25:07 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-07-12 14:25:07 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-07-12 14:24:46 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-12 14:24:46 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-12 14:24:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-07-11 06:55:03 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 06:55:03 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 06:55:03 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 06:55:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 06:55:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 06:55:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-07 13:34:46 73568 ----a-w- C:\Windows\SysWow64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
2012-07-07 13:02:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-07 13:02:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-07 12:47:54 -------- d-----w- C:\Program Files (x86)\THQ
2012-07-04 09:12:41 0 ----a-w- C:\Windows\SysWow64\sho456C.tmp
2012-06-30 12:04:28 0 ----a-w- C:\Windows\SysWow64\sho7BBD.tmp
.
==================== Find3M ====================
.
2012-07-12 11:00:02 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-08 06:09:46 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-08 06:09:46 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-05 14:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 11:30:23 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-29 05:54:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-27 09:03:32 0 ----a-w- C:\Windows\SysWow64\shoC66B.tmp
2012-06-21 08:37:14 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe
2012-06-21 08:29:47 0 ----a-w- C:\Windows\SysWow64\sho5254.tmp
2012-06-20 14:00:30 0 ----a-w- C:\Windows\SysWow64\sho6748.tmp
2012-06-20 02:11:47 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-20 02:11:47 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-16 03:25:33 0 ----a-w- C:\Windows\SysWow64\sho5BF6.tmp
2012-06-16 01:04:45 0 ----a-w- C:\Windows\SysWow64\sho40F7.tmp
2012-06-12 18:22:41 0 ----a-w- C:\Windows\SysWow64\sho4E24.tmp
2012-06-11 18:52:46 0 ----a-w- C:\Windows\SysWow64\sho21D3.tmp
2012-06-10 16:21:59 21504 ----a-w- C:\Windows\jestertb.dll
2012-06-07 08:53:45 0 ----a-w- C:\Windows\SysWow64\shoB6C2.tmp
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-05 19:24:30 0 ----a-w- C:\Windows\SysWow64\sho9A96.tmp
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 07:29:40 0 ----a-w- C:\Windows\SysWow64\shoA952.tmp
2012-06-02 07:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 07:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 04:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-30 18:16:22 0 ----a-w- C:\Windows\SysWow64\shoEDD8.tmp
2012-05-27 18:48:47 0 ----a-w- C:\Windows\SysWow64\shoE7B0.tmp
2012-05-26 12:54:23 0 ----a-w- C:\Windows\SysWow64\sho7087.tmp
2012-05-25 19:23:04 0 ----a-w- C:\Windows\SysWow64\shoA67C.tmp
2012-05-20 07:06:23 0 ----a-w- C:\Windows\SysWow64\sho3109.tmp
2012-05-20 06:15:43 661600 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-05-11 06:46:06 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2012-05-10 10:55:15 0 ----a-w- C:\Windows\SysWow64\shoF70B.tmp
2012-05-07 07:45:13 0 ----a-w- C:\Windows\SysWow64\shoA1CC.tmp
2012-05-05 07:03:09 0 ----a-w- C:\Windows\SysWow64\sho25DC.tmp
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 07:04:04 421888 ----a-w- C:\Windows\SysWow64\RealMediaSplitter.ax
2012-05-04 07:04:00 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2010-01-26 03:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 15:21:48.87 ===============
 
The Attach Log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2011 4:53:09 PM
System Uptime: 29/7/2012 2:32:27 PM (1 hours ago)
.
Motherboard: Acer | | JV51_HR
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 1995/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 59.07 GiB free.
D: is FIXED (NTFS) - 224 GiB total, 43.26 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP325: 27/7/2012 6:35:02 PM - Installed Microsoft Fix it 50267
RP327: 28/7/2012 3:54:31 PM - Microsoft Antimalware Checkpoint
RP329: 28/7/2012 8:12:23 PM - Microsoft Antimalware Checkpoint
RP331: 28/7/2012 8:26:12 PM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
オTorrent
1ClickDownloader
4Media FLV to MP4 Converter
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Action Replay Code Manager
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
Advanced SystemCare 5
Akamai NetSession Interface
ALTools Update
android converter
Any Flv Converter 2.7.0
AnyDVD
Apple Application Support
Assassin's Creed Brotherhood
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
Babylon toolbar on IE
BabylonObjectInstaller
Backup Manager V3
Bandisoft MPEG-1 Decoder
Bing Bar
BufferChm
Bus Driver 1.5
Bus Simulator
Bus Simulator 2008 Demo
Call of Duty: Black Ops
CamStudio OSS Desktop Recorder
Cheat Engine 6.1
Cheat Engine 6.2
clear.fi
clear.fi Client
Company of Heroes
Company of Heroes - FAKEMSI
Copy
D3DX10
DAEMON Tools Pro
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Divine Souls
DivX Setup
DJ_AIO_03_F2200_Software_Min
Dolby Advanced Audio v2
Download Accelerator Plus (DAP)
Dragon Nest SEA
DSL Speed V7.1
DVD43 Plug-in v1.0.0.5
eBay Worldwide
Efficient Calendar Free 3.0
Eligium
Express Burn Disc Burning Software
Express Rip
F2200
Facebook Messenger 2.1.4590.0
Facebook Video Calling 1.2.0.159
File Type Assistant
FilesFrog Update Checker
Final Media Player 2011
FLV Downloader(xmlbar)(remove only)
FLV Player
Forsaken World Halcyon
Free Video to MP3 Converter version 5.0.10.423
FreeMake Toolbar
Freemake Video Converter version 3.0.2
Game Booster 3
GAMEVIL
Garena Plus
Gears of War
GetFLV 9.0.6.3
Gmaniac Dragonica 1.01
Google Chrome
Google SketchUp Pro 8
GPBaseService2
Graboid Video 3.1
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
Incredibar Toolbar on IE
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Internet Download Manager
InterVideo DeviceService
IPU RustyHearts
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 7.9.0 (Full)
Kingdoms of Amalur Reckoning
Launch Manager
Lavalon Dragonica
LG United Mobile Driver
LG USB WML Modem Driver
Lion Skin Pack 3.0
LogonStudio
Magic DVD Ripper V6.0.2
Malwarebytes Anti-Malware version 1.62.0.1300
MapleStory
MarketResearch
Mass Effect 3 N7 Collector's Edition DLC
Mass Effect・3
MegaTrainer eXperience V1.0.2.8
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
MID Converter 4.2
MKV Player 2.0.1
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Tools for 5.0
Need for Speed・The Run
newsXpresso
Nexon Game Manager
Norton Online Backup
NTI Media Maker 9
NVIDIA PhysX
Pando Media Booster
PC Wizard 2012.2.0
PhotoPad Image Editor
PhotoStage Slideshow Producer
Pixillion Image Converter
PlayDGN version 2.1.11
Prism Video File Converter
PunkBuster Services
Puzzle Pirates
QuickTime
Rainmeter
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Replay Media Catcher 4 (4.4.1)
RGF HotSpot version 0.6b
Righteous ROSE Online
ROCCAT Pyra Mouse Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Service Pack 1 for SQL Server 2008 R2 (KB2528583)
Shutdown Timer
Skype・5.3
SmartWebPrinting
SolutionCenter
Spec Ops The Line
SpeedBit Video Accelerator
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Database Engine Services
SQL Server 2008 R2 SP1 Database Engine Shared
SQL Server 2008 R2 SP1 Management Studio
Sql Server Customer Experience Improvement Program
SRose Online
Status
Steam
Stellar Phoenix Photo Recovery
SweetIM for Messenger 3.6
SweetPacks Toolbar for Internet Explorer 4.6
swMSM
Synthesia (remove only)
System Requirements Lab CYRI
Tipard MKV Video Converter
Tom Clancy's Ghost Recon Future Soldier
Toolbox
TrayApp
Ubisoft Game Launcher
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Manager for SweetPacks 1.0
VC80CRTRedist - 8.0.50727.6195
VDownloader 3.9.1195
Veoh Giraffic Video Accelerator
Veoh Web Player
Video Download Button
Video Download Toolbar 2.6.0.0
VideoFileDownload
VideoPad Video Editor
Virtual Villagers - New Believers Just For Fun Games
Virtual Villagers 4 - The Tree of Life
VLC media player 1.0.1
vReveal
vReveal 3
WavePad Sound Editor
WebReg
WEBZEN Browser Extension
Welcome Center
WIDI Recognition System Pro 4.11 (remove only)
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
WolfTeam International
Wondershare DVD Ripper Platinum(Build 4.4.7.0)
Wondershare Video Converter Ultimate(Build 5.7.5.4)
Xham downloader
Xilisoft HD Video Converter 6
Xilisoft Online Video Downloader
Xilisoft Video Converter Standard
Xilisoft YouTube Video Converter
Xvid Video Codec
Yinyuetai Downloader(xmlbar)(remove only)
YourFileDownloader
Youtube Downloader HD v. 2.6
Youtube to MP3 Converter v. 1.4
Ys Origin version 1
 
==== Event Viewer Messages From Past Week ========
.
29/7/2012 7:33:18 AM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
29/7/2012 7:33:18 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: A dynamic link library (DLL) initialization routine failed.
29/7/2012 7:29:46 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:35:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:34:23 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
29/7/2012 2:34:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/7/2012 2:34:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
29/7/2012 2:34:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/7/2012 2:34:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/7/2012 2:33:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
29/7/2012 2:33:20 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/7/2012 2:33:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
29/7/2012 2:32:33 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:31:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:22:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:22:39 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 2:19:34 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error %%-2147418113.
29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The system cannot find the path specified.
29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The system cannot find the path specified.
29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The system cannot find the path specified.
29/7/2012 2:19:34 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The media is write protected.
29/7/2012 2:19:22 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
29/7/2012 2:18:54 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
29/7/2012 2:18:42 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
29/7/2012 2:15:13 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AA&threatid=2147658112 Name: Trojan:Win64/Sirefef.AA ID: 2147658112 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
 
29/7/2012 2:15:13 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:15:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.W&threatid=2147655287 Name: Trojan:Win64/Sirefef.W ID: 2147655287 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef&threatid=2147657437 Name: Trojan:Win64/Sirefef ID: 2147657437 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@;file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:15:03 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:12:57 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "3859F9570189" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
29/7/2012 2:10:26 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:10:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 2:09:34 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/7/2012 1:57:47 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 1:57:47 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 1:53:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 1:53:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 1:49:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/7/2012 1:49:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
28/7/2012 8:45:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.P&threatid=2147654466 Name: Trojan:Win64/Sirefef.P ID: 2147654466 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_64\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
28/7/2012 8:45:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: file:_C:\Windows\assembly\GAC_32\Desktop.ini Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
28/7/2012 8:13:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
28/7/2012 7:55:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (DRAGONICA) service to connect.
28/7/2012 7:55:16 PM, Error: Service Control Manager [7000] - The SQL Server (DRAGONICA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/7/2012 7:44:26 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
28/7/2012 7:44:23 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
28/7/2012 5:40:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
28/7/2012 5:40:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
28/7/2012 5:40:30 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: A system shutdown is in progress.
28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: A system shutdown is in progress.
28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: A system shutdown is in progress.
28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: A system shutdown is in progress.
28/7/2012 5:40:29 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
28/7/2012 5:39:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
28/7/2012 5:08:41 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.131.853.0, AS: 1.131.853.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
28/7/2012 4:11:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.853.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
28/7/2012 3:54:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.853.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
28/7/2012 3:52:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
28/7/2012 3:51:47 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.131.132.0;1.131.132.0 Engine version: 1.1.8601.0
28/7/2012 3:24:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
28/7/2012 11:04:26 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
28/7/2012 11:03:59 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
28/7/2012 11:03:56 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
25/7/2012 4:40:55 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
24/7/2012 12:47:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
23/7/2012 10:04:31 PM, Error: Service Control Manager [7000] - The StarWind AE Service service failed to start due to the following error: The system cannot find the file specified.
22/7/2012 2:23:32 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22/7/2012 1:05:22 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 12.
.
==== End Of File ===========================
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Okay here is the FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 00:03:29
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKU\Mike\...\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Mike\...\Run: [Facebook Update] "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Mike\...\Run: [GarenaMessenger] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" [5649752 2012-03-05] ()
HKU\Mike\...\Policies\system: [LogonHoursAction] 2
HKU\Mike\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ryuu\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-18] (BitTorrent, Inc.)
HKU\Ryuu\...\Run: [Google Update] "C:\Users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-27] (Google Inc.)
HKU\Ryuu\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3417496 2011-07-31] (Tonec Inc.)
HKU\Ryuu\...\Policies\system: [LogonHoursAction] 2
HKU\Ryuu\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ryuu\...\Winlogon: [Shell] Explorer.exe
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\Ryuu\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) ======

3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
4 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-12] (Akamai Technologies, Inc)
4 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [198168 2007-03-05] (InterVideo Inc.)
4 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360 2011-06-30] (Dritek System Inc.)
4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-25] (Acer Incorporated)
4 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$DRAGONICA; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe" -sDRAGONICA [43040096 2011-06-17] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
4 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-28] ()
4 SQLAgent$DRAGONICA; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE" -I DRAGONICA [370016 2011-06-17] (Microsoft Corporation)
4 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
4 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [265928 2011-12-02] (SpeedBit Ltd.)
4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-23] ()

========================== Drivers (Whitelisted) =============

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-06] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-06] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-06] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-06] (LG Electronics Inc.)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
3 appliand; C:\Windows\System32\Drivers\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [51240 2011-05-16] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [86056 2011-05-06] (Broadcom Corporation)
3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2011-11-30] (DT Soft Ltd)
2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [145008 2011-07-06] (Tonec Inc.)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
4 MySQL; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL [8919 2012-05-09] ()
2 npf; C:\Windows\System32\Drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2011-03-09] (NTI Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-20] (Duplex Secure Ltd.)
3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [513824 2011-07-31] ()
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2011-03-09] (NTI Corporation)
1 aalobgfe; \??\C:\Windows\system32\drivers\aalobgfe.sys [x]
4 bdselfpr; [x]
3 dump_wmimmc; [x]
3 EagleX64; [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
2 RelevantKnowledge; [x]
3 wolf; [x]
1 wxutdbmc; \??\C:\Windows\system32\drivers\wxutdbmc.sys [x]
3 X6va005; [x]
3 xsherlock; C:\Windows\system32\xsherlock.xem [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 08:00 - 2012-07-29 08:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C93AB17FCC9803A1
2012-07-29 08:00 - 2012-07-29 08:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpfwysoc.sys
2012-07-29 07:45 - 2012-07-29 07:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.708E78416D21F6C8
2012-07-29 00:53 - 2012-07-29 00:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7CF3CBC5CBD25884
2012-07-29 00:47 - 2012-07-29 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B70D5861D85AD664
2012-07-29 00:42 - 2012-07-29 00:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.705B55BB93B186F1
2012-07-28 22:31 - 2012-07-28 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B25ED5FF07112164
2012-07-28 22:29 - 2012-07-28 22:29 - 00002902 ____A C:\Windows\PFRO.log
2012-07-28 22:16 - 2012-07-28 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABD0E22A81008886
2012-07-28 22:10 - 2012-07-28 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04DD8A8E342C08BB
2012-07-28 22:01 - 2012-07-28 22:01 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 22:01 - 2012-07-02 21:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 21:54 - 2012-07-28 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66F487C048984A95
2012-07-28 20:36 - 2012-07-28 20:36 - 00000000 ____D C:\FRST
2012-07-28 15:29 - 2012-07-28 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.869D5BCC9E8E983A
2012-07-28 04:28 - 2012-07-28 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.38BB1D571143E4D0
2012-07-28 04:23 - 2012-07-29 07:58 - 00000728 ____A C:\Windows\setupact.log
2012-07-28 04:23 - 2012-07-28 04:23 - 00000000 ____A C:\Windows\setuperr.log
2012-07-28 01:52 - 2012-07-28 22:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 01:52 - 2012-07-28 01:52 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Malwarebytes
2012-07-28 01:52 - 2012-07-28 01:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-28 01:34 - 2012-07-28 20:07 - 00000000 ____D C:\d51ee645f6d2af991e9c9d0cf0e4
2012-07-28 01:34 - 2012-07-28 01:34 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86_2.msu
2012-07-28 01:33 - 2012-07-28 01:33 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86.msu
2012-07-28 01:20 - 2012-07-28 20:07 - 00000000 ____D C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
2012-07-28 01:19 - 2012-07-28 01:21 - 282001408 ____A C:\Users\Ryuu\Downloads\kav_rescue_10_2.iso
2012-07-28 00:46 - 2012-07-28 00:46 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Systweak
2012-07-28 00:45 - 2012-07-28 20:07 - 00000000 ____D C:\Program Files (x86)\Advanced System Optimizer 3
2012-07-28 00:45 - 2012-07-28 00:45 - 00000000 ____D C:\Users\Ryuu\Desktop\SPC_Report
2012-07-28 00:38 - 2012-07-28 20:07 - 00000000 ____D C:\Users\Ryuu\Desktop\Advanced System Optimizer 3.2.648.11676 (32+64 bit) + Multilingual + SERIAL KEY
2012-07-28 00:36 - 2012-07-28 00:38 - 12061016 ____A C:\Users\Ryuu\Downloads\Advanced System Optimizer 3.2.648.11676 (32+64 bit) + Multilingual + SERIAL KEY.rar
2012-07-27 23:55 - 2012-07-27 23:55 - 00000123 ____A C:\Users\Ryuu\Desktop\Microsoft Fix it.url
2012-07-27 23:53 - 2012-07-27 23:53 - 00347424 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\MicrosoftFixit.WindowsFirewall.RNP.15626689280230514.1.1.Run.exe
2012-07-27 23:51 - 2012-07-27 23:54 - 00003221 ____A C:\Windows\WindowsUpdate.log
2012-07-27 23:51 - 2012-07-27 23:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-27 23:51 - 2012-07-27 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-27 23:50 - 2012-07-27 23:51 - 12621696 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\mseinstall.exe
2012-07-27 23:49 - 2012-07-27 23:49 - 00201030 ____A C:\Users\Ryuu\Downloads\lspfix.zip
2012-07-27 19:09 - 2012-07-27 19:42 - 585384918 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Fairy Tail - 141 [1080p].mkv
2012-07-27 02:51 - 2012-07-27 02:51 - 00000950 ____A C:\Users\Public\Desktop\Alcohol 120%.lnk
2012-07-27 02:41 - 2012-07-29 00:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
2012-07-27 02:41 - 2012-07-27 02:51 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
2012-07-27 02:41 - 2012-07-27 02:41 - 00739856 ____A (Google Inc.) C:\Users\Ryuu\Downloads\ChromeSetup.exe
2012-07-27 02:34 - 2012-07-27 02:34 - 00980480 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50267.msi
2012-07-26 21:10 - 2012-07-26 21:10 - 00000000 ____A C:\Windows\SysWOW64\shoC467.tmp
2012-07-26 20:43 - 2012-07-26 21:16 - 553837264 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Naruto Shippuuden - 271 [1080p].mkv
2012-07-26 20:22 - 2012-07-26 20:23 - 10198728 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\flashplayer11-4_p1_install_win_pi_071612.exe
2012-07-26 04:09 - 2012-07-26 04:09 - 00000000 ____D C:\Users\Mike\AppData\Local\{9848E4D9-E6BA-43AE-8509-D95A92F78A2A}
2012-07-26 04:09 - 2012-07-26 04:09 - 00000000 ____D C:\Users\Mike\AppData\Local\{54EF4436-78A2-424C-A27C-22A622D64C27}
2012-07-26 01:33 - 2012-07-26 01:35 - 00000000 ____D C:\Users\Ryuu\Downloads\ESET NOD32 Smart Security v5.0.93.7 Final (x86 & x64)
2012-07-25 23:04 - 2012-07-25 23:26 - 00000000 ____D C:\Users\Ryuu\Downloads\The.Karate.Kid.2010.DVDRip.XviD-TDM.[UsaBit.com]
2012-07-25 22:57 - 2012-07-25 22:59 - 00000000 ____D C:\Users\Ryuu\Downloads\Hancock[2008]DvDrip-aXXo
2012-07-25 07:28 - 2012-07-25 07:28 - 00000000 ____A C:\Windows\SysWOW64\shoCA95.tmp
2012-07-25 01:39 - 2012-07-25 01:40 - 00000000 ____D C:\Users\Mike\AppData\Local\{0CBEC15D-A26E-46F0-A439-8B668A5A584E}
2012-07-25 01:39 - 2012-07-25 01:39 - 00000000 ____D C:\Users\Mike\AppData\Local\{744B44C2-9764-48D8-B1D6-17DE62A5F7A5}
2012-07-25 00:27 - 2012-07-25 00:27 - 00003352 ____N C:\bootsqm.dat
2012-07-24 06:50 - 2012-07-25 22:49 - 00000000 ____D C:\Users\Ryuu\Downloads\I.Am.Legend[2007]DvDrip[Eng]-aXXo
2012-07-24 06:39 - 2012-07-29 00:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-24 06:39 - 2012-07-24 06:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-24 06:39 - 2012-07-24 06:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-24 06:38 - 2012-07-24 06:38 - 09822920 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\install_flash_player.exe
2012-07-24 03:21 - 2012-07-24 03:21 - 00063886 ____A C:\Users\Mike\Downloads\TOTALLYBOREED
2012-07-23 22:30 - 2012-07-23 22:30 - 00000000 ____D C:\Users\Mike\AppData\Local\{8D658D3E-048C-44AD-ABAA-711775EE882C}
2012-07-23 22:30 - 2012-07-23 22:30 - 00000000 ____D C:\Users\Mike\AppData\Local\{5161F28F-5A4A-4280-B11B-D857B0E81C1A}
2012-07-23 21:26 - 2012-07-23 21:26 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-23 21:25 - 2012-07-05 06:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-23 21:25 - 2012-07-05 06:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-23 21:24 - 2012-07-23 21:25 - 06723616 ____A (Adobe Systems Inc.) C:\Users\Ryuu\Downloads\Shockwave_Installer_Slim.exe
2012-07-23 21:24 - 2012-07-23 21:24 - 00893936 ____A (Oracle Corporation) C:\Users\Ryuu\Downloads\jxpiinstall.exe
2012-07-23 21:02 - 2012-07-23 21:02 - 00650240 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50199.msi
2012-07-23 20:56 - 2012-07-23 20:56 - 00641253 ____A C:\Users\Ryuu\Downloads\ ??????????? (SAO) [Crossing field].mp4
2012-07-23 01:16 - 2012-07-23 01:16 - 07275072 ____A (Dark Byte ) C:\Users\Ryuu\Downloads\CheatEngine62.exe
2012-07-23 01:16 - 2012-07-23 01:16 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
2012-07-23 01:15 - 2012-07-16 01:07 - 00099328 ____A C:\Users\Ryuu\Desktop\Trainer.EXE
2012-07-23 01:14 - 2012-07-23 01:14 - 00062345 ____A C:\Users\Ryuu\Downloads\YS Origin STEAM Update 3 +6 Trainer.rar
2012-07-23 00:22 - 2012-07-23 00:22 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\FALCOM
2012-07-23 00:20 - 2012-07-23 00:20 - 00001261 ____A C:\Users\Ryuu\Downloads\Ys Origin.CT
2012-07-23 00:19 - 2012-07-23 00:19 - 00011366 ____A C:\Users\Ryuu\Downloads\YSO_Mini_Image.rar
2012-07-23 00:19 - 2007-10-07 08:32 - 00831488 ____A C:\Users\Ryuu\Desktop\YSO_Mini_Image.iso
2012-07-23 00:17 - 2007-03-14 05:33 - 00000000 ____D C:\Users\Ryuu\Desktop\yso_1100
2012-07-22 23:53 - 2012-07-22 23:53 - 00000000 ____D C:\Users\All Users\RELOADED
2012-07-22 23:51 - 2012-07-22 23:51 - 00000790 ____A C:\Users\Public\Desktop\Ys Origin.lnk
2012-07-22 23:50 - 2012-07-22 23:53 - 00000000 ____D C:\Program Files (x86)\Ys Origin
2012-07-22 02:48 - 2012-07-22 02:48 - 00000000 ____D C:\Users\Mike\AppData\Local\{C61B5BA8-BED9-4BA5-A82A-92B12C2FEFB4}
2012-07-22 02:47 - 2012-07-22 02:48 - 00000000 ____D C:\Users\Mike\AppData\Local\{17E23103-E7DF-4588-95D8-18142A052C03}
2012-07-21 23:31 - 2012-07-22 23:50 - 00000000 ____D C:\Users\Ryuu\Desktop\Patch
2012-07-21 23:31 - 2010-02-10 11:08 - 00001068 ____A C:\Users\Ryuu\Desktop\Instructions.txt
2012-07-21 22:31 - 2012-07-21 23:53 - 00000000 ____D C:\Users\Ryuu\Desktop\Company of heroes image
2012-07-21 07:32 - 2012-07-21 07:32 - 00000000 ____D C:\Users\Mike\AppData\Local\Activision
2012-07-21 05:58 - 2012-07-21 05:58 - 00000000 ____D C:\Users\Mike\AppData\Local\{343DFACB-6D68-4544-8F9D-C2C95D5A4D8C}
2012-07-21 05:58 - 2012-07-21 05:58 - 00000000 ____D C:\Users\Mike\AppData\Local\{18902BDE-E91B-47E0-90D2-227DF51529B8}
2012-07-21 04:36 - 2012-07-21 04:36 - 00005532 ____A C:\Users\Ryuu\Downloads\777 We can sing a song~ lyrics.txt
2012-07-21 01:24 - 2012-07-21 01:24 - 00073622 ____A C:\Users\Ryuu\Downloads\bws-0637.rar
2012-07-21 01:24 - 2010-11-11 17:14 - 00412672 ____A C:\Users\Ryuu\Desktop\bw-codbo.exe
2012-07-21 01:24 - 2010-11-11 02:58 - 00011057 ____A C:\Users\Ryuu\Desktop\BReWErS.nfo
2012-07-21 01:21 - 2012-07-21 01:21 - 00000000 ____D C:\Users\Ryuu\AppData\Local\Activision
2012-07-21 01:00 - 2012-07-21 01:00 - 00002214 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
2012-07-21 01:00 - 2012-07-21 01:00 - 00002200 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
2012-07-21 00:55 - 2012-07-21 00:59 - 00000000 ____D C:\Users\Ryuu\Downloads\Call Of Duty Black Ops Updates 1-2-3-4-5-6 + Cracks {HotIce}
2012-07-21 00:52 - 2012-07-21 00:52 - 00000000 ____D C:\Users\Ryuu\Downloads\(PC) Call of Duty Black Ops + crack (SKIDROW)
2012-07-21 00:17 - 2012-07-21 00:18 - 03791728 ____A C:\Users\Ryuu\Downloads\BlackOps_by_GradenT_[Update_5-6]_[+23].rar
2012-07-21 00:13 - 2010-12-17 08:13 - 68058032 ____A ( ) C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops.Update.4.exe
2012-07-21 00:13 - 2010-12-17 08:13 - 00019625 ____A C:\Users\Ryuu\Downloads\skidrow.nfo
2012-07-21 00:13 - 2010-12-17 08:13 - 00000000 ____D C:\Users\Ryuu\Downloads\SKIDROW
2012-07-20 23:47 - 2010-11-13 03:09 - 00000000 ____D C:\Users\Ryuu\Downloads\sr-cod71-Mbb
2012-07-20 23:46 - 2010-12-01 05:06 - 00000000 ____D C:\Users\Ryuu\Downloads\sr-cod723-Mbb
2012-07-20 23:42 - 2012-07-21 00:03 - 00000000 ____D C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops.Update.4.Read.Nfo-SKIDROW
2012-07-20 23:42 - 2012-07-20 23:50 - 00000000 ____D C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops.Update.5.and.6-SKIDROW [ALEX]
2012-07-20 23:40 - 2012-07-20 23:44 - 15809643 ____A C:\Users\Ryuu\Downloads\sr-cod723-Mbb.rar
2012-07-20 23:40 - 2012-07-20 23:44 - 14468514 ____A C:\Users\Ryuu\Downloads\sr-cod71-Mbb.rar
2012-07-20 23:11 - 2012-07-20 23:11 - 00000000 ____D C:\Program Files (x86)\Activision
2012-07-20 22:47 - 2010-11-09 01:09 - 3523459072 ____A C:\Users\Ryuu\Desktop\sr-codbo.iso
2012-07-20 08:48 - 2012-07-27 20:12 - 00001211 ____A C:\Users\Ryuu\Documents\ax_files.xml
2012-07-20 04:03 - 2012-07-20 04:03 - 00000000 ____D C:\Users\Mike\AppData\Local\Wondershare
2012-07-20 03:27 - 2012-07-28 20:22 - 00000000 ____D C:\Users\Ryuu\Desktop\Company of heroes trainer
2012-07-20 01:57 - 2012-07-20 01:57 - 00000000 ____D C:\Users\Ryuu\Downloads\Company of Heroes Tales of Valor [Uploaded By SunShine®]
2012-07-20 01:55 - 2012-07-28 20:22 - 00000000 ____D C:\Program Files (x86)\smartdl
2012-07-20 01:55 - 2012-07-20 01:55 - 00000000 ____D C:\Program Files (x86)\TorrentSearch
2012-07-20 01:54 - 2012-07-20 01:54 - 00191444 ____A C:\Users\Ryuu\Downloads\COMPANY_OF_HEROES_TALES_OF_VALOR_MEGA_TRAINER_2_602_rar.exe
2012-07-20 01:53 - 2012-07-20 01:53 - 00009324 ___RA C:\Users\Ryuu\RelicCOH_TOV_v2602.CT
2012-07-20 01:50 - 2012-07-20 01:50 - 03020105 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_-_ToV_v2.602_+_9_Trainer.rar
2012-07-20 01:43 - 2012-07-20 01:43 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2012-07-20 01:37 - 2012-07-20 01:37 - 00834544 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-07-20 01:36 - 2012-07-20 01:36 - 00000000 ____D C:\Users\Ryuu\Downloads\Alcohol 120 v2.0.0.1331+Patch(Works with w7) [ kk ]
2012-07-20 01:32 - 2012-07-20 01:32 - 02416536 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_Tales_of_Valor_NoCDNoDVD_[2.602].7z
2012-07-20 01:20 - 2012-07-20 01:20 - 00290128 ____A C:\Users\Ryuu\Downloads\Ys.Origins-RELOADED_PublicHD.exe
2012-07-20 00:38 - 2009-04-11 01:27 - 00001659 ____A C:\Users\Ryuu\Desktop\NS-TOV_DC-poseden.nfo
2012-07-20 00:30 - 2012-07-20 00:56 - 164254690 ____A C:\Users\Ryuu\Downloads\EN_2601_2602_Patch.exe
2012-07-20 00:28 - 2012-07-20 00:56 - 28143440 ____A C:\Users\Ryuu\Downloads\EN_2600_2601_Patch.exe
2012-07-19 23:59 - 2009-07-13 11:25 - 00000000 ____D C:\Users\Ryuu\validators
2012-07-19 23:59 - 2009-07-09 19:10 - 00001349 ____A C:\Users\Ryuu\readme.txt
2012-07-19 23:59 - 2009-07-09 18:40 - 09267008 ____A (THQ Canada Inc.) C:\Users\Ryuu\RelicCOH.exe
2012-07-19 23:04 - 2012-07-19 23:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2012-07-19 23:04 - 2012-07-19 23:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2012-07-19 07:37 - 2012-07-19 07:39 - 00000000 ____D C:\Users\Ryuu\Downloads\Company Of Heroes Tales Of Valor Crack Only - RELOADED
2012-07-19 07:02 - 2012-07-19 23:09 - 00000000 ____D C:\Users\Ryuu\Downloads\Call.of.Duty.Black.Ops-SKIDROW
2012-07-19 06:23 - 2012-07-19 06:24 - 47593217 ____A C:\Users\Ryuu\Downloads\EN_2502_2600_Patch.exe
2012-07-19 06:22 - 2012-07-19 06:24 - 32765297 ____A C:\Users\Ryuu\Downloads\EN_2501_2502_Patch.exe
2012-07-19 03:37 - 2012-07-19 03:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-19 03:15 - 2012-07-19 03:19 - 112496474 ____A C:\Users\Ryuu\Downloads\EN_2500_2501_Patch.exe
2012-07-19 02:51 - 2012-07-19 03:09 - 00000000 ____D C:\Users\Ryuu\Downloads\Crack
2012-07-18 08:12 - 2012-07-28 20:22 - 00000000 ____D C:\Users\Ryuu\Downloads\TuneUp.Utilities.2012.v12.0.2160.13.Incl.Keymaker-CORE
2012-07-18 02:36 - 2012-07-18 02:36 - 00007014 ____A C:\Users\Ryuu\Downloads\SpecOpsTheLine_v10.CT
2012-07-18 01:52 - 2012-06-26 12:32 - 18679808 ____A (Take-Two Interactive Software, Inc.) C:\Users\Ryuu\SpecOpsTheLine.exe
2012-07-18 01:52 - 2012-06-26 12:32 - 00359424 ____A (SKIDROW) C:\Users\Ryuu\Steamclient.dll
2012-07-18 01:52 - 2012-06-26 12:32 - 00124296 ____A (Valve Corporation) C:\Users\Ryuu\steam_api.dll
2012-07-18 01:50 - 2012-07-18 01:50 - 00000000 __SHD C:\Windows\ftpcache
2012-07-18 01:47 - 2012-07-18 01:47 - 00002448 ____A C:\Users\Ryuu\Desktop\Spec Ops The Line.lnk
2012-07-18 01:47 - 2012-07-18 01:47 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Spec Ops The Line
2012-07-18 01:39 - 2012-07-19 03:33 - 00000000 ____D C:\Users\Ryuu\Desktop\Patches
2012-07-18 01:19 - 2012-07-18 01:19 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2012-07-17 07:43 - 2012-07-17 07:43 - 00000000 ____D C:\Users\Ryuu\Downloads\Xilisoft Video Converter Platinum 7.3.0.20120529 + Serial
2012-07-17 07:15 - 2012-07-27 06:10 - 47692675 ____A C:\Users\Ryuu\Downloads\xivico7.3.zip
2012-07-16 05:27 - 2012-07-16 05:27 - 00000000 ____A C:\Windows\SysWOW64\sho29FA.tmp
2012-07-16 02:39 - 2012-07-16 02:53 - 00000000 ____D C:\Users\Ryuu\Documents\Wondershare Video Converter Ultimate
2012-07-16 02:39 - 2012-07-16 02:39 - 00001419 ____A C:\Users\Ryuu\Desktop\Wondershare Video Converter Ultimate.lnk
2012-07-16 02:39 - 2012-07-16 02:39 - 00000000 ____D C:\Users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
2012-07-16 02:39 - 2012-07-16 02:39 - 00000000 ____D C:\Users\Ryuu\AppData\Local\Wondershare
2012-07-16 02:38 - 2012-07-16 02:38 - 00000000 ____D C:\Users\Ryuu\Downloads\Wondershare.Video.Converter.Ultimate.v5.7.5.Incl.Keygen-Lz0
2012-07-15 17:03 - 2012-07-15 17:03 - 00184891 ____A C:\torrent.exe
2012-07-14 08:47 - 2012-07-14 08:47 - 00000000 ____D C:\Users\Mike\Documents\ArcaniA - Gothic 4
2012-07-14 05:11 - 2012-07-14 08:47 - 00000000 ____D C:\Users\Mike\AppData\Roaming\NVIDIA
2012-07-14 04:42 - 2012-07-14 04:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{DAE40D97-A3F0-48C5-8EF4-340ECF9B12A3}
2012-07-14 04:41 - 2012-07-14 04:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{800D2AF3-81CC-4AF7-B455-E164E9A421E2}
2012-07-14 02:33 - 2012-07-17 11:03 - 2009704706 ____A C:\Users\Ryuu\Downloads\Company Of Heroes (2006) + CoH - Opposing Fronts (2007).rar
2012-07-14 01:22 - 2012-07-14 02:23 - 00000000 ____D C:\Users\Ryuu\Documents\ArcaniA - Gothic 4
2012-07-13 21:27 - 2012-07-15 00:35 - 00000000 ____D C:\Program Files (x86)\JoWooD Entertainment AG
2012-07-13 16:41 - 2012-07-13 16:41 - 00000000 ____D C:\Users\Mike\AppData\Local\{9842B7B9-6B09-41DF-B9E8-786DE7BF94F1}
2012-07-13 16:41 - 2012-07-13 16:41 - 00000000 ____D C:\Users\Mike\AppData\Local\{3A725E55-99FB-49B0-834D-6D33B9739679}
2012-07-13 07:42 - 2012-07-13 07:42 - 00000000 __RHD C:\Users\Ryuu\AppData\Roaming\SecuROM
2012-07-13 03:16 - 2012-07-13 03:16 - 00000000 ____A C:\Windows\SysWOW64\sho933A.tmp
2012-07-13 02:47 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 02:42 - 2012-07-13 02:43 - 00000000 ____D C:\Users\Mike\AppData\Local\{9161B958-5EC3-4E27-9386-D79944872708}
2012-07-13 02:42 - 2012-07-13 02:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{A0213D9D-0D37-43DE-A26D-22344FDEE598}
2012-07-13 02:41 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-13 02:41 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-13 02:41 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-13 02:41 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-13 02:41 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-13 02:41 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-13 02:41 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-13 02:41 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-13 02:41 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-13 02:41 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-13 02:41 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-13 02:41 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-13 02:41 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-13 02:41 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-13 02:41 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-13 02:41 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-13 02:41 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-13 02:41 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-13 02:41 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-13 02:41 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-13 02:41 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-13 02:41 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-13 02:41 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-13 02:41 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-13 02:41 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-13 02:40 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-13 02:40 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-13 02:40 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-13 02:35 - 2012-07-13 03:18 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-07-13 02:35 - 2012-07-13 03:18 - 00000000 ____D C:\Windows\System32\NV
2012-07-12 07:36 - 2012-07-12 07:36 - 00659211 ____A C:\Users\Ryuu\Downloads\RelicCOH.CT
2012-07-12 06:25 - 2012-07-13 02:35 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-07-12 06:25 - 2012-07-12 06:25 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-07-12 06:25 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-07-12 06:25 - 2012-05-15 01:29 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-07-12 06:25 - 2012-05-15 01:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-07-12 06:25 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-07-12 06:25 - 2012-05-15 01:29 - 00858944 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2012-07-12 06:25 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-07-12 06:25 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-07-12 06:25 - 2012-05-15 01:29 - 00055616 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2012-07-12 06:25 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-07-12 06:25 - 2012-05-11 23:22 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2008
2012-07-12 06:25 - 2012-05-11 23:20 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2005
2012-07-12 06:25 - 2012-05-11 23:20 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2012-07-12 06:24 - 2012-07-12 06:24 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-07-12 06:24 - 2012-05-15 02:48 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-07-12 06:24 - 2012-05-15 02:48 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-12 06:18 - 2012-05-15 02:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-07-12 06:18 - 2012-05-15 02:48 - 00028992 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2012-07-12 06:18 - 2012-05-15 02:48 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-07-12 04:52 - 2012-07-12 04:52 - 00000000 ____D C:\Users\Mike\AppData\Local\{361641CC-DA41-4980-8A0C-ED2E519EFC5D}
2012-07-12 04:52 - 2012-07-12 04:52 - 00000000 ____D C:\Users\Mike\AppData\Local\{18D2B928-7F9E-442F-9205-CDA5BA7694CB}
2012-07-12 04:23 - 2012-07-12 04:23 - 00003120 ____A C:\Windows\SysWOW64\ALLFSAF8a.ocx
2012-07-12 04:23 - 2012-07-12 04:23 - 00002114 ____A C:\Users\Public\Desktop\LayOut 3.lnk
2012-07-12 04:23 - 2012-07-12 04:23 - 00002029 ____A C:\Users\Public\Desktop\Google SketchUp 8.lnk
2012-07-12 04:19 - 2012-07-28 20:22 - 00000000 ____D C:\Users\Ryuu\Downloads\Google Sketchup 8 with Keygen
2012-07-12 03:15 - 2012-07-12 05:31 - 00000000 ____D C:\Users\Ryuu\Downloads\????@????@????[ONED-136]
2012-07-10 22:55 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:55 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 22:55 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 22:55 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 22:55 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 22:55 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 22:55 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 22:55 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 22:54 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 22:54 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 22:54 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 22:54 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 22:54 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 22:54 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 22:54 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 22:54 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 22:54 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 22:54 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 22:54 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 07:04 - 2012-07-10 07:04 - 298992036 ____A C:\Users\Ryuu\Downloads\EX-ANL.mp4
2012-07-09 02:45 - 2007-12-28 21:58 - 23755200 ____A C:\Users\Ryuu\Downloads\Company of Heroes.iso
2012-07-07 23:50 - 2012-07-07 23:50 - 00000000 ____D C:\Users\Mike\AppData\Local\{5D1701F2-79AA-4D47-94FE-9488C5352CFF}
2012-07-07 23:50 - 2012-07-07 23:50 - 00000000 ____D C:\Users\Mike\AppData\Local\{4C12E2F4-07BF-464F-B221-FA16DDAB4095}
2012-07-07 08:28 - 2012-07-07 08:28 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2012-07-07 05:34 - 2010-04-02 19:51 - 00073568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
2012-07-07 05:32 - 2012-07-07 05:32 - 00000000 ____D C:\Users\Mike\AppData\Local\{50A3E4E4-48C5-4773-8581-CA72831FC400}
2012-07-07 05:32 - 2012-07-07 05:32 - 00000000 ____D C:\Users\Mike\AppData\Local\{03C474F3-F851-40F6-A588-EE00BD6F86D5}
2012-07-07 05:02 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-07 05:02 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-07 04:47 - 2012-07-07 04:47 - 00000000 ____D C:\Program Files (x86)\THQ
2012-07-06 02:29 - 2012-07-06 02:29 - 00000000 ____D C:\Users\Mike\AppData\Local\{F41B1A50-BAB2-47A0-A278-890972A3262D}
2012-07-06 02:29 - 2012-07-06 02:29 - 00000000 ____D C:\Users\Mike\AppData\Local\{347CA914-7402-4971-99C8-6312B8E21DD6}
2012-07-06 00:24 - 2012-07-06 00:24 - 00000000 ____D C:\Users\Mike\AppData\Local\{D5A16A4D-C97D-4236-AA98-F84A04631A2F}
2012-07-04 01:12 - 2012-07-04 01:12 - 00000000 ____A C:\Windows\SysWOW64\sho456C.tmp
2012-07-03 21:15 - 2012-07-03 21:15 - 00000000 ____D C:\Users\Mike\AppData\Local\{9333AC1F-D027-45BF-BD23-C4C06017B527}
2012-07-03 21:13 - 2012-07-03 21:15 - 00000000 ____D C:\Users\Mike\AppData\Local\{7E9D2A0D-09A9-4ED2-8855-21BE27730916}
2012-07-01 00:42 - 2012-07-01 00:43 - 00000000 ____D C:\Users\Mike\AppData\Local\{3A15D7AC-E1FF-4D86-9BF7-9C9A486482D0}
2012-07-01 00:42 - 2012-07-01 00:42 - 00000000 ____D C:\Users\Mike\AppData\Local\{6EBD30FC-A9C1-41C0-8BDE-F199B901448D}
2012-06-30 04:25 - 2012-06-30 04:25 - 00000000 ____D C:\Users\Mike\AppData\Local\{D3B5A1EA-0DDB-4752-8A79-92A5CBF47AD1}
2012-06-30 04:24 - 2012-06-30 04:25 - 00000000 ____D C:\Users\Mike\AppData\Local\{6BCCD5BE-DFF7-48FE-B3AD-B6200264B657}
2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____A C:\Windows\SysWOW64\sho7BBD.tmp
 
============ 3 Months Modified Files ========================

2012-07-29 08:00 - 2012-07-29 08:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C93AB17FCC9803A1
2012-07-29 08:00 - 2012-07-29 08:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpfwysoc.sys
2012-07-29 07:58 - 2012-07-28 04:23 - 00000728 ____A C:\Windows\setupact.log
2012-07-29 07:58 - 2011-11-22 00:33 - 00000408 ____A C:\Windows\Tasks\Final Media Player Update Checker.job
2012-07-29 07:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 07:53 - 2009-07-13 21:13 - 00876922 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 07:45 - 2012-07-29 07:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.708E78416D21F6C8
2012-07-29 07:42 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-29 07:42 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 00:53 - 2012-07-29 00:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7CF3CBC5CBD25884
2012-07-29 00:51 - 2012-07-27 02:41 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
2012-07-29 00:47 - 2012-07-29 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B70D5861D85AD664
2012-07-29 00:44 - 2012-07-24 06:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 00:43 - 2009-07-13 21:08 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-29 00:42 - 2012-07-29 00:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.705B55BB93B186F1
2012-07-28 22:31 - 2012-07-28 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B25ED5FF07112164
2012-07-28 22:29 - 2012-07-28 22:29 - 00002902 ____A C:\Windows\PFRO.log
2012-07-28 22:16 - 2012-07-28 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABD0E22A81008886
2012-07-28 22:10 - 2012-07-28 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04DD8A8E342C08BB
2012-07-28 22:01 - 2012-07-28 22:01 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 21:54 - 2012-07-28 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66F487C048984A95
2012-07-28 15:29 - 2012-07-28 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.869D5BCC9E8E983A
2012-07-28 04:28 - 2012-07-28 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.38BB1D571143E4D0
2012-07-28 04:23 - 2012-07-28 04:23 - 00000000 ____A C:\Windows\setuperr.log
2012-07-28 04:10 - 2011-11-08 00:53 - 00125968 ____A C:\Users\Ryuu\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-28 01:34 - 2012-07-28 01:34 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86_2.msu
2012-07-28 01:33 - 2012-07-28 01:33 - 00426163 ____A C:\Users\Ryuu\Downloads\Windows6.1-KB976586-x86.msu
2012-07-28 01:21 - 2012-07-28 01:19 - 282001408 ____A C:\Users\Ryuu\Downloads\kav_rescue_10_2.iso
2012-07-28 00:38 - 2012-07-28 00:36 - 12061016 ____A C:\Users\Ryuu\Downloads\Advanced System Optimizer 3.2.648.11676 (32+64 bit) + Multilingual + SERIAL KEY.rar
2012-07-27 23:55 - 2012-07-27 23:55 - 00000123 ____A C:\Users\Ryuu\Desktop\Microsoft Fix it.url
2012-07-27 23:54 - 2012-07-27 23:51 - 00003221 ____A C:\Windows\WindowsUpdate.log
2012-07-27 23:54 - 2011-12-07 19:19 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 23:53 - 2012-07-27 23:53 - 00347424 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\MicrosoftFixit.WindowsFirewall.RNP.15626689280230514.1.1.Run.exe
2012-07-27 23:51 - 2012-07-27 23:50 - 12621696 ____A (Microsoft Corporation) C:\Users\Ryuu\Downloads\mseinstall.exe
2012-07-27 23:51 - 2012-01-23 02:03 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
2012-07-27 23:51 - 2011-11-19 23:06 - 00882768 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 23:49 - 2012-07-27 23:49 - 00201030 ____A C:\Users\Ryuu\Downloads\lspfix.zip
2012-07-27 22:57 - 2011-12-23 08:06 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005UA.job
2012-07-27 20:12 - 2012-07-20 08:48 - 00001211 ____A C:\Users\Ryuu\Documents\ax_files.xml
2012-07-27 19:42 - 2012-07-27 19:09 - 585384918 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Fairy Tail - 141 [1080p].mkv
2012-07-27 07:45 - 2011-11-18 18:11 - 00005344 ____A C:\Windows\SysWOW64\debug.log
2012-07-27 06:10 - 2012-07-17 07:15 - 47692675 ____A C:\Users\Ryuu\Downloads\xivico7.3.zip
2012-07-27 04:57 - 2011-12-23 08:06 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005Core.job
2012-07-27 02:51 - 2012-07-27 02:51 - 00000950 ____A C:\Users\Public\Desktop\Alcohol 120%.lnk
2012-07-27 02:51 - 2012-07-27 02:41 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
2012-07-27 02:51 - 2012-01-23 02:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
2012-07-27 02:41 - 2012-07-27 02:41 - 00739856 ____A (Google Inc.) C:\Users\Ryuu\Downloads\ChromeSetup.exe
2012-07-27 02:34 - 2012-07-27 02:34 - 00980480 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50267.msi
2012-07-26 21:16 - 2012-07-26 20:43 - 553837264 ____A C:\Users\Ryuu\Downloads\[HorribleSubs] Naruto Shippuuden - 271 [1080p].mkv
2012-07-26 21:10 - 2012-07-26 21:10 - 00000000 ____A C:\Windows\SysWOW64\shoC467.tmp
2012-07-26 20:24 - 2011-12-17 08:39 - 01851392 ____A C:\Users\Ryuu\Documents\MyCalendar.ecfx
2012-07-26 20:23 - 2012-07-26 20:22 - 10198728 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\flashplayer11-4_p1_install_win_pi_071612.exe
2012-07-26 20:04 - 2011-11-24 07:13 - 00000024 ____A C:\Windows\LogonStudio.ini
2012-07-25 07:28 - 2012-07-25 07:28 - 00000000 ____A C:\Windows\SysWOW64\shoCA95.tmp
2012-07-25 00:37 - 2012-02-28 05:27 - 00002411 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-07-25 00:27 - 2012-07-25 00:27 - 00003352 ____N C:\bootsqm.dat
2012-07-24 06:39 - 2012-07-24 06:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-24 06:39 - 2012-07-24 06:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-24 06:38 - 2012-07-24 06:38 - 09822920 ____A (Adobe Systems Incorporated) C:\Users\Ryuu\Downloads\install_flash_player.exe
2012-07-24 03:21 - 2012-07-24 03:21 - 00063886 ____A C:\Users\Mike\Downloads\TOTALLYBOREED
2012-07-23 21:25 - 2012-07-23 21:24 - 06723616 ____A (Adobe Systems Inc.) C:\Users\Ryuu\Downloads\Shockwave_Installer_Slim.exe
2012-07-23 21:25 - 2012-04-08 07:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-23 21:25 - 2012-04-08 07:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-23 21:24 - 2012-07-23 21:24 - 00893936 ____A (Oracle Corporation) C:\Users\Ryuu\Downloads\jxpiinstall.exe
2012-07-23 21:02 - 2012-07-23 21:02 - 00650240 ____A C:\Users\Ryuu\Downloads\MicrosoftFixit50199.msi
2012-07-23 20:56 - 2012-07-23 20:56 - 00641253 ____A C:\Users\Ryuu\Downloads\ ??????????? (SAO) [Crossing field].mp4
2012-07-23 01:16 - 2012-07-23 01:16 - 07275072 ____A (Dark Byte ) C:\Users\Ryuu\Downloads\CheatEngine62.exe
2012-07-23 01:14 - 2012-07-23 01:14 - 00062345 ____A C:\Users\Ryuu\Downloads\YS Origin STEAM Update 3 +6 Trainer.rar
2012-07-23 00:20 - 2012-07-23 00:20 - 00001261 ____A C:\Users\Ryuu\Downloads\Ys Origin.CT
2012-07-23 00:19 - 2012-07-23 00:19 - 00011366 ____A C:\Users\Ryuu\Downloads\YSO_Mini_Image.rar
2012-07-22 23:51 - 2012-07-22 23:51 - 00000790 ____A C:\Users\Public\Desktop\Ys Origin.lnk
2012-07-21 04:36 - 2012-07-21 04:36 - 00005532 ____A C:\Users\Ryuu\Downloads\777 We can sing a song~ lyrics.txt
2012-07-21 01:24 - 2012-07-21 01:24 - 00073622 ____A C:\Users\Ryuu\Downloads\bws-0637.rar
2012-07-21 01:00 - 2012-07-21 01:00 - 00002214 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
2012-07-21 01:00 - 2012-07-21 01:00 - 00002200 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
2012-07-21 00:18 - 2012-07-21 00:17 - 03791728 ____A C:\Users\Ryuu\Downloads\BlackOps_by_GradenT_[Update_5-6]_[+23].rar
2012-07-20 23:44 - 2012-07-20 23:40 - 15809643 ____A C:\Users\Ryuu\Downloads\sr-cod723-Mbb.rar
2012-07-20 23:44 - 2012-07-20 23:40 - 14468514 ____A C:\Users\Ryuu\Downloads\sr-cod71-Mbb.rar
2012-07-20 01:54 - 2012-07-20 01:54 - 00191444 ____A C:\Users\Ryuu\Downloads\COMPANY_OF_HEROES_TALES_OF_VALOR_MEGA_TRAINER_2_602_rar.exe
2012-07-20 01:53 - 2012-07-20 01:53 - 00009324 ___RA C:\Users\Ryuu\RelicCOH_TOV_v2602.CT
2012-07-20 01:50 - 2012-07-20 01:50 - 03020105 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_-_ToV_v2.602_+_9_Trainer.rar
2012-07-20 01:37 - 2012-07-20 01:37 - 00834544 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-07-20 01:32 - 2012-07-20 01:32 - 02416536 ____A C:\Users\Ryuu\Downloads\Company_of_Heroes_Tales_of_Valor_NoCDNoDVD_[2.602].7z
2012-07-20 01:20 - 2012-07-20 01:20 - 00290128 ____A C:\Users\Ryuu\Downloads\Ys.Origins-RELOADED_PublicHD.exe
2012-07-20 00:56 - 2012-07-20 00:30 - 164254690 ____A C:\Users\Ryuu\Downloads\EN_2601_2602_Patch.exe
2012-07-20 00:56 - 2012-07-20 00:28 - 28143440 ____A C:\Users\Ryuu\Downloads\EN_2600_2601_Patch.exe
2012-07-19 06:24 - 2012-07-19 06:23 - 47593217 ____A C:\Users\Ryuu\Downloads\EN_2502_2600_Patch.exe
2012-07-19 06:24 - 2012-07-19 06:22 - 32765297 ____A C:\Users\Ryuu\Downloads\EN_2501_2502_Patch.exe
2012-07-19 03:19 - 2012-07-19 03:15 - 112496474 ____A C:\Users\Ryuu\Downloads\EN_2500_2501_Patch.exe
2012-07-18 02:36 - 2012-07-18 02:36 - 00007014 ____A C:\Users\Ryuu\Downloads\SpecOpsTheLine_v10.CT
2012-07-18 01:47 - 2012-07-18 01:47 - 00002448 ____A C:\Users\Ryuu\Desktop\Spec Ops The Line.lnk
2012-07-17 11:03 - 2012-07-14 02:33 - 2009704706 ____A C:\Users\Ryuu\Downloads\Company Of Heroes (2006) + CoH - Opposing Fronts (2007).rar
2012-07-16 05:27 - 2012-07-16 05:27 - 00000000 ____A C:\Windows\SysWOW64\sho29FA.tmp
2012-07-16 02:39 - 2012-07-16 02:39 - 00001419 ____A C:\Users\Ryuu\Desktop\Wondershare Video Converter Ultimate.lnk
2012-07-16 01:07 - 2012-07-23 01:15 - 00099328 ____A C:\Users\Ryuu\Desktop\Trainer.EXE
2012-07-16 00:21 - 2012-01-24 23:17 - 00086528 __ASH C:\Users\Ryuu\Documents\Thumbs.db
2012-07-15 17:03 - 2012-07-15 17:03 - 00184891 ____A C:\torrent.exe
2012-07-13 03:18 - 2009-07-13 20:45 - 00459728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-13 03:16 - 2012-07-13 03:16 - 00000000 ____A C:\Windows\SysWOW64\sho933A.tmp
2012-07-13 02:41 - 2011-12-05 09:54 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-12 07:36 - 2012-07-12 07:36 - 00659211 ____A C:\Users\Ryuu\Downloads\RelicCOH.CT
2012-07-12 06:25 - 2012-07-12 06:25 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-07-12 04:23 - 2012-07-12 04:23 - 00003120 ____A C:\Windows\SysWOW64\ALLFSAF8a.ocx
2012-07-12 04:23 - 2012-07-12 04:23 - 00002114 ____A C:\Users\Public\Desktop\LayOut 3.lnk
2012-07-12 04:23 - 2012-07-12 04:23 - 00002029 ____A C:\Users\Public\Desktop\Google SketchUp 8.lnk
2012-07-12 03:00 - 2012-04-19 04:00 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-10 07:04 - 2012-07-10 07:04 - 298992036 ____A C:\Users\Ryuu\Downloads\EX-ANL.mp4
2012-07-07 22:09 - 2012-06-28 22:37 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-07 22:09 - 2011-12-06 02:25 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-07 08:28 - 2012-07-07 08:28 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2012-07-05 06:06 - 2012-07-23 21:25 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 06:06 - 2012-07-23 21:25 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 06:06 - 2011-11-08 22:37 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-04 01:12 - 2012-07-04 01:12 - 00000000 ____A C:\Windows\SysWOW64\sho456C.tmp
2012-07-03 03:30 - 2011-12-06 02:25 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-02 21:46 - 2012-07-28 22:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____A C:\Windows\SysWOW64\sho7BBD.tmp
2012-06-28 21:54 - 2011-12-06 02:25 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-27 01:03 - 2012-06-27 01:03 - 00000000 ____A C:\Windows\SysWOW64\shoC66B.tmp
2012-06-26 12:32 - 2012-07-18 01:52 - 18679808 ____A (Take-Two Interactive Software, Inc.) C:\Users\Ryuu\SpecOpsTheLine.exe
2012-06-26 12:32 - 2012-07-18 01:52 - 00359424 ____A (SKIDROW) C:\Users\Ryuu\Steamclient.dll
2012-06-26 12:32 - 2012-07-18 01:52 - 00124296 ____A (Valve Corporation) C:\Users\Ryuu\steam_api.dll
2012-06-25 21:12 - 2012-06-25 21:12 - 00001164 ____A C:\Users\Ryuu\Desktop\PC Wizard 2012.lnk
2012-06-22 04:38 - 2012-06-22 04:38 - 00002231 ____A C:\Users\Mike\Desktop\Fable - The Lost Chapters.lnk
2012-06-22 04:38 - 2012-06-22 04:38 - 00002231 ____A C:\Users\Guest\Desktop\Fable - The Lost Chapters.lnk
2012-06-22 02:49 - 2012-06-22 02:49 - 00001186 ____A C:\Users\Mike\Desktop\MID Converter 4.2.lnk
2012-06-22 02:49 - 2012-06-22 02:49 - 00001186 ____A C:\Users\Guest\Desktop\MID Converter 4.2.lnk
2012-06-21 00:37 - 2012-06-21 00:37 - 03166792 ____N C:\Windows\SysWOW64\pbsvc.exe
2012-06-21 00:29 - 2012-06-21 00:29 - 00000000 ____A C:\Windows\SysWOW64\sho5254.tmp
2012-06-20 07:38 - 2012-03-15 09:45 - 00001897 ____A C:\user.js
2012-06-20 06:00 - 2012-06-20 06:00 - 00000000 ____A C:\Windows\SysWOW64\sho6748.tmp
2012-06-19 18:11 - 2012-06-19 18:12 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-19 18:11 - 2012-06-19 18:12 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-19 18:11 - 2012-06-19 18:12 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-19 18:11 - 2012-06-19 18:12 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-19 18:11 - 2012-06-19 18:12 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-17 10:41 - 2012-06-17 10:41 - 00001241 ____A C:\Users\Ryuu\Desktop\AVS Video Converter.lnk
2012-06-15 19:25 - 2012-06-15 19:25 - 00000000 ____A C:\Windows\SysWOW64\sho5BF6.tmp
2012-06-15 17:04 - 2012-06-15 17:04 - 00000000 ____A C:\Windows\SysWOW64\sho40F7.tmp
2012-06-15 16:42 - 2012-06-15 16:42 - 00001324 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2012-06-14 06:22 - 2012-06-14 05:47 - 00000023 ____A C:\Windows\BlendSettings.ini
2012-06-12 10:22 - 2012-06-12 10:22 - 00000000 ____A C:\Windows\SysWOW64\sho4E24.tmp
2012-06-11 19:08 - 2012-07-13 02:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:52 - 2012-06-11 10:52 - 00000000 ____A C:\Windows\SysWOW64\sho21D3.tmp
2012-06-10 08:21 - 2012-06-10 08:21 - 00021504 ____A C:\Windows\jestertb.dll
2012-06-08 21:43 - 2012-07-10 22:55 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 22:55 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 00:53 - 2012-06-07 00:53 - 00000000 ____A C:\Windows\SysWOW64\shoB6C2.tmp
2012-06-05 22:06 - 2012-07-10 22:55 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 22:55 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 22:54 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 22:55 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 22:55 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 22:54 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 11:24 - 2012-06-05 11:24 - 00000000 ____A C:\Windows\SysWOW64\sho9A96.tmp
2012-06-02 14:19 - 2012-06-18 18:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 18:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 18:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 18:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 18:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 18:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 18:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 10:46 - 2012-05-27 22:34 - 00000040 ___AH C:\Users\Ryuu\Desktop\x_acii_keys.xtr
2012-06-02 04:49 - 2012-07-13 02:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-13 02:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-13 02:41 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-13 02:41 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-13 02:41 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-13 02:41 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-13 02:41 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-13 02:41 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-13 02:41 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-13 02:41 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-13 02:41 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-13 02:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-13 02:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-13 02:41 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-13 02:41 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-13 02:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-13 02:41 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-13 02:41 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-13 02:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-13 02:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-13 02:41 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-13 02:41 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-13 02:41 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-13 02:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-13 02:41 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-13 02:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-13 02:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-13 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 23:29 - 2012-06-01 23:29 - 00000000 ____A C:\Windows\SysWOW64\shoA952.tmp
2012-06-01 23:19 - 2012-06-18 18:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 23:15 - 2012-06-18 18:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 22:54 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 22:54 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 22:54 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 22:54 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 22:54 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 22:54 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 22:54 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 22:54 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 22:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-30 20:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 10:16 - 2012-05-30 10:16 - 00000000 ____A C:\Windows\SysWOW64\shoEDD8.tmp
2012-05-29 05:21 - 2012-04-03 03:42 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll
2012-05-28 07:38 - 2011-12-13 18:44 - 00000632 _RASH C:\Users\Ryuu\ntuser.pol
2012-05-27 10:48 - 2012-05-27 10:48 - 00000000 ____A C:\Windows\SysWOW64\shoE7B0.tmp
2012-05-26 04:54 - 2012-05-26 04:54 - 00000000 ____A C:\Windows\SysWOW64\sho7087.tmp
2012-05-25 11:23 - 2012-05-25 11:23 - 00000000 ____A C:\Windows\SysWOW64\shoA67C.tmp
2012-05-24 23:01 - 2012-05-24 23:01 - 00001683 ____A C:\Users\Public\Desktop\Dragon Nest.lnk
2012-05-19 23:06 - 2012-05-19 23:06 - 00000000 ____A C:\Windows\SysWOW64\sho3109.tmp
2012-05-19 22:15 - 2012-05-19 22:15 - 00661600 ____A (Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem
2012-05-17 20:33 - 2012-05-17 20:33 - 00000387 ___AH C:\IPH.PH
2012-05-17 20:33 - 2012-05-17 20:33 - 00000335 ____A C:\Windows\nsreg.dat
2012-05-17 02:32 - 2012-05-17 02:32 - 00001276 ____A C:\Users\Mike\Desktop\Graboid Video.lnk
2012-05-17 02:32 - 2012-05-17 02:32 - 00001276 ____A C:\Users\Guest\Desktop\Graboid Video.lnk
2012-05-15 02:48 - 2012-07-12 06:24 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-07-12 06:24 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-07-12 06:18 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2012-07-12 06:18 - 00028992 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2012-05-15 02:48 - 2012-07-12 06:18 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-07-12 06:25 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2012-07-12 06:25 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2012-07-12 06:25 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 01:29 - 2012-07-12 06:25 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2012-07-12 06:25 - 00858944 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2012-05-15 01:29 - 2012-07-12 06:25 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2012-07-12 06:25 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:29 - 2012-07-12 06:25 - 00055616 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2012-05-15 01:28 - 2012-07-12 06:25 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 21:04 - 2012-05-14 21:04 - 00001317 ____A C:\Users\Mike\Desktop\Yinyuetai Downloader.lnk
2012-05-14 21:04 - 2012-05-14 21:04 - 00001317 ____A C:\Users\Guest\Desktop\Yinyuetai Downloader.lnk
2012-05-14 21:04 - 2012-05-14 21:04 - 00001245 ____A C:\Users\Mike\Desktop\Video Downloader.lnk
2012-05-14 21:04 - 2012-05-14 21:04 - 00001245 ____A C:\Users\Guest\Desktop\Video Downloader.lnk
2012-05-14 05:11 - 2012-05-14 05:11 - 00001975 ____A C:\Users\Mike\Desktop\GamezAion Launcher.lnk
2012-05-14 05:11 - 2012-05-14 05:11 - 00001975 ____A C:\Users\Guest\Desktop\GamezAion Launcher.lnk
2012-05-12 21:34 - 2011-12-13 18:48 - 00125968 ____A C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-12 08:49 - 2012-05-10 03:07 - 00000040 ___SH C:\Users\All Users\.zreglib
2012-05-10 22:46 - 2012-05-10 22:46 - 00644400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2012-05-10 02:55 - 2012-05-10 02:55 - 00000000 ____A C:\Windows\SysWOW64\shoF70B.tmp
2012-05-10 02:09 - 2011-12-06 02:53 - 00020242 ____A C:\Users\Ryuu\Documents\Uninstall Dragon Age 2.log
2012-05-09 09:55 - 2012-05-09 09:51 - 00164626 ____A C:\Windows\hpoins27.dat
2012-05-09 09:55 - 2012-05-09 09:51 - 00000812 ____A C:\Users\All Users\hpzinstall.log
2012-05-09 09:55 - 2009-07-13 18:34 - 00000545 ____A C:\Windows\win.ini
2012-05-09 00:06 - 2012-05-09 00:06 - 00000020 ____A C:\Windows\Øôà
2012-05-06 23:45 - 2012-05-06 23:45 - 00000000 ____A C:\Windows\SysWOW64\shoA1CC.tmp
2012-05-04 23:03 - 2012-05-04 23:03 - 00000000 ____A C:\Windows\SysWOW64\sho25DC.tmp
2012-05-04 03:06 - 2012-06-14 00:57 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-07-07 05:02 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-14 00:57 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 00:57 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-07-07 05:02 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-03 23:04 - 2012-05-03 23:04 - 00421888 ____A (Gabest) C:\Windows\SysWOW64\RealMediaSplitter.ax
2012-05-03 23:04 - 2012-05-03 23:04 - 00278528 ____A (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2012-05-03 23:04 - 2012-05-03 23:04 - 00181736 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

ZeroAccess:
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\@
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L\00000004.@
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L\201d3dde
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\00000004.@
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\000000cb.@
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000000.@
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000032.@
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U\80000064.@

ZeroAccess:
C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}
C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\@
C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L
C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\U
C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641}\L\00000004.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 8043.86 MB
Available physical RAM: 7080.58 MB
Total Pagefile: 8042.06 MB
Available Pagefile: 7079.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:223.45 GB) (Free:59.11 GB) NTFS
2 Drive e: (DATA) (Fixed) (Total:224.21 GB) (Free:43.26 GB) NTFS
3 Drive f: (PQSERVICE) (Fixed) (Total:18 GB) (Free:7.72 GB) NTFS
5 Drive h: () (Removable) (Total:3.73 GB) (Free:1.1 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 18 GB 1024 KB
Partition 2 Primary 100 MB 18 GB
Partition 3 Primary 223 GB 18 GB
Partition 4 Primary 224 GB 241 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F PQSERVICE NTFS Partition 18 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 223 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DATA NTFS Partition 224 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3818 MB Healthy

==================================================================================

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


==========================================================

Last Boot: 2012-07-17 09:54

======================= End Of Log ==========================
 
Search.txt

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 00:05:56
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 2
Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 10:59:04 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
aalobgfe service deleted successfully.
C:\Windows\System32\services.exe.C93AB17FCC9803A1 moved successfully.
C:\Windows\System32\Drivers\vpfwysoc.sys not found.
C:\Windows\System32\services.exe.708E78416D21F6C8 moved successfully.
C:\Windows\System32\services.exe.7CF3CBC5CBD25884 moved successfully.
C:\Windows\System32\services.exe.B70D5861D85AD664 moved successfully.
C:\Windows\System32\services.exe.705B55BB93B186F1 moved successfully.
C:\Windows\System32\services.exe.B25ED5FF07112164 moved successfully.
C:\Windows\System32\services.exe.ABD0E22A81008886 moved successfully.
C:\Windows\System32\services.exe.04DD8A8E342C08BB moved successfully.
C:\Windows\System32\services.exe.66F487C048984A95 moved successfully.
C:\Windows\System32\services.exe.869D5BCC9E8E983A moved successfully.
C:\Windows\System32\services.exe.38BB1D571143E4D0 moved successfully.
C:\Windows\Installer\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641} moved successfully.
C:\Users\Ryuu\AppData\Local\{a2c6a95b-87e5-8000-a1ef-e6d58ab11641} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

The operation completed successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
ComBo Fix Log

ComboFix 12-07-29.02 - Ryuu 30/07/2012 11:12:09.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8044.6918 [GMT 8:00]
Running from: c:\users\Ryuu\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\2
c:\program files (x86)\2\0\1.cmd
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\1323230167.bdinstall.bin
c:\programdata\1323233335.bdinstall.bin
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\users\Ryuu\AppData\Local\Minibar
c:\users\Ryuu\AppData\Local\Minibar\common.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\Ryuu\AppData\Local\Minibar\firefox\install.rdf
c:\users\Ryuu\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll
c:\users\Ryuu\AppData\Local\Minibar\firefox_installer.js
c:\users\Ryuu\AppData\Local\Minibar\ie_installer.js
c:\users\Ryuu\AppData\Local\Minibar\minibar.xpi
c:\users\Ryuu\AppData\Local\Minibar\Uninstall.exe
c:\users\Ryuu\AppData\Local\TempDIR
c:\users\Ryuu\hosts
c:\users\Ryuu\RelicCOH.exe
c:\users\Ryuu\SpecOpsTheLine.exe
c:\users\Ryuu\steam_api.dll
c:\users\Ryuu\Steamclient.dll
c:\windows\jestertb.dll
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 03:21 . 2012-07-30 03:21 -------- d-----w- c:\users\Mike\AppData\Local\temp
2012-07-30 03:21 . 2012-07-30 03:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-30 03:21 . 2012-07-30 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 02:49 . 2012-07-30 02:49 328704 ----a-w- c:\windows\system32\services.exe.4D866F236C783CD8
2012-07-29 06:01 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 04:36 . 2012-07-29 04:36 -------- d-----w- C:\FRST
2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Malwarebytes
2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 09:52 . 2012-07-29 06:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 09:34 . 2012-07-29 04:07 -------- d-----w- C:\d51ee645f6d2af991e9c9d0cf0e4
2012-07-28 09:20 . 2012-07-29 04:07 -------- d-----w- C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
2012-07-28 08:46 . 2012-07-28 08:46 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Systweak
2012-07-28 08:45 . 2012-07-29 04:07 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2012-07-28 07:53 . 2012-07-15 18:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\mpengine.dll
2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-27 05:10 . 2012-07-27 05:10 0 ----a-w- c:\windows\SysWow64\shoC467.tmp
2012-07-25 15:28 . 2012-07-25 15:28 0 ----a-w- c:\windows\SysWow64\shoCA95.tmp
2012-07-24 14:39 . 2012-07-24 14:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 14:39 . 2012-07-24 14:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Oracle
2012-07-24 05:25 . 2012-07-05 14:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-23 09:16 . 2012-07-23 09:16 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2012-07-23 08:22 . 2012-07-23 08:22 -------- d-----w- c:\users\Ryuu\AppData\Roaming\FALCOM
2012-07-23 07:53 . 2012-07-23 07:53 -------- d-----w- c:\programdata\RELOADED
2012-07-23 07:50 . 2012-07-23 07:53 -------- d-----w- c:\program files (x86)\Ys Origin
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Mike\AppData\Local\Activision
2012-07-21 09:21 . 2012-07-21 09:21 -------- d-----w- c:\users\Ryuu\AppData\Local\Activision
2012-07-21 07:11 . 2012-07-21 07:11 -------- d-----w- c:\program files (x86)\Activision
2012-07-20 12:03 . 2012-07-20 12:03 -------- d-----w- c:\users\Mike\AppData\Local\Wondershare
2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\OApps
2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\TorrentSearch
2012-07-20 09:55 . 2012-07-29 04:22 -------- d-----w- c:\program files (x86)\smartdl
2012-07-20 09:43 . 2012-07-20 09:43 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-07-20 09:37 . 2012-07-20 09:37 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-20 07:59 . 2009-07-13 19:25 -------- d-----w- c:\users\Ryuu\validators
2012-07-20 07:04 . 2012-07-20 07:04 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-07-19 11:37 . 2012-07-19 11:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 09:50 . 2012-07-18 09:50 -------- d-sh--w- c:\windows\ftpcache
2012-07-18 09:47 . 2012-07-18 09:47 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Spec Ops The Line
2012-07-18 09:19 . 2012-07-18 09:19 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2012-07-16 13:27 . 2012-07-16 13:27 0 ----a-w- c:\windows\SysWow64\sho29FA.tmp
2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Local\Wondershare
2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2012-07-14 13:11 . 2012-07-14 16:47 -------- d-----w- c:\users\Mike\AppData\Roaming\NVIDIA
2012-07-14 05:27 . 2012-07-15 08:35 -------- d-----w- c:\program files (x86)\JoWooD Entertainment AG
2012-07-13 15:42 . 2012-07-13 15:42 -------- d--h--r- c:\users\Ryuu\AppData\Roaming\SecuROM
2012-07-13 11:16 . 2012-07-13 11:16 0 ----a-w- c:\windows\SysWow64\sho933A.tmp
2012-07-13 10:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 10:40 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-13 10:40 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\SysWow64\NV
2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\system32\NV
2012-07-12 14:25 . 2012-07-13 10:35 -------- d-----w- c:\programdata\NVIDIA
2012-07-12 14:25 . 2012-07-29 04:22 -------- d-----w- c:\users\UpdatusUser
2012-07-12 14:25 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-12 14:25 . 2012-05-15 09:29 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-07-12 14:25 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-12 14:25 . 2012-05-15 09:29 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-07-12 14:25 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-12 14:25 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-12 14:25 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-07-12 14:25 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-12 14:25 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-12 14:24 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-12 14:24 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-12 14:24 . 2012-07-12 14:24 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-11 06:55 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:55 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:55 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 06:55 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 06:55 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 06:55 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 06:55 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-07 13:34 . 2010-04-03 03:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
2012-07-07 13:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-07 13:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-07 12:47 . 2012-07-07 12:47 -------- d-----w- c:\program files (x86)\THQ
2012-07-06 16:38 . 2012-07-06 16:38 -------- d-----w- c:\users\Mike\AppData\Local\Diagnostics
2012-07-04 09:12 . 2012-07-04 09:12 0 ----a-w- c:\windows\SysWow64\sho456C.tmp
2012-06-30 12:04 . 2012-06-30 12:04 0 ----a-w- c:\windows\SysWow64\sho7BBD.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 10:41 . 2011-12-05 17:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 11:00 . 2012-04-19 12:00 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-08 06:09 . 2012-06-29 06:37 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-08 06:09 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-05 14:06 . 2011-11-09 06:37 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:30 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-29 05:54 . 2011-12-06 10:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-27 09:03 . 2012-06-27 09:03 0 ----a-w- c:\windows\SysWow64\shoC66B.tmp
2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
2012-06-21 08:29 . 2012-06-21 08:29 0 ----a-w- c:\windows\SysWow64\sho5254.tmp
2012-06-20 14:00 . 2012-06-20 14:00 0 ----a-w- c:\windows\SysWow64\sho6748.tmp
2012-06-20 02:11 . 2012-06-20 02:12 268720 ----a-w- c:\windows\system32\javaws.exe
2012-06-20 02:11 . 2012-06-20 02:12 189360 ----a-w- c:\windows\system32\javaw.exe
2012-06-20 02:11 . 2012-06-20 02:12 188840 ----a-w- c:\windows\system32\java.exe
2012-06-20 02:11 . 2012-06-20 02:12 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-20 02:11 . 2012-06-20 02:12 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 03:25 . 2012-06-16 03:25 0 ----a-w- c:\windows\SysWow64\sho5BF6.tmp
2012-06-16 01:04 . 2012-06-16 01:04 0 ----a-w- c:\windows\SysWow64\sho40F7.tmp
2012-06-12 18:22 . 2012-06-12 18:22 0 ----a-w- c:\windows\SysWow64\sho4E24.tmp
2012-06-11 18:52 . 2012-06-11 18:52 0 ----a-w- c:\windows\SysWow64\sho21D3.tmp
2012-06-07 08:53 . 2012-06-07 08:53 0 ----a-w- c:\windows\SysWow64\shoB6C2.tmp
2012-06-05 19:24 . 2012-06-05 19:24 0 ----a-w- c:\windows\SysWow64\sho9A96.tmp
2012-06-02 22:19 . 2012-06-19 02:53 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 02:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 02:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 02:53 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 02:53 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 02:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 02:53 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 07:29 . 2012-06-02 07:29 0 ----a-w- c:\windows\SysWow64\shoA952.tmp
2012-06-02 07:19 . 2012-06-19 02:53 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 07:15 . 2012-06-19 02:53 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 18:16 . 2012-05-30 18:16 0 ----a-w- c:\windows\SysWow64\shoEDD8.tmp
2012-05-27 18:48 . 2012-05-27 18:48 0 ----a-w- c:\windows\SysWow64\shoE7B0.tmp
2012-05-26 12:54 . 2012-05-26 12:54 0 ----a-w- c:\windows\SysWow64\sho7087.tmp
2012-05-25 19:23 . 2012-05-25 19:23 0 ----a-w- c:\windows\SysWow64\shoA67C.tmp
2012-05-20 07:06 . 2012-05-20 07:06 0 ----a-w- c:\windows\SysWow64\sho3109.tmp
2012-05-20 06:15 . 2012-05-20 06:15 661600 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-05-11 06:46 . 2012-05-11 06:46 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-05-10 10:55 . 2012-05-10 10:55 0 ----a-w- c:\windows\SysWow64\shoF70B.tmp
2012-05-07 07:45 . 2012-05-07 07:45 0 ----a-w- c:\windows\SysWow64\shoA1CC.tmp
2012-05-05 07:03 . 2012-05-05 07:03 0 ----a-w- c:\windows\SysWow64\sho25DC.tmp
2012-05-04 11:06 . 2012-06-14 08:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 08:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 08:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 07:04 . 2012-05-04 07:04 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
2012-05-01 05:40 . 2012-06-14 08:57 209920 ----a-w- c:\windows\system32\profsvc.dll
2010-01-26 03:11 . 2012-06-20 15:40 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0931BD3F-547E-45C1-B133-D0E995645DBA}]
2012-07-13 17:44 92160 ----a-w- c:\program files (x86)\OApps\bho_project.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{adca5064-9e30-43fe-9856-58b07a3149fe}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\FreeMake\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-04-24 06:24 1310000 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6B896ADB-4A82-46e2-858C-13134782CE34}"= "c:\program files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll" [2009-12-15 413696]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6b896adb-4a82-46e2-858c-13134782ce34}]
[HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{D4FB30ED-7DDB-4e2c-A7F2-C7B905D5D771}]
[HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-01 3417496]
.
c:\users\Ryuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-20 834544]
R1 wxutdbmc;wxutdbmc;c:\windows\system32\drivers\wxutdbmc.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
R2 MSSQL$DRAGONICA;SQL Server (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleX64;EagleX64; [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys [2011-08-01 513824]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
R3 wolf;wolf; [x]
R3 X6va005;X6va005; [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 250056]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R4 SQLAgent$DRAGONICA;SQL Server Agent (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-12-03 265928]
R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-01 272448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [2011-05-16 51240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 14:39]
.
2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
- c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
- c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
.
2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005Core.job
- c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005UA.job
- c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
.
2012-07-29 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-11-22 07:24]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
- c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
- c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-05-24 07:23 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF22011.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF22011.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=0a9026c700000000000002004c4f4f50
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={BF131707-A10F-11E1-9CB4-B870F4AA8650}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.trueinternet.co.th:8080
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Download with Xilisoft Online Video Downloader - c:\program files (x86)\Xilisoft\Online Video Downloader\upod_link.HTM
IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 192.168.1.254
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
FF - ProfilePath - c:\users\Ryuu\AppData\Roaming\Mozilla\Firefox\Profiles\8ztbwxdo.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extentions.y2layers.installId - 17eb04dd-eb6e-43d4-b51e-557eefece8b2
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15489
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQAB82eZf&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQAB82eZf
FF - user.js: extensions.incredibar_i.upn2n - 92543067446074589
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 36
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{ADCA5064-9E30-43FE-9856-58B07A3149FE} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?áÍ"=hex:1b,9b,39,f0,14,f1,ff,ff,fa,4f,cf,e4,60,03,0a,d7,ae,03,45,85,4b,fd,55,
e9,82,03,7a,92,e3,c3,a8,0e,ec,b0,a8,c2,22,d4,df,0d,41,45,94,3a,a2,31,c7,28,\
"·³²»"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,69,f1,57,a1,be,2b,db,20,3c,1a,3b,ff,4e,f5,81,cd,ac,e7,b3,de,
99,7a,b4,dd,8d,bf,72,6e,01,ba,d0,91,65,bb,00,21,ba,bb,12,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,39,9c,5c,b0,39,0d,c8,eb,5c,b0,92,7e,ad,fc,fa,31,b1,25,c7,c9,
8b,82,3a,b9,8e,62,13,c4,f8,d5,40,4e,5e,00,05,20,ef,eb,f8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{dfdd4cb2-21b3-4558-94e5-942b7730ddd3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000153
"Therad"=dword:0000001d
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{ee3e00c3-d68e-4e3c-bb70-97d257f91d6d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000028
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Completion time: 2012-07-30 11:31:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 03:31
.
Pre-Run: 62,927,572,992 bytes free
Post-Run: 62,688,063,488 bytes free
.
- - End Of File - - F36F00D7193B3BB5731689CCC6B0FA3A
 
Uninstall Advanced System Optimizer 3.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=============================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\services.exe.4D866F236C783CD8
c:\windows\system32\drivers\wxutdbmc.sys

DDS::
uInternet Settings,ProxyServer = proxy.trueinternet.co.th:8080
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

Driver::
wxutdbmc

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix.txt

ComboFix 12-07-29.02 - Ryuu 30/07/2012 14:20:55.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8044.6027 [GMT 8:00]
Running from: c:\users\Ryuu\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryuu\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\wxutdbmc.sys"
"c:\windows\system32\services.exe.4D866F236C783CD8"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\services.exe.4D866F236C783CD8
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wxutdbmc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 06:28 . 2012-07-30 06:28 -------- d-----w- c:\users\Mike\AppData\Local\temp
2012-07-30 06:28 . 2012-07-30 06:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-30 06:28 . 2012-07-30 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 06:01 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 04:36 . 2012-07-29 04:36 -------- d-----w- C:\FRST
2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Malwarebytes
2012-07-28 09:52 . 2012-07-28 09:52 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 09:52 . 2012-07-29 06:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 09:34 . 2012-07-29 04:07 -------- d-----w- C:\d51ee645f6d2af991e9c9d0cf0e4
2012-07-28 09:20 . 2012-07-29 04:07 -------- d-----w- C:\4e4dd3ab32a9b8fe7501dbe8dbd4f4
2012-07-28 08:46 . 2012-07-28 08:46 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Systweak
2012-07-28 07:53 . 2012-07-15 18:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C546CAE4-2870-4851-ABC7-F808A738AFDD}\mpengine.dll
2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-28 07:51 . 2012-07-28 07:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-27 05:10 . 2012-07-27 05:10 0 ----a-w- c:\windows\SysWow64\shoC467.tmp
2012-07-25 15:28 . 2012-07-25 15:28 0 ----a-w- c:\windows\SysWow64\shoCA95.tmp
2012-07-24 14:39 . 2012-07-24 14:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 14:39 . 2012-07-24 14:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-24 05:26 . 2012-07-24 05:26 -------- d-----w- c:\program files (x86)\Oracle
2012-07-24 05:25 . 2012-07-05 14:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-23 09:16 . 2012-07-23 09:16 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2012-07-23 08:22 . 2012-07-23 08:22 -------- d-----w- c:\users\Ryuu\AppData\Roaming\FALCOM
2012-07-23 07:53 . 2012-07-23 07:53 -------- d-----w- c:\programdata\RELOADED
2012-07-23 07:50 . 2012-07-23 07:53 -------- d-----w- c:\program files (x86)\Ys Origin
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Mike\AppData\Local\Activision
2012-07-21 09:21 . 2012-07-21 09:21 -------- d-----w- c:\users\Ryuu\AppData\Local\Activision
2012-07-21 07:11 . 2012-07-21 07:11 -------- d-----w- c:\program files (x86)\Activision
2012-07-20 12:03 . 2012-07-20 12:03 -------- d-----w- c:\users\Mike\AppData\Local\Wondershare
2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\OApps
2012-07-20 09:55 . 2012-07-20 09:55 -------- d-----w- c:\program files (x86)\TorrentSearch
2012-07-20 09:55 . 2012-07-29 04:22 -------- d-----w- c:\program files (x86)\smartdl
2012-07-20 09:43 . 2012-07-20 09:43 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-07-20 09:37 . 2012-07-20 09:37 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-20 07:59 . 2009-07-13 19:25 -------- d-----w- c:\users\Ryuu\validators
2012-07-20 07:04 . 2012-07-20 07:04 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-07-19 11:37 . 2012-07-19 11:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 09:50 . 2012-07-18 09:50 -------- d-sh--w- c:\windows\ftpcache
2012-07-18 09:47 . 2012-07-18 09:47 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Spec Ops The Line
2012-07-18 09:19 . 2012-07-18 09:19 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2012-07-16 13:27 . 2012-07-16 13:27 0 ----a-w- c:\windows\SysWow64\sho29FA.tmp
2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Roaming\Wondershare Video Converter Ultimate
2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\users\Ryuu\AppData\Local\Wondershare
2012-07-16 10:39 . 2012-07-16 10:39 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2012-07-14 13:11 . 2012-07-14 16:47 -------- d-----w- c:\users\Mike\AppData\Roaming\NVIDIA
2012-07-14 05:27 . 2012-07-15 08:35 -------- d-----w- c:\program files (x86)\JoWooD Entertainment AG
2012-07-13 15:42 . 2012-07-13 15:42 -------- d--h--r- c:\users\Ryuu\AppData\Roaming\SecuROM
2012-07-13 11:16 . 2012-07-13 11:16 0 ----a-w- c:\windows\SysWow64\sho933A.tmp
2012-07-13 10:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 10:40 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-13 10:40 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\SysWow64\NV
2012-07-13 10:35 . 2012-07-13 11:18 -------- d-----w- c:\windows\system32\NV
2012-07-12 14:25 . 2012-07-13 10:35 -------- d-----w- c:\programdata\NVIDIA
2012-07-12 14:25 . 2012-07-29 04:22 -------- d-----w- c:\users\UpdatusUser
2012-07-12 14:25 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-12 14:25 . 2012-05-15 09:29 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-07-12 14:25 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-12 14:25 . 2012-05-15 09:29 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-07-12 14:25 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-12 14:25 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-12 14:25 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-07-12 14:25 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-12 14:25 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-12 14:24 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-12 14:24 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-12 14:24 . 2012-07-12 14:24 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-11 06:55 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:55 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:55 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 06:55 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 06:55 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 06:55 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 06:55 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-07 13:34 . 2010-04-03 03:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$DRAGONICA-sqlctr10.51.2500.0.dll
2012-07-07 13:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-07 13:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-07 12:47 . 2012-07-07 12:47 -------- d-----w- c:\program files (x86)\THQ
2012-07-06 16:38 . 2012-07-06 16:38 -------- d-----w- c:\users\Mike\AppData\Local\Diagnostics
2012-07-04 09:12 . 2012-07-04 09:12 0 ----a-w- c:\windows\SysWow64\sho456C.tmp
2012-06-30 12:04 . 2012-06-30 12:04 0 ----a-w- c:\windows\SysWow64\sho7BBD.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 10:41 . 2011-12-05 17:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 11:00 . 2012-04-19 12:00 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-08 06:09 . 2012-06-29 06:37 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-08 06:09 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-05 14:06 . 2011-11-09 06:37 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:30 . 2011-12-06 10:25 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-29 05:54 . 2011-12-06 10:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-27 09:03 . 2012-06-27 09:03 0 ----a-w- c:\windows\SysWow64\shoC66B.tmp
2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
2012-06-21 08:29 . 2012-06-21 08:29 0 ----a-w- c:\windows\SysWow64\sho5254.tmp
2012-06-20 14:00 . 2012-06-20 14:00 0 ----a-w- c:\windows\SysWow64\sho6748.tmp
2012-06-20 02:11 . 2012-06-20 02:12 268720 ----a-w- c:\windows\system32\javaws.exe
2012-06-20 02:11 . 2012-06-20 02:12 189360 ----a-w- c:\windows\system32\javaw.exe
2012-06-20 02:11 . 2012-06-20 02:12 188840 ----a-w- c:\windows\system32\java.exe
2012-06-20 02:11 . 2012-06-20 02:12 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-20 02:11 . 2012-06-20 02:12 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 03:25 . 2012-06-16 03:25 0 ----a-w- c:\windows\SysWow64\sho5BF6.tmp
2012-06-16 01:04 . 2012-06-16 01:04 0 ----a-w- c:\windows\SysWow64\sho40F7.tmp
2012-06-12 18:22 . 2012-06-12 18:22 0 ----a-w- c:\windows\SysWow64\sho4E24.tmp
2012-06-11 18:52 . 2012-06-11 18:52 0 ----a-w- c:\windows\SysWow64\sho21D3.tmp
2012-06-07 08:53 . 2012-06-07 08:53 0 ----a-w- c:\windows\SysWow64\shoB6C2.tmp
2012-06-05 19:24 . 2012-06-05 19:24 0 ----a-w- c:\windows\SysWow64\sho9A96.tmp
2012-06-02 22:19 . 2012-06-19 02:53 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 02:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 02:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 02:53 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 02:53 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 02:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 02:53 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 07:29 . 2012-06-02 07:29 0 ----a-w- c:\windows\SysWow64\shoA952.tmp
2012-06-02 07:19 . 2012-06-19 02:53 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 07:15 . 2012-06-19 02:53 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 18:16 . 2012-05-30 18:16 0 ----a-w- c:\windows\SysWow64\shoEDD8.tmp
2012-05-27 18:48 . 2012-05-27 18:48 0 ----a-w- c:\windows\SysWow64\shoE7B0.tmp
2012-05-26 12:54 . 2012-05-26 12:54 0 ----a-w- c:\windows\SysWow64\sho7087.tmp
2012-05-25 19:23 . 2012-05-25 19:23 0 ----a-w- c:\windows\SysWow64\shoA67C.tmp
2012-05-20 07:06 . 2012-05-20 07:06 0 ----a-w- c:\windows\SysWow64\sho3109.tmp
2012-05-20 06:15 . 2012-05-20 06:15 661600 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-05-11 06:46 . 2012-05-11 06:46 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-05-10 10:55 . 2012-05-10 10:55 0 ----a-w- c:\windows\SysWow64\shoF70B.tmp
2012-05-07 07:45 . 2012-05-07 07:45 0 ----a-w- c:\windows\SysWow64\shoA1CC.tmp
2012-05-05 07:03 . 2012-05-05 07:03 0 ----a-w- c:\windows\SysWow64\sho25DC.tmp
2012-05-04 11:06 . 2012-06-14 08:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 08:57 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 08:57 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 07:04 . 2012-05-04 07:04 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
2010-01-26 03:11 . 2012-06-20 15:40 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-30_03.24.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-30 03:52 93168 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 06:32 38416 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-08 08:54 . 2012-07-30 06:32 21222 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3545194168-222157450-2924182206-1001_UserData.bin
- 2012-07-30 03:23 . 2012-07-30 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 06:30 . 2012-07-30 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 06:30 . 2012-07-30 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-30 03:23 . 2012-07-30 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-30 05:23 733752 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-30 05:23 152108 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-30 06:29 422092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-28 09:10 422092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0931BD3F-547E-45C1-B133-D0E995645DBA}]
2012-07-13 17:44 92160 ----a-w- c:\program files (x86)\OApps\bho_project.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{adca5064-9e30-43fe-9856-58b07a3149fe}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\FreeMake\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-04-24 06:24 1310000 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6B896ADB-4A82-46e2-858C-13134782CE34}"= "c:\program files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll" [2009-12-15 413696]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files (x86)\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6b896adb-4a82-46e2-858c-13134782ce34}]
[HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{D4FB30ED-7DDB-4e2c-A7F2-C7B905D5D771}]
[HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-01 3417496]
.
c:\users\Ryuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Ryuu\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleX64;EagleX64; [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys [2011-08-01 513824]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
R3 wolf;wolf; [x]
R3 X6va005;X6va005; [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 250056]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R4 SQLAgent$DRAGONICA;SQL Server Agent (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-12-03 265928]
R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-20 834544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-01 272448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 MSSQL$DRAGONICA;SQL Server (DRAGONICA);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.DRAGONICA\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 14:39]
.
2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
- c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
- c:\users\Ryuu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-23 10:46]
.
2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005Core.job
- c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1005UA.job
- c:\users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-23 12:52]
.
2012-07-30 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-11-22 07:24]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001Core.job
- c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545194168-222157450-2924182206-1001UA.job
- c:\users\Ryuu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 10:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF26801.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=0a9026c700000000000002004c4f4f50
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={BF131707-A10F-11E1-9CB4-B870F4AA8650}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Download with Xilisoft Online Video Downloader - c:\program files (x86)\Xilisoft\Online Video Downloader\upod_link.HTM
IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 192.168.1.254
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
FF - ProfilePath - c:\users\Ryuu\AppData\Roaming\Mozilla\Firefox\Profiles\8ztbwxdo.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extentions.y2layers.installId - 17eb04dd-eb6e-43d4-b51e-557eefece8b2
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15489
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQAB82eZf&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 0a9026c700000000000002004c4f4f50
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQAB82eZf
FF - user.js: extensions.incredibar_i.upn2n - 92543067446074589
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 36
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{ADCA5064-9E30-43FE-9856-58B07A3149FE} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?áÍ"=hex:1b,9b,39,f0,14,f1,ff,ff,fa,4f,cf,e4,60,03,0a,d7,ae,03,45,85,4b,fd,55,
e9,82,03,7a,92,e3,c3,a8,0e,ec,b0,a8,c2,22,d4,df,0d,41,45,94,3a,a2,31,c7,28,\
"·³²»"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,69,f1,57,a1,be,2b,db,20,3c,1a,3b,ff,4e,f5,81,cd,ac,e7,b3,de,
99,7a,b4,dd,8d,bf,72,6e,01,ba,d0,91,65,bb,00,21,ba,bb,12,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,39,9c,5c,b0,39,0d,c8,eb,5c,b0,92,7e,ad,fc,fa,31,b1,25,c7,c9,
8b,82,3a,b9,8e,62,13,c4,f8,d5,40,4e,5e,00,05,20,ef,eb,f8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{dfdd4cb2-21b3-4558-94e5-942b7730ddd3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000153
"Therad"=dword:0000001d
.
[HKEY_USERS\S-1-5-21-3545194168-222157450-2924182206-1001_Classes\Wow6432Node\CLSID\{ee3e00c3-d68e-4e3c-bb70-97d257f91d6d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000028
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
.
**************************************************************************
.
Completion time: 2012-07-30 14:38:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 06:38
ComboFix2.txt 2012-07-30 03:31
.
Pre-Run: 61,358,522,368 bytes free
Post-Run: 61,938,155,520 bytes free
.
- - End Of File - - B423B905E6D7909711BF4FE0CD2EE366
 
Looks good :)

Any current issues?

======================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malware Byte

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ryuu :: RYUU-PC [administrator]

31/7/2012 11:31:05 AM
mbam-log-2012-07-31 (11-31-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266931
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Hi, when using the OTL to scan.. and it scan normally until it start to scan the firefox setting, then the program starts to not respond.. I waited long already.. still not responding..
 
It just freezes there and nothing happen.. I did close my firefox browser, checked that the firefox isnt running in my task manager..
 
1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

AnilD
Instagram is not loading on any desktop browser - here's a fix
Replies
0
Views
1K
AnilD
AnilD
orangeshadow
Games lag and freeze in 15-20 minute intervals.
Replies
0
Views
458
orangeshadow
orangeshadow
Bob O'Donnell
Data Governance and Provenance: Two words that are critical to the future of generative AI
Replies
1
Views
109
human7
H

Latest posts

Back