Solved Good afternoon, problem with another virus

Status
Not open for further replies.
R

Rick van Ginkel

Posts: 41   +0
Hello, it's been a while,
I'm afraid that I'm a victim of another virus.
Since the trial of Malwarebytes ended, I am unable to activate Microsoft Security Essesntials and my windows firewall. This was the same problem as last time.
Could I get help with this?
Thank you very much in advance.
Im running Windows 7 Ultimate 64 bit..

~Rick van Ginkel
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolf :: WOLF-PC [administrator]

7/16/2012 6:13:02 PM
mbam-log-2012-07-16 (18-13-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235490
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\temp\yt\GetFiles\badfiles\desktop.ini.1 (Trojan.0access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

-----

GMER did not produce a log.
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Wolf at 18:48:15 on 2012-07-16
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8172.5268 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\XFast USB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
W:\Program Files (x86)\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
W:\Program Files (x86)\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.76\deploy\LoLLauncher.exe
W:\Program Files (x86)\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.171\deploy\LolClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Wolf\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{37BED863-1574-4F28-B793-E62C344B4DB3} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\sp5n7cz4.default\
FF - prefs.js: network.proxy.ftp - 98.188.127.139
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 98.188.127.139
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 98.188.127.139
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 98.188.127.139
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-3 8704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-1 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-27 6583160]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 2666880]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-27 528760]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-3-4 87040]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-2-1 250056]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;W:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-5-27 25832]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-6-2 21712]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-26 1038088]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-2-1 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
.
=============== Created Last 30 ================
.
2012-07-16 12:45:11 -------- d-----w- C:\Users\Wolf\AppData\Local\{BCC632FA-7D58-4426-9AA8-3079626D5915}
2012-07-16 12:45:01 -------- d-----w- C:\Users\Wolf\AppData\Local\{38B0A889-E16D-4679-B3CE-4A23940656DD}
2012-07-16 00:59:30 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-16 00:44:36 -------- d-----w- C:\Users\Wolf\AppData\Local\{CE2B5618-1828-4B40-9435-D1F56CA35E6A}
2012-07-16 00:44:25 -------- d-----w- C:\Users\Wolf\AppData\Local\{4FD40853-DACD-42EE-A4B6-A8642D1A0DF4}
2012-07-15 12:52:44 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3526E98-F6D3-466B-BB77-7113A71B25FB}\mpengine.dll
2012-07-15 12:43:54 -------- d-----w- C:\Users\Wolf\AppData\Local\{B2C0E1B1-50F8-4673-909A-A4B0A3A59E5A}
2012-07-15 12:43:39 -------- d-----w- C:\Users\Wolf\AppData\Local\{7639B7AD-7EAE-4816-95A1-F75B44BE5ED8}
2012-07-15 00:13:48 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-14 23:20:55 -------- d-----r- C:\Users\Wolf\Dropbox
2012-07-14 21:43:53 -------- d-----w- C:\Users\Wolf\AppData\Roaming\Dropbox
2012-07-14 20:52:28 -------- d-----w- C:\Users\Wolf\AppData\Local\WBFSManager
2012-07-14 20:51:33 -------- d-----w- C:\Program Files\WBFS
2012-07-14 19:09:11 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2012-07-14 15:20:29 -------- d-----w- C:\Users\Wolf\AppData\Local\{66A3382C-DBA5-45F7-BC66-F2FB13DA2828}
2012-07-14 15:20:19 -------- d-----w- C:\Users\Wolf\AppData\Local\{43ECF8F5-CA7D-44F8-A66B-72EE79AAEA67}
2012-07-14 03:19:54 -------- d-----w- C:\Users\Wolf\AppData\Local\{C70A7274-2DFD-426A-A81A-C2AA7A527C06}
2012-07-14 02:31:51 -------- d-----w- C:\Users\Wolf\AppData\Local\StreamPrivacy
2012-07-13 17:54:13 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-07-13 15:28:31 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 15:19:31 -------- d-----w- C:\Users\Wolf\AppData\Local\{37B67489-3878-4CE4-BC5B-757401464E75}
2012-07-13 15:19:19 -------- d-----w- C:\Users\Wolf\AppData\Local\{70FCE9B7-B543-4D45-88DB-49699264C9C3}
2012-07-12 10:12:56 -------- d-----w- C:\Users\Wolf\AppData\Local\{2E0155CC-40B8-4E87-96D2-2A268C86F6FF}
2012-07-12 10:12:45 -------- d-----w- C:\Users\Wolf\AppData\Local\{1C927B98-0438-4470-ABED-39EE44726009}
2012-07-11 23:27:07 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 22:12:20 -------- d-----w- C:\Users\Wolf\AppData\Local\{1203FCCE-D2E2-4381-8B0C-B4176A6D72B7}
2012-07-11 22:12:10 -------- d-----w- C:\Users\Wolf\AppData\Local\{DBDF48AC-7B24-48E8-BD5D-EC997012BA0F}
2012-07-11 10:11:41 -------- d-----w- C:\Users\Wolf\AppData\Local\{3FD95AEE-4DDF-45FD-B8BA-2518F39EC9B9}
2012-07-11 10:11:24 -------- d-----w- C:\Users\Wolf\AppData\Local\{2F65EA0E-23CA-4C50-91C4-890F4CD91539}
2012-07-10 22:26:36 -------- d-----w- C:\Users\Wolf\AppData\Local\Black_Tree_Gaming
2012-07-10 18:34:24 -------- d-----w- C:\Users\Wolf\AppData\Local\{75C83BBB-0A21-4469-A48C-3FAFD42E37B7}
2012-07-10 18:34:13 -------- d-----w- C:\Users\Wolf\AppData\Local\{B33E3485-365B-419D-B3E4-FC67F271B946}
2012-07-10 06:35:43 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-07-10 06:33:56 -------- d-----w- C:\Users\Wolf\AppData\Local\{C6CDA454-6BF8-448F-8C4E-E92AA2B2CDB9}
2012-07-10 06:33:42 -------- d-----w- C:\Users\Wolf\AppData\Local\{9E972346-BB1C-4000-9D90-7082F0F3EC72}
2012-07-09 16:03:34 -------- d-----w- C:\Users\Wolf\AppData\Local\{CEA0F9E2-3689-478D-BAA3-D9CCBEB54B62}
2012-07-09 16:03:24 -------- d-----w- C:\Users\Wolf\AppData\Local\{AC506C02-3EAE-4550-AE33-790EB8102CBE}
2012-07-09 04:03:00 -------- d-----w- C:\Users\Wolf\AppData\Local\{90572EB0-AC2C-4BE4-80B1-FE9A3190B811}
2012-07-08 16:02:34 -------- d-----w- C:\Users\Wolf\AppData\Local\{A10D85CB-39A6-4744-8EB8-CBB0F7526151}
2012-07-08 16:02:21 -------- d-----w- C:\Users\Wolf\AppData\Local\{01FD4987-260E-4446-91DB-258881AEBCE5}
2012-07-08 03:33:27 -------- d-----w- C:\Users\Wolf\AppData\Local\{C643FE1E-A9D0-4A1B-AF36-FD32179AE830}
2012-07-07 15:59:09 -------- d-----w- C:\Users\Wolf\riotsGamesLogs
2012-07-07 15:33:04 -------- d-----w- C:\Users\Wolf\AppData\Local\{23C43135-A546-4277-A8F7-827A9AB6000D}
2012-07-07 15:32:53 -------- d-----w- C:\Users\Wolf\AppData\Local\{2E72493B-FB02-4B7C-BF0E-B1725B14E441}
2012-07-07 01:41:38 -------- d-----w- C:\Users\Wolf\AppData\Local\{33194356-885B-4CBD-8A32-20FE03249003}
2012-07-06 13:41:14 -------- d-----w- C:\Users\Wolf\AppData\Local\{DE8FD8A8-EFCE-458B-9589-027B3270D0B6}
2012-07-06 13:41:01 -------- d-----w- C:\Users\Wolf\AppData\Local\{8B03D220-16EE-4B96-B81B-57CFC04A5AA5}
2012-07-06 01:02:34 -------- d-----w- C:\Users\Wolf\AppData\Local\{71B033D1-4AE0-4C0C-B78D-9975F932771A}
2012-07-05 13:02:10 -------- d-----w- C:\Users\Wolf\AppData\Local\{4EF0C81A-1418-456E-9C41-A77471CC6631}
2012-07-05 13:01:58 -------- d-----w- C:\Users\Wolf\AppData\Local\{FCE04B23-5706-4B41-8945-D3AE809462BA}
2012-07-05 01:01:33 -------- d-----w- C:\Users\Wolf\AppData\Local\{EB0D2519-B116-43B7-9F70-F3BC079DBE87}
2012-07-05 01:01:23 -------- d-----w- C:\Users\Wolf\AppData\Local\{287B2AFB-0894-4D40-BF0B-446D172822E7}
2012-07-04 13:09:57 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 13:09:57 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45A86A15-33D1-43ED-9819-6AC133713525}\gapaengine.dll
2012-07-04 13:00:56 -------- d-----w- C:\Users\Wolf\AppData\Local\{A385FFDD-1CEE-46C6-9580-3150EEF97310}
2012-07-04 13:00:46 -------- d-----w- C:\Users\Wolf\AppData\Local\{4047B6F4-02A9-4A2D-A07B-CECF50C7992E}
2012-07-03 22:19:41 -------- d-----w- C:\Users\Wolf\AppData\Local\{779F1489-E9C1-47F0-85A5-4B5F3D6EF981}
2012-07-03 18:56:38 -------- d-----w- C:\Users\Wolf\AppData\Local\Chromium
2012-07-03 18:24:12 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-07-03 18:24:06 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-07-03 10:19:18 -------- d-----w- C:\Users\Wolf\AppData\Local\{BBEF8BD7-C353-4307-ADAA-FDE52A788FDA}
2012-07-03 10:19:08 -------- d-----w- C:\Users\Wolf\AppData\Local\{7CCEC242-2BBD-411B-828D-DD31134D378F}
2012-07-02 17:00:16 -------- d-----w- C:\Program Files (x86)\ShiftWindow
2012-07-02 15:07:39 -------- d-----w- C:\Users\Wolf\AppData\Local\{4F05B001-2C83-48C2-B79C-9E4B9B727C5B}
2012-07-02 15:07:28 -------- d-----w- C:\Users\Wolf\AppData\Local\{3D27E9A4-A6DE-486C-BB66-486B92668FE3}
2012-07-02 03:07:04 -------- d-----w- C:\Users\Wolf\AppData\Local\{B70EA9CD-4F08-4057-BBD1-E55691C5A4BA}
2012-07-02 03:06:53 -------- d-----w- C:\Users\Wolf\AppData\Local\{DD4D0281-DBD4-49D7-BB73-A534DBA9CA33}
2012-07-01 15:06:41 -------- d-----w- C:\Users\Wolf\AppData\Local\{19A74BC8-0078-4FFD-98ED-07ACD80B0CB1}
2012-07-01 15:06:31 -------- d-----w- C:\Users\Wolf\AppData\Local\{18C1F4F6-E5CC-49CC-8F5A-AA14FA548862}
2012-07-01 03:06:06 -------- d-----w- C:\Users\Wolf\AppData\Local\{D67BBC4A-4B81-48B3-A3B1-CD80829B58D4}
2012-06-30 15:05:42 -------- d-----w- C:\Users\Wolf\AppData\Local\{35A8D853-DE7C-4519-A17A-916878371D1F}
2012-06-30 15:05:32 -------- d-----w- C:\Users\Wolf\AppData\Local\{30DB2335-E23C-451C-91E8-37955A3AB7A2}
2012-06-30 03:05:08 -------- d-----w- C:\Users\Wolf\AppData\Local\{2E75E856-3E0C-4AD7-8CE3-84B1AF5BECD9}
2012-06-30 03:04:58 -------- d-----w- C:\Users\Wolf\AppData\Local\{8212A107-641E-4874-8C2D-6741FBA81D24}
2012-06-29 15:04:46 -------- d-----w- C:\Users\Wolf\AppData\Local\{7F308994-004E-4B02-8C31-F7EC0BED7BF7}
2012-06-29 15:04:35 -------- d-----w- C:\Users\Wolf\AppData\Local\{A2E398E1-2CA8-4ECB-870E-A2CCF83D1359}
2012-06-29 03:04:11 -------- d-----w- C:\Users\Wolf\AppData\Local\{E89850F8-088F-4E4F-8350-68944757FBAD}
2012-06-28 15:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-06-28 15:03:48 -------- d-----w- C:\Users\Wolf\AppData\Local\{F51CB5ED-3847-4F85-829A-B8B4DAC3AF24}
2012-06-28 15:03:38 -------- d-----w- C:\Users\Wolf\AppData\Local\{BBBD3C5B-3766-4542-8B9D-35DE72A438CD}
2012-06-28 03:03:14 -------- d-----w- C:\Users\Wolf\AppData\Local\{F07BFE85-5A3F-49B3-BC6A-DB405EF7AC2C}
2012-06-27 15:02:52 -------- d-----w- C:\Users\Wolf\AppData\Local\{053F33F2-B397-41A1-830C-B49DFE49B097}
2012-06-27 15:02:41 -------- d-----w- C:\Users\Wolf\AppData\Local\{827E3157-12F9-4EA4-8BAF-B16E4C87076C}
2012-06-27 14:29:13 -------- d-----w- C:\Users\Wolf\AppData\Local\Turbine
2012-06-27 03:02:17 -------- d-----w- C:\Users\Wolf\AppData\Local\{B342EEBE-CC1A-4074-B90E-D4D677AF9B1A}
2012-06-27 03:02:06 -------- d-----w- C:\Users\Wolf\AppData\Local\{328B3B4E-928A-4B0A-92F8-AE3813362F87}
2012-06-27 00:25:34 -------- d-----w- C:\Users\Wolf\AppData\Roaming\.minecraft
2012-06-26 15:01:41 -------- d-----w- C:\Users\Wolf\AppData\Local\{8EAFD0F1-502E-4E5A-82EA-AE2E76A2865A}
2012-06-26 15:01:30 -------- d-----w- C:\Users\Wolf\AppData\Local\{EDEED63E-1D1E-485A-A9D4-599C8A81CA93}
2012-06-26 03:01:06 -------- d-----w- C:\Users\Wolf\AppData\Local\{00BF9CE8-5CF8-4D00-B803-7B9307F41994}
2012-06-26 02:25:34 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-06-25 23:57:18 -------- d-----w- C:\Users\Wolf\AppData\Local\Deployment
2012-06-25 23:57:18 -------- d-----w- C:\Users\Wolf\AppData\Local\Apps
2012-06-25 15:00:42 -------- d-----w- C:\Users\Wolf\AppData\Local\{386F9BE2-3C9E-4AAB-9F9A-8DD3D049D05C}
2012-06-25 15:00:31 -------- d-----w- C:\Users\Wolf\AppData\Local\{3C9F679B-D2F8-4B9C-AC94-F61911986C76}
2012-06-25 14:48:57 -------- d-----w- C:\Users\Wolf\AppData\Roaming\LolClient
2012-06-25 03:14:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-25 03:14:34 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-25 03:00:06 -------- d-----w- C:\Users\Wolf\AppData\Local\{76B6AEFA-E774-4B9B-A39E-8862D14576A8}
2012-06-24 19:08:36 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-24 14:59:43 -------- d-----w- C:\Users\Wolf\AppData\Local\{99F07183-FB54-476D-BC64-896A340E338C}
2012-06-24 14:59:30 -------- d-----w- C:\Users\Wolf\AppData\Local\{2CF2459F-10E6-4D67-90AF-90A23A31BC63}
2012-06-24 03:27:57 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-23 22:38:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20566059-211C-4448-9330-F71ECFBAE5C7}\mpengine.dll
2012-06-23 16:27:24 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-23 15:16:10 -------- d-----w- C:\Users\Wolf\AppData\Local\{8F9356F6-CE63-43B5-83D6-45A507FF9D79}
2012-06-23 15:15:59 -------- d-----w- C:\Users\Wolf\AppData\Local\{5F058FAA-C157-4A9F-A777-7838376FA504}
2012-06-23 03:55:59 -------- d-----w- C:\FRST
2012-06-23 03:19:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-23 03:15:33 -------- d-----w- C:\Users\Wolf\AppData\Local\{BA2FCC45-41CF-4CE1-9A35-DF6C90610EC6}
2012-06-23 03:15:23 -------- d-----w- C:\Users\Wolf\AppData\Local\{A80C7E37-2C66-42EF-B700-CAD836E02A79}
2012-06-23 02:46:50 -------- d-----w- C:\Users\Wolf\AppData\Local\{CDDBEACB-4201-4A8D-AF2E-0DFB32D4E345}
2012-06-23 02:46:38 -------- d-----w- C:\Users\Wolf\AppData\Local\{C1819089-6D43-46EC-9F62-DF51C748EFE8}
2012-06-23 02:37:29 -------- d-----w- C:\Users\Wolf\AppData\Roaming\Malwarebytes
2012-06-23 02:37:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-23 02:37:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 14:43:06 -------- d-----w- C:\Users\Wolf\AppData\Local\{77DABEC5-5C82-451E-9F08-AC88BC745E43}
2012-06-22 14:42:53 -------- d-----w- C:\Users\Wolf\AppData\Local\{3ED33445-25D4-4BB7-AA43-18DE6DA892B7}
2012-06-22 12:37:59 -------- d-----w- C:\Program Files (x86)\SDA
2012-06-22 12:36:29 -------- d-----w- C:\Users\Wolf\AppData\Local\Downloaded Installations
2012-06-22 06:49:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 06:48:21 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 06:48:01 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 06:48:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 02:42:28 -------- d-----w- C:\Users\Wolf\AppData\Local\{904B9BEC-36D2-42B7-ABD5-6D0BD92B144E}
2012-06-22 01:42:11 -------- d-----w- C:\Users\Wolf\AppData\Local\TERA
2012-06-21 14:42:04 -------- d-----w- C:\Users\Wolf\AppData\Local\{8C33D810-B9B6-483E-B34E-118A76D469D3}
2012-06-21 14:41:54 -------- d-----w- C:\Users\Wolf\AppData\Local\{18F95A37-F8CE-4FEE-A2FC-B0335E1C4D06}
2012-06-21 13:20:22 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-21 13:20:21 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-21 11:09:31 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-21 11:09:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-21 02:41:29 -------- d-----w- C:\Users\Wolf\AppData\Local\{B258CAE5-67E1-4958-BE42-32FEE0B205DD}
2012-06-20 21:24:14 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-20 14:41:05 -------- d-----w- C:\Users\Wolf\AppData\Local\{F9259AB6-1DC3-4E8B-8AC8-9ACCA67DB57F}
2012-06-20 14:40:54 -------- d-----w- C:\Users\Wolf\AppData\Local\{DB8A37B4-6AE8-4614-9533-7AFD0F18838C}
2012-06-20 00:12:15 -------- d-----w- C:\Users\Wolf\AppData\Local\{967CB5D5-3013-4872-9DFA-B2CBDE65073B}
2012-06-19 15:16:22 -------- d-----w- C:\Users\Wolf\AppData\Roaming\Folding@home-x86
2012-06-19 15:16:22 -------- d-----w- C:\Program Files (x86)\Folding@home
2012-06-19 12:11:45 -------- d-----w- C:\Users\Wolf\AppData\Local\{34B56388-6578-42AB-9D56-59148B615D56}
2012-06-19 12:11:31 -------- d-----w- C:\Users\Wolf\AppData\Local\{E7495E72-311F-4F4E-9F23-312AE87026EA}
2012-06-18 14:49:37 -------- d-----w- C:\Users\Wolf\AppData\Local\{F7C8FF26-2A7C-44BA-A1BE-6E12077664B8}
2012-06-17 14:09:52 -------- d-----w- C:\Users\Wolf\AppData\Local\{864C3DB0-747B-4FAB-9441-5A31AA087E0C}
.
==================== Find3M ====================
.
2012-07-15 00:22:29 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-15 00:22:09 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-15 00:22:09 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-15 00:14:01 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-14 23:58:30 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-07-14 20:46:34 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2012-07-12 12:59:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 12:59:46 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-28 23:56:15 2667062 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-06-28 23:55:57 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-28 23:55:46 6193000 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-28 23:55:40 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-28 23:55:39 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-28 23:55:39 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-14 21:42:06 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2012-06-06 23:07:08 188960 ----a-w- C:\Windows\SysWow64\wingde.dll
2012-06-06 23:02:20 12800 ----a-w- C:\Windows\SysWow64\wing32.dll
2012-06-06 23:02:20 12800 ----a-w- C:\Windows\system\wing32.dll
2012-06-06 23:02:18 6736 ----a-w- C:\Windows\SysWow64\wingdib.drv
2012-06-06 23:02:18 5024 ----a-w- C:\Windows\SysWow64\wingpal.wnd
2012-06-06 23:01:41 92208 ----a-w- C:\Windows\SysWow64\wing.dll
2012-06-06 23:01:41 92208 ----a-w- C:\Windows\system\wing.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 21:46:42 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe
2012-06-02 21:46:42 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat
2012-06-02 16:21:36 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-28 11:14:22 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-28 11:14:21 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-28 11:14:21 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-28 11:14:21 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-05-21 13:10:56 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-05-21 13:10:51 188776 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-05-21 07:34:41 1468264 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-05-20 07:49:52 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-05-20 07:49:50 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-05-15 10:48:00 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll
2012-05-15 10:48:00 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-05-04 17:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-04 17:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 18:48:47.29 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/1/2012 2:14:43 PM
System Uptime: 7/16/2012 6:19:14 PM (0 hours ago)
.
Motherboard: ASRock | | 970 Extreme3
Processor: AMD FX(tm)-8120 Eight-Core Processor | CPUSocket | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 468 GiB total, 264.359 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is CDROM (CDFS)
W: is FIXED (NTFS) - 463 GiB total, 82.864 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_06F8&PID_301B&MI_00\6&E7F0C55&0&0000
Manufacturer:
Name:
PNP Device ID: USB\VID_06F8&PID_301B&MI_00\6&E7F0C55&0&0000
Service:
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&A2234ED&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&A2234ED&0&2
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AC3Filter 2.4a
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS6
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AION Free-To-Play
Alien Swarm
AMD USB Filter Driver
ASRock eXtreme Tuner v0.1.122
ASRock InstantBoot v1.29
Assassin's Creed II
Autodesk SketchBookPro 2011
Bamboo Dock
Bandisoft MPEG-1 Decoder
Battlefield 3?
BattleMoonWars?a ‘a?e?”
BattleMoonWars?a ‘a?l?”
BattleMoonWars?a ‘a?O?”
BattleMoonWars?a ‘a“n?”
BattlEye (A2Free) Uninstall
Blacklight: Retribution
Blades of Time
Call of Duty Modern Warfare 2
Classic Link Drivers
Connect
Crysis(R)
D3DX10
DAEMON Tools Lite
DC Universe Online
DEVIL MAY CRY 4
Diablo III
DivX Setup
Dragon Age: Origins
Dragon Nest SEA
Dragon Saga
Dropbox
Dungeons &amp;amp; Dragons Online
ESET Online Scanner v3
Etron USB3.0 Host Controller
Folding@home-x86
Fraps (remove only)
GameSpy Comrade
Ghost Recon Online
Guild Wars 2
Hercules Webcam Station Evolution SE
Hi-Rez Studios Authenticate and Update Service
Hitman Blood Money
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Katawa Shoujo
Killing Floor
Kingdoms of Amalur Reckoning
kuler
League of Legends
LOLReplay
Magic The Gathering - Duels of the Planeswalkers
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
MapleStory
Max Payne 3
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NC Launcher (GameForge)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
openCanvas 5.1.04
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF Settings CS4
PDF Settings CS6
Photoshop Camera Raw
PunkBuster Services
REACTOR
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rockstar Games Social Club
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
ShiftWindow 1.02
Skype? 5.9
Smite Closed Beta
Sniper Elite V2
Sonic Generations
Star Wars Republic Commando
Steam
Street Fighter X Tekken
Stronghold 3
Stronghold Crusader Extreme
Suite Shared Configuration CS4
Super Street Fighter IV: Arcade Edition
System Requirements Lab CYRI
TeamViewer 7
TERA
The Sims? 3
THX TruStudio
Tom Clancy's Rainbow Six Vegas 2
Tomb Raider: Underworld 1.0
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 9.0
Vindictus EU
Visual C++ 2008 Runtime (x64)
Vtune 7.21
WARRIORS OROCHI
WBFS Manager 3.0
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
Worms Ultimate Mayhem
X-Blades
X-Mouse Button Control 2.4
XFast USB
XSplit
Xuse 永遠のアセリア - この大地の果てで - (Remove Only)
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
7/16/2012 6:20:14 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/16/2012 6:20:14 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/16/2012 6:19:42 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/16/2012 6:19:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/16/2012 6:19:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/15/2012 3:44:44 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/13/2012 6:48:50 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/13/2012 5:18:52 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/11/2012 8:26:26 PM, Error: XMouseButton Launcher [6] - Process token open Error: 6 (The handle is invalid. )
7/11/2012 8:26:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88000da01d1, 0xfffff880033d2528, 0xfffff880033d1d80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071112-19032-01.
7/10/2012 5:20:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================
 
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 17-07-2012 15:07:33
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-07-04] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444856 2011-09-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe [4878912 2012-02-01] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1039872 2011-09-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Wolf\...\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A [2248704 2011-08-02] ()
HKU\Wolf\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-02-01] (Valve Corporation)
HKU\Wolf\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
HKU\Wolf\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Wolf\...\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2012-06-02] (NEXON Inc.)
HKU\Wolf\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\Users\Wolf\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 cFosSpeedS; "C:\Program Files\ASRock\XFast LAN\spd.exe" -service [395136 2011-07-04] (cFos Software GmbH)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-14] ()
3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]

========================== Drivers (Whitelisted) =============

1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1632128 2011-07-04] (cFos Software GmbH)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-01] (DT Soft Ltd)
3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [32320 2012-07-14] (FNet Co., Ltd.)
1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2012-02-01] (FNet Co., Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 TBPanel; [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-17 04:30 - 2012-07-17 04:30 - 00000000 ____D C:\Users\Wolf\AppData\Local\{F24F018F-9BEA-4452-BD3C-C661CC7F3CE8}
2012-07-17 04:30 - 2012-07-17 04:30 - 00000000 ____D C:\Users\Wolf\AppData\Local\{81EAEA34-66F6-40D1-B2A2-359FD1FAFC43}
2012-07-16 08:48 - 2012-07-16 08:48 - 00607260 ____R (Swearware) C:\Users\Wolf\Downloads\dds.scr
2012-07-16 08:44 - 2012-07-16 08:44 - 00302592 ____A C:\Users\Wolf\Downloads\mhemx0td.exe
2012-07-16 08:21 - 2012-07-16 08:21 - 00302592 ____A C:\Users\Wolf\Downloads\04lxq7zo.exe
2012-07-16 04:45 - 2012-07-16 04:45 - 00000000 ____D C:\Users\Wolf\AppData\Local\{BCC632FA-7D58-4426-9AA8-3079626D5915}
2012-07-16 04:45 - 2012-07-16 04:45 - 00000000 ____D C:\Users\Wolf\AppData\Local\{38B0A889-E16D-4679-B3CE-4A23940656DD}
2012-07-16 03:43 - 2012-07-16 03:46 - 00076525 ____A C:\Users\Wolf\Downloads\yorkyt.exe.log
2012-07-16 03:43 - 2012-07-16 03:43 - 01415784 ____A C:\Users\Wolf\Downloads\yorkyt.exe
2012-07-15 16:59 - 2012-07-15 16:59 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-15 16:44 - 2012-07-15 16:44 - 00000000 ____D C:\Users\Wolf\AppData\Local\{CE2B5618-1828-4B40-9435-D1F56CA35E6A}
2012-07-15 16:44 - 2012-07-15 16:44 - 00000000 ____D C:\Users\Wolf\AppData\Local\{4FD40853-DACD-42EE-A4B6-A8642D1A0DF4}
2012-07-15 04:43 - 2012-07-15 04:44 - 00000000 ____D C:\Users\Wolf\AppData\Local\{B2C0E1B1-50F8-4673-909A-A4B0A3A59E5A}
2012-07-15 04:43 - 2012-07-15 04:43 - 00000000 ____D C:\Users\Wolf\AppData\Local\{7639B7AD-7EAE-4816-95A1-F75B44BE5ED8}
2012-07-14 16:13 - 2012-07-14 16:13 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-14 15:20 - 2012-07-17 04:29 - 00000000 ___RD C:\Users\Wolf\Dropbox
2012-07-14 15:20 - 2012-07-14 15:20 - 00001037 ____A C:\Users\Wolf\Desktop\Dropbox.lnk
2012-07-14 14:55 - 2012-07-14 15:27 - 209000000 ____A C:\Users\Wolf\Downloads\Shuffle.part4.rar
2012-07-14 13:56 - 2012-07-14 15:06 - 209000000 ____A C:\Users\Wolf\Downloads\Shuffle.part2.rar
2012-07-14 13:43 - 2012-07-17 04:29 - 00000000 ____D C:\Users\Wolf\AppData\Roaming\Dropbox
2012-07-14 13:42 - 2012-07-14 13:43 - 17755632 ____A (Dropbox, Inc.) C:\Users\Wolf\Downloads\Dropbox 1.4.11.exe
2012-07-14 13:03 - 2012-07-14 13:04 - 00682220 ____A (BURIKO Co.,Ltd.) C:\Users\Wolf\Downloads\shuffle.exe
2012-07-14 12:52 - 2012-07-14 12:52 - 00000000 ____D C:\Users\Wolf\AppData\Local\WBFSManager
2012-07-14 12:51 - 2012-07-14 12:53 - 00000000 ____D C:\Users\Wolf\Documents\WBFS Manager Covers
2012-07-14 12:51 - 2012-07-14 12:51 - 00000950 ____A C:\Users\Wolf\Desktop\WBFS Manager 3.0.lnk
2012-07-14 12:51 - 2012-07-14 12:51 - 00000000 ____D C:\Program Files\WBFS
2012-07-14 12:50 - 2012-07-14 12:51 - 02847970 ____A C:\Users\Wolf\Downloads\WBFSManager3.0.1-RTW-x64.zip
2012-07-14 12:49 - 2012-07-14 12:49 - 02623374 ____A C:\Users\Wolf\Downloads\WBFSManager3.0.1-RTW-x86.zip
2012-07-14 11:09 - 2012-07-14 11:09 - 00000936 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2012-07-14 11:09 - 2012-07-14 11:09 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2012-07-14 11:08 - 2012-07-14 11:08 - 00000000 ____D C:\Users\Wolf\Documents\Guild Wars 2
2012-07-14 11:07 - 2012-07-14 11:08 - 21764672 ____A (ArenaNet) C:\Users\Wolf\Downloads\Gw2Setup.exe
2012-07-14 07:20 - 2012-07-14 07:20 - 00000000 ____D C:\Users\Wolf\AppData\Local\{66A3382C-DBA5-45F7-BC66-F2FB13DA2828}
2012-07-14 07:20 - 2012-07-14 07:20 - 00000000 ____D C:\Users\Wolf\AppData\Local\{43ECF8F5-CA7D-44F8-A66B-72EE79AAEA67}
2012-07-13 19:19 - 2012-07-13 19:20 - 00000000 ____D C:\Users\Wolf\AppData\Local\{C70A7274-2DFD-426A-A81A-C2AA7A527C06}
2012-07-13 18:31 - 2012-07-13 18:31 - 00000000 ____D C:\Users\Wolf\AppData\Local\StreamPrivacy
2012-07-13 18:29 - 2012-07-13 18:29 - 00119771 ____A C:\Users\Wolf\Downloads\StreamPrivacy.zip
2012-07-13 15:22 - 2012-07-13 15:51 - 00000000 ____D C:\Users\Wolf\Desktop\Foh Ricky
2012-07-13 09:54 - 2012-07-13 12:19 - 00000934 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-07-13 09:54 - 2012-07-13 09:54 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-07-13 09:52 - 2012-07-13 10:50 - 68326616 ____A C:\Users\Wolf\Desktop\Foh Ricky.zip
2012-07-13 09:05 - 2012-07-13 09:05 - 00000000 ____D C:\Users\Wolf\Desktop\Saves
2012-07-13 07:19 - 2012-07-13 19:19 - 00000000 ____D C:\Users\Wolf\AppData\Local\{70FCE9B7-B543-4D45-88DB-49699264C9C3}
2012-07-13 07:19 - 2012-07-13 07:19 - 00000000 ____D C:\Users\Wolf\AppData\Local\{37B67489-3878-4CE4-BC5B-757401464E75}
2012-07-12 07:57 - 2012-06-28 19:37 - 26226536 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 19828072 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 18228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 13365608 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-12 07:57 - 2012-06-28 19:37 - 09164648 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 07699304 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 02744680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 02573160 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 02216296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 01865064 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 00828264 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-07-12 07:57 - 2012-06-28 19:37 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-07-12 07:57 - 2012-05-21 05:10 - 00188776 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-07-12 07:57 - 2012-05-21 05:10 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-07-12 07:54 - 2012-07-12 07:56 - 176792672 ____A (NVIDIA Corporation) C:\Users\Wolf\Downloads\304.79-desktop-win8-win7-winvista-64bit-english-beta.exe
2012-07-12 07:50 - 2012-07-12 07:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-12 07:50 - 2012-07-12 07:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-12 07:50 - 2012-05-04 09:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-12 02:12 - 2012-07-12 02:13 - 00000000 ____D C:\Users\Wolf\AppData\Local\{2E0155CC-40B8-4E87-96D2-2A268C86F6FF}
2012-07-12 02:12 - 2012-07-12 02:12 - 00000000 ____D C:\Users\Wolf\AppData\Local\{1C927B98-0438-4470-ABED-39EE44726009}
2012-07-11 15:27 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 15:23 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 15:23 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 15:23 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 15:23 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 15:23 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 15:23 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 15:23 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 15:23 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 15:23 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 15:23 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 15:23 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 15:23 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 15:23 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 15:23 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 15:23 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 15:23 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 15:23 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 15:23 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 15:23 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 15:23 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 15:23 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 15:23 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 15:23 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 15:23 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 15:23 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 15:22 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 15:22 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 15:22 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 14:12 - 2012-07-11 14:12 - 00000000 ____D C:\Users\Wolf\AppData\Local\{DBDF48AC-7B24-48E8-BD5D-EC997012BA0F}
2012-07-11 14:12 - 2012-07-11 14:12 - 00000000 ____D C:\Users\Wolf\AppData\Local\{1203FCCE-D2E2-4381-8B0C-B4176A6D72B7}
2012-07-11 10:26 - 2012-07-11 10:26 - 00291592 ____A C:\Windows\Minidump\071112-19032-01.dmp
2012-07-11 10:26 - 2012-07-11 10:26 - 00000000 ____D C:\Windows\Minidump
2012-07-11 10:25 - 2012-07-11 10:25 - 628349831 ____A C:\Windows\MEMORY.DMP
2012-07-11 09:49 - 2012-07-11 09:51 - 142405482 ____A C:\Users\Wolf\Downloads\321324314uuu9.rar
2012-07-11 07:02 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 07:02 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 07:02 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 07:02 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 07:02 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 07:02 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 07:02 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 07:02 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 07:02 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 07:02 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 07:02 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 07:02 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 07:02 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 07:02 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 07:02 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 07:02 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 07:02 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 07:02 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 07:02 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 03:05 - 2012-07-11 03:27 - 135089012 ____A C:\Users\Wolf\Downloads\skyyupIIIII5(1).rar
2012-07-11 02:27 - 2012-07-11 03:00 - 58368000 ____A C:\Users\Wolf\Downloads\skyyupIIIII5.rar.part
2012-07-11 02:27 - 2012-07-11 03:00 - 00000210 ____A C:\Users\Wolf\Downloads\skyyupIIIII5.rar
2012-07-11 02:11 - 2012-07-11 02:11 - 00000000 ____D C:\Users\Wolf\AppData\Local\{3FD95AEE-4DDF-45FD-B8BA-2518F39EC9B9}
2012-07-11 02:11 - 2012-07-11 02:11 - 00000000 ____D C:\Users\Wolf\AppData\Local\{2F65EA0E-23CA-4C50-91C4-890F4CD91539}
2012-07-10 14:39 - 2012-07-10 14:39 - 00295316 ____A () C:\Users\Wolf\Downloads\Post_Process_Injector_2_1_Installer-131-2-1.exe
2012-07-10 14:32 - 2012-07-10 14:32 - 00383395 ____A C:\Users\Wolf\Downloads\Confidence-Man_ENB_v1_6_no_dll-5253-1-6.rar
2012-07-10 14:26 - 2012-07-13 09:56 - 00000000 ____D C:\Users\Wolf\AppData\Local\Black_Tree_Gaming
2012-07-10 14:26 - 2012-07-12 18:43 - 00000000 ____D C:\Users\Wolf\Documents\Nexus Mod Manager
2012-07-10 14:26 - 2012-07-10 14:26 - 03842975 ____A (Black Tree Gaming ) C:\Users\Wolf\Downloads\Nexus Mod Manager-0.18.9.exe
2012-07-10 14:18 - 2012-07-10 14:18 - 00325160 ____A C:\Users\Wolf\Downloads\skse_1_05_09.7z
2012-07-10 10:34 - 2012-07-10 10:34 - 00000000 ____D C:\Users\Wolf\AppData\Local\{B33E3485-365B-419D-B3E4-FC67F271B946}
2012-07-10 10:34 - 2012-07-10 10:34 - 00000000 ____D C:\Users\Wolf\AppData\Local\{75C83BBB-0A21-4469-A48C-3FAFD42E37B7}
2012-07-09 22:35 - 2010-02-23 00:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-07-09 22:33 - 2012-07-09 22:34 - 00000000 ____D C:\Users\Wolf\AppData\Local\{C6CDA454-6BF8-448F-8C4E-E92AA2B2CDB9}
2012-07-09 22:33 - 2012-07-09 22:33 - 00000000 ____D C:\Users\Wolf\AppData\Local\{9E972346-BB1C-4000-9D90-7082F0F3EC72}
2012-07-09 08:03 - 2012-07-09 08:03 - 00000000 ____D C:\Users\Wolf\AppData\Local\{CEA0F9E2-3689-478D-BAA3-D9CCBEB54B62}
2012-07-09 08:03 - 2012-07-09 08:03 - 00000000 ____D C:\Users\Wolf\AppData\Local\{AC506C02-3EAE-4550-AE33-790EB8102CBE}
2012-07-08 20:03 - 2012-07-08 20:03 - 00000000 ____D C:\Users\Wolf\AppData\Local\{90572EB0-AC2C-4BE4-80B1-FE9A3190B811}
2012-07-08 08:02 - 2012-07-08 20:02 - 00000000 ____D C:\Users\Wolf\AppData\Local\{01FD4987-260E-4446-91DB-258881AEBCE5}
2012-07-08 08:02 - 2012-07-08 08:02 - 00000000 ____D C:\Users\Wolf\AppData\Local\{A10D85CB-39A6-4744-8EB8-CBB0F7526151}
2012-07-07 19:33 - 2012-07-07 19:33 - 00000000 ____D C:\Users\Wolf\AppData\Local\{C643FE1E-A9D0-4A1B-AF36-FD32179AE830}
2012-07-07 11:22 - 2012-07-07 11:22 - 13085120 ____A (Microsoft Corporation) C:\Users\Wolf\Downloads\Silverlight_x64.exe
2012-07-07 11:22 - 2012-07-07 11:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-07 11:22 - 2012-07-07 11:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-07-07 07:33 - 2012-07-07 07:33 - 00000000 ____D C:\Users\Wolf\AppData\Local\{23C43135-A546-4277-A8F7-827A9AB6000D}
2012-07-07 07:32 - 2012-07-07 19:33 - 00000000 ____D C:\Users\Wolf\AppData\Local\{2E72493B-FB02-4B7C-BF0E-B1725B14E441}
2012-07-06 18:23 - 2012-07-06 18:23 - 00000000 ____D C:\Users\Wolf\Documents\Wizards of the Coast
2012-07-06 18:05 - 2012-07-06 18:05 - 00001306 ____A C:\Users\Public\Desktop\Magic The Gathering - Duels of the Planeswalkers.lnk
2012-07-06 17:41 - 2012-07-06 17:41 - 00000000 ____D C:\Users\Wolf\AppData\Local\{33194356-885B-4CBD-8A32-20FE03249003}
2012-07-06 09:52 - 2012-07-06 09:52 - 00002317 ____A C:\Users\Wolf\Documents\buh.xml
2012-07-06 09:39 - 2012-07-06 09:45 - 00000000 ____D C:\Users\Wolf\Documents\Enigma_Item_Changer_2.2.1
2012-07-06 09:38 - 2012-07-06 09:38 - 01504939 ____A (TheEnigmaBlade) C:\Users\Wolf\Downloads\Enigma_Item_Changer_2.2.1_installer.exe
2012-07-06 07:15 - 2012-07-06 07:15 - 00072712 ____A C:\Users\Wolf\Downloads\Tom.Clancys.Ghost.Recon.Future.Soldier-SKIDROW.torrent
2012-07-06 05:52 - 2012-07-06 05:52 - 00933256 ____A (DivX, LLC) C:\Users\Wolf\Downloads\DivXInstaller(1).exe
2012-07-06 05:41 - 2012-07-06 17:41 - 00000000 ____D C:\Users\Wolf\AppData\Local\{8B03D220-16EE-4B96-B81B-57CFC04A5AA5}
2012-07-06 05:41 - 2012-07-06 05:41 - 00000000 ____D C:\Users\Wolf\AppData\Local\{DE8FD8A8-EFCE-458B-9589-027B3270D0B6}
2012-07-05 17:02 - 2012-07-05 17:02 - 00000000 ____D C:\Users\Wolf\AppData\Local\{71B033D1-4AE0-4C0C-B78D-9975F932771A}
2012-07-05 05:02 - 2012-07-05 05:02 - 00000000 ____D C:\Users\Wolf\AppData\Local\{4EF0C81A-1418-456E-9C41-A77471CC6631}
2012-07-05 05:01 - 2012-07-05 17:02 - 00000000 ____D C:\Users\Wolf\AppData\Local\{FCE04B23-5706-4B41-8945-D3AE809462BA}
2012-07-04 17:01 - 2012-07-04 17:01 - 00000000 ____D C:\Users\Wolf\AppData\Local\{EB0D2519-B116-43B7-9F70-F3BC079DBE87}
2012-07-04 17:01 - 2012-07-04 17:01 - 00000000 ____D C:\Users\Wolf\AppData\Local\{287B2AFB-0894-4D40-BF0B-446D172822E7}
2012-07-04 05:00 - 2012-07-04 05:01 - 00000000 ____D C:\Users\Wolf\AppData\Local\{A385FFDD-1CEE-46C6-9580-3150EEF97310}
2012-07-04 05:00 - 2012-07-04 05:00 - 00000000 ____D C:\Users\Wolf\AppData\Local\{4047B6F4-02A9-4A2D-A07B-CECF50C7992E}
2012-07-03 14:19 - 2012-07-03 14:19 - 00000000 ____D C:\Users\Wolf\AppData\Local\{779F1489-E9C1-47F0-85A5-4B5F3D6EF981}
2012-07-03 10:56 - 2012-07-03 10:56 - 00000000 ____D C:\Users\Wolf\AppData\Local\Chromium
2012-07-03 10:24 - 2012-07-03 10:56 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-07-03 10:24 - 2012-07-03 10:25 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-07-03 10:24 - 2012-07-03 10:24 - 00002028 ____A C:\Users\Public\Desktop\Smite Closed Beta.lnk
2012-07-03 10:23 - 2012-07-03 10:23 - 13845856 ____A (Hi-Rez Studios) C:\Users\Wolf\Downloads\InstallHiRezGamesEnglish.exe
2012-07-03 02:19 - 2012-07-03 14:19 - 00000000 ____D C:\Users\Wolf\AppData\Local\{7CCEC242-2BBD-411B-828D-DD31134D378F}
2012-07-03 02:19 - 2012-07-03 02:19 - 00000000 ____D C:\Users\Wolf\AppData\Local\{BBEF8BD7-C353-4307-ADAA-FDE52A788FDA}
2012-07-02 09:07 - 2012-07-02 09:07 - 00000000 ____D C:\Users\Wolf\Desktop\v2_01_30_src
2012-07-02 09:06 - 2012-07-02 09:06 - 00842238 ____A C:\Users\Wolf\Downloads\v2_01_30_src.rar
2012-07-02 09:00 - 2012-07-02 09:00 - 00000977 ____A C:\Users\Wolf\Desktop\ShiftWindow.lnk
2012-07-02 09:00 - 2012-07-02 09:00 - 00000977 ____A C:\Users\UpdatusUser\Desktop\ShiftWindow.lnk
2012-07-02 09:00 - 2012-07-02 09:00 - 00000000 ____D C:\Program Files (x86)\ShiftWindow
2012-07-02 08:59 - 2012-07-02 08:59 - 00513522 ____A (Grismar ) C:\Users\Wolf\Downloads\setup(1).exe
2012-07-02 07:07 - 2012-07-02 07:07 - 00000000 ____D C:\Users\Wolf\AppData\Local\{4F05B001-2C83-48C2-B79C-9E4B9B727C5B}
2012-07-02 07:07 - 2012-07-02 07:07 - 00000000 ____D C:\Users\Wolf\AppData\Local\{3D27E9A4-A6DE-486C-BB66-486B92668FE3}
2012-07-01 19:07 - 2012-07-01 19:07 - 00000000 ____D C:\Users\Wolf\AppData\Local\{B70EA9CD-4F08-4057-BBD1-E55691C5A4BA}
2012-07-01 19:06 - 2012-07-01 19:07 - 00000000 ____D C:\Users\Wolf\AppData\Local\{DD4D0281-DBD4-49D7-BB73-A534DBA9CA33}
2012-07-01 07:06 - 2012-07-01 07:06 - 00000000 ____D C:\Users\Wolf\AppData\Local\{19A74BC8-0078-4FFD-98ED-07ACD80B0CB1}
2012-07-01 07:06 - 2012-07-01 07:06 - 00000000 ____D C:\Users\Wolf\AppData\Local\{18C1F4F6-E5CC-49CC-8F5A-AA14FA548862}
2012-07-01 01:52 - 2012-07-01 01:52 - 00001816 ____A C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
2012-06-30 19:06 - 2012-06-30 19:06 - 00000000 ____D C:\Users\Wolf\AppData\Local\{D67BBC4A-4B81-48B3-A3B1-CD80829B58D4}
2012-06-30 07:05 - 2012-06-30 19:06 - 00000000 ____D C:\Users\Wolf\AppData\Local\{30DB2335-E23C-451C-91E8-37955A3AB7A2}
2012-06-30 07:05 - 2012-06-30 07:05 - 00000000 ____D C:\Users\Wolf\AppData\Local\{35A8D853-DE7C-4519-A17A-916878371D1F}
2012-06-29 19:05 - 2012-06-29 19:05 - 00000000 ____D C:\Users\Wolf\AppData\Local\{2E75E856-3E0C-4AD7-8CE3-84B1AF5BECD9}
2012-06-29 19:04 - 2012-06-29 19:05 - 00000000 ____D C:\Users\Wolf\AppData\Local\{8212A107-641E-4874-8C2D-6741FBA81D24}
2012-06-29 07:04 - 2012-06-29 07:04 - 00000000 ____D C:\Users\Wolf\AppData\Local\{A2E398E1-2CA8-4ECB-870E-A2CCF83D1359}
2012-06-29 07:04 - 2012-06-29 07:04 - 00000000 ____D C:\Users\Wolf\AppData\Local\{7F308994-004E-4B02-8C31-F7EC0BED7BF7}
2012-06-28 19:04 - 2012-06-28 19:04 - 00000000 ____D C:\Users\Wolf\AppData\Local\{E89850F8-088F-4E4F-8350-68944757FBAD}
2012-06-28 11:27 - 2012-06-28 11:27 - 00999771 ____A C:\Users\Wolf\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2(1).jar
2012-06-28 11:24 - 2012-06-28 11:24 - 00449532 ____A C:\Users\Wolf\Downloads\skmclauncher-3.1.5-win.zip
2012-06-28 11:23 - 2012-06-28 11:23 - 00721312 ____A C:\Users\Wolf\Downloads\worldedit-5.3.zip
2012-06-28 07:44 - 2012-06-28 07:44 - 00428904 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-06-28 07:03 - 2012-06-28 19:04 - 00000000 ____D C:\Users\Wolf\AppData\Local\{BBBD3C5B-3766-4542-8B9D-35DE72A438CD}
2012-06-28 07:03 - 2012-06-28 07:03 - 00000000 ____D C:\Users\Wolf\AppData\Local\{F51CB5ED-3847-4F85-829A-B8B4DAC3AF24}
2012-06-27 19:03 - 2012-06-27 19:03 - 00000000 ____D C:\Users\Wolf\AppData\Local\{F07BFE85-5A3F-49B3-BC6A-DB405EF7AC2C}
2012-06-27 12:54 - 2012-06-27 12:55 - 00000028 ____A C:\Users\Wolf\Desktop\Leon.txt
2012-06-27 07:02 - 2012-06-27 19:03 - 00000000 ____D C:\Users\Wolf\AppData\Local\{827E3157-12F9-4EA4-8BAF-B16E4C87076C}
2012-06-27 07:02 - 2012-06-27 07:03 - 00000000 ____D C:\Users\Wolf\AppData\Local\{053F33F2-B397-41A1-830C-B49DFE49B097}
2012-06-27 06:29 - 2012-06-27 06:48 - 00000000 ____D C:\Users\Wolf\AppData\Local\Turbine
2012-06-26 19:02 - 2012-06-26 19:02 - 00000000 ____D C:\Users\Wolf\AppData\Local\{B342EEBE-CC1A-4074-B90E-D4D677AF9B1A}
2012-06-26 19:02 - 2012-06-26 19:02 - 00000000 ____D C:\Users\Wolf\AppData\Local\{328B3B4E-928A-4B0A-92F8-AE3813362F87}
2012-06-26 16:40 - 2012-06-26 16:40 - 00999771 ____A C:\Users\Wolf\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar
2012-06-26 16:36 - 2012-05-22 03:32 - 08386590 ____A C:\Users\Wolf\Downloads\Soartex Fanver.zip
2012-06-26 16:28 - 2012-06-26 16:28 - 01581077 ____A C:\Users\Wolf\Downloads\mcpatcher-2.3.7_02.exe
2012-06-26 16:27 - 2012-06-26 16:27 - 04389435 ____A C:\Users\Wolf\Downloads\DokuCraft_218326.zip
2012-06-26 16:25 - 2012-06-28 11:25 - 00000000 ____D C:\Users\Wolf\AppData\Roaming\.minecraft
2012-06-26 16:24 - 2012-06-26 16:24 - 00278561 ____A C:\Users\Wolf\Downloads\Minecraft(1).exe
2012-06-26 15:49 - 2012-06-26 15:49 - 00000879 ____A C:\Users\Public\Desktop\Eien no Aselia - Kono Daichi no Hate de English.lnk
2012-06-26 09:35 - 2012-06-26 09:35 - 12691448 ____A C:\Users\Wolf\Downloads\EQ2_Streaming_setup.exe
2012-06-26 07:01 - 2012-06-26 07:01 - 00000000 ____D C:\Users\Wolf\AppData\Local\{EDEED63E-1D1E-485A-A9D4-599C8A81CA93}
2012-06-26 07:01 - 2012-06-26 07:01 - 00000000 ____D C:\Users\Wolf\AppData\Local\{8EAFD0F1-502E-4E5A-82EA-AE2E76A2865A}
2012-06-26 03:08 - 2012-06-26 03:08 - 00000000 ____D C:\Users\Wolf\Documents\Electronic Arts
2012-06-25 19:01 - 2012-06-25 19:01 - 00000000 ____D C:\Users\Wolf\AppData\Local\{00BF9CE8-5CF8-4D00-B803-7B9307F41994}
2012-06-25 18:25 - 2012-06-25 18:25 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-06-25 15:57 - 2012-06-26 08:44 - 00000000 ____D C:\Users\Wolf\AppData\Local\Deployment
2012-06-25 15:57 - 2012-06-25 15:57 - 00008912 ____A C:\Users\Wolf\Downloads\Launcher.application
2012-06-25 15:57 - 2012-06-25 15:57 - 00000000 ____D C:\Users\Wolf\AppData\Local\Apps\2.0
2012-06-25 07:00 - 2012-06-25 19:01 - 00000000 ____D C:\Users\Wolf\AppData\Local\{3C9F679B-D2F8-4B9C-AC94-F61911986C76}
2012-06-25 07:00 - 2012-06-25 07:00 - 00000000 ____D C:\Users\Wolf\AppData\Local\{386F9BE2-3C9E-4AAB-9F9A-8DD3D049D05C}
2012-06-25 06:48 - 2012-06-25 06:48 - 00000000 ____D C:\Users\Wolf\AppData\Roaming\LolClient
2012-06-24 19:14 - 2012-06-24 19:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-24 19:14 - 2012-06-24 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-24 19:00 - 2012-06-24 19:00 - 00000000 ____D C:\Users\Wolf\AppData\Local\{76B6AEFA-E774-4B9B-A39E-8862D14576A8}
2012-06-24 12:47 - 2012-06-24 12:48 - 63343378 ____A C:\Users\Wolf\Downloads\Japanese Voices v1.1.rar
2012-06-24 12:41 - 2012-06-24 12:43 - 97742831 ____A C:\Users\Wolf\Downloads\De-Censor Elin v1.4.rar
2012-06-24 11:08 - 2012-06-24 11:08 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-24 09:47 - 2012-06-24 09:47 - 00893936 ____A (Oracle Corporation) C:\Users\Wolf\Downloads\jxpiinstall(2).exe
2012-06-24 09:44 - 2012-06-24 09:44 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-24 09:22 - 2012-06-24 09:23 - 00893936 ____A (Oracle Corporation) C:\Users\Wolf\Downloads\jxpiinstall(1).exe
2012-06-24 06:59 - 2012-06-24 19:00 - 00000000 ____D C:\Users\Wolf\AppData\Local\{2CF2459F-10E6-4D67-90AF-90A23A31BC63}
2012-06-24 06:59 - 2012-06-24 06:59 - 00000000 ____D C:\Users\Wolf\AppData\Local\{99F07183-FB54-476D-BC64-896A340E338C}
2012-06-23 19:27 - 2012-06-23 19:27 - 02322184 ____A (ESET) C:\Users\Wolf\Downloads\esetsmartinstaller_enu.exe
2012-06-23 19:27 - 2012-06-23 19:27 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-23 19:22 - 2012-06-23 19:22 - 00448512 ____A (OldTimer Tools) C:\Users\Wolf\Downloads\TFC(1).exe
2012-06-23 19:21 - 2012-06-23 19:21 - 00448512 ____A (OldTimer Tools) C:\Users\Wolf\Downloads\TFC.exe
2012-06-23 18:45 - 2012-06-23 18:45 - 00340631 ____A C:\Users\Wolf\Downloads\FSS.exe
2012-06-23 18:43 - 2012-06-23 18:43 - 00869194 ____A C:\Users\Wolf\Desktop\SecurityCheck.exe
2012-06-23 08:06 - 2012-06-23 08:23 - 00000000 ____D C:\Windows\erdnt
2012-06-23 08:03 - 2012-06-23 08:03 - 04565820 ____R (Swearware) C:\Users\Wolf\Downloads\ComboFix.exe
2012-06-23 07:16 - 2012-06-23 07:16 - 00000000 ____D C:\Users\Wolf\AppData\Local\{8F9356F6-CE63-43B5-83D6-45A507FF9D79}
2012-06-23 07:15 - 2012-06-23 07:16 - 00000000 ____D C:\Users\Wolf\AppData\Local\{5F058FAA-C157-4A9F-A777-7838376FA504}
2012-06-22 19:55 - 2012-06-23 06:25 - 00000000 ____D C:\FRST
2012-06-22 19:19 - 2012-07-15 04:45 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-22 19:19 - 2012-07-03 03:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-22 19:17 - 2012-06-22 19:17 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Wolf\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-22 19:15 - 2012-06-22 19:15 - 00000000 ____D C:\Users\Wolf\AppData\Local\{BA2FCC45-41CF-4CE1-9A35-DF6C90610EC6}
2012-06-22 19:15 - 2012-06-22 19:15 - 00000000 ____D C:\Users\Wolf\AppData\Local\{A80C7E37-2C66-42EF-B700-CAD836E02A79}
2012-06-22 18:46 - 2012-06-22 18:46 - 00000000 ____D C:\Users\Wolf\AppData\Local\{CDDBEACB-4201-4A8D-AF2E-0DFB32D4E345}
2012-06-22 18:46 - 2012-06-22 18:46 - 00000000 ____D C:\Users\Wolf\AppData\Local\{C1819089-6D43-46EC-9F62-DF51C748EFE8}
2012-06-22 18:37 - 2012-07-15 05:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 18:37 - 2012-06-22 18:37 - 00000000 ____D C:\Users\Wolf\AppData\Roaming\Malwarebytes
2012-06-22 18:37 - 2012-06-22 18:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-22 06:43 - 2012-06-22 06:43 - 00000000 ____D C:\Users\Wolf\AppData\Local\{77DABEC5-5C82-451E-9F08-AC88BC745E43}
2012-06-22 06:42 - 2012-06-22 06:43 - 00000000 ____D C:\Users\Wolf\AppData\Local\{3ED33445-25D4-4BB7-AA43-18DE6DA892B7}
2012-06-22 04:38 - 2012-06-22 05:04 - 00003003 ____A C:\formatter.log
2012-06-22 04:37 - 2012-06-22 04:37 - 00000000 ____D C:\Program Files (x86)\SDA
2012-06-22 04:36 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Wolf\AppData\Local\Downloaded Installations
2012-06-21 22:49 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 22:49 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 22:49 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 22:48 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 22:48 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 22:48 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 22:48 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 22:48 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 22:48 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 18:42 - 2012-06-21 18:42 - 00000000 ____D C:\Users\Wolf\AppData\Local\{904B9BEC-36D2-42B7-ABD5-6D0BD92B144E}
2012-06-21 17:42 - 2012-06-21 17:48 - 56679244 ____A C:\Users\Wolf\Downloads\XXXX-PCPv2-U.rar
2012-06-21 17:42 - 2012-06-21 17:42 - 00000617 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2012-06-21 17:42 - 2012-06-21 17:42 - 00000000 ____D C:\Users\Wolf\AppData\Local\TERA
2012-06-21 17:39 - 2012-06-21 17:41 - 90847904 ____A (En Masse Entertainment) C:\Users\Wolf\Downloads\TERA-Setup.exe
2012-06-21 16:58 - 2012-06-21 19:58 - 00000000 ____D C:\Users\Wolf\Desktop\New folder (2)
2012-06-21 16:57 - 2012-06-21 17:09 - 56701864 ____A C:\Users\Wolf\Downloads\6039 - Pokemon Conquest (U).rar
2012-06-21 16:57 - 2012-06-21 16:57 - 00060136 ____A C:\Users\Wolf\Downloads\PMQ_USA_AP-Patch2.rar
2012-06-21 16:46 - 2012-06-21 16:46 - 03095908 ____A C:\Users\Wolf\Downloads\AKAIO 1.8.9z.rar
2012-06-21 16:46 - 2012-06-21 16:46 - 00984640 ____A C:\Users\Wolf\Downloads\USRCheat_4-11-12.7z
2012-06-21 16:32 - 2012-06-21 16:34 - 57350521 ____A C:\Users\Wolf\Downloads\XXXX - Pok駑on Conquest (USA) (PATCHEDv2).rar
2012-06-21 06:42 - 2012-06-21 06:42 - 00000000 ____D C:\Users\Wolf\AppData\Local\{8C33D810-B9B6-483E-B34E-118A76D469D3}
2012-06-21 06:41 - 2012-06-21 18:42 - 00000000 ____D C:\Users\Wolf\AppData\Local\{18F95A37-F8CE-4FEE-A2FC-B0335E1C4D06}
2012-06-21 05:44 - 2012-06-21 09:23 - 00000000 ____D C:\Users\Wolf\Downloads\The.Last.Remnant-RELOADED
2012-06-21 05:42 - 2012-06-21 05:44 - 73520661 ____A C:\Users\Wolf\Downloads\minecraft.rar
2012-06-21 05:20 - 2012-06-21 05:20 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-21 05:20 - 2012-06-21 05:20 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-21 05:20 - 2012-06-21 05:20 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-21 05:20 - 2012-06-21 05:20 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-21 05:20 - 2012-06-21 05:20 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-21 05:20 - 2012-06-21 05:20 - 00000000 ____D C:\Program Files\Java
2012-06-21 05:19 - 2012-06-21 05:19 - 21869488 ____A (Oracle Corporation) C:\Users\Wolf\Downloads\jre-7u5-windows-x64.exe
2012-06-21 05:17 - 2012-06-25 18:17 - 00001063 ____A C:\Users\Wolf\Desktop\Minecraft - Shortcut.lnk
2012-06-21 05:17 - 2012-06-21 05:17 - 00278561 ____A C:\Users\Wolf\Downloads\Minecraft.exe
2012-06-21 03:09 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-21 03:09 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-20 18:41 - 2012-06-20 18:41 - 00000000 ____D C:\Users\Wolf\AppData\Local\{B258CAE5-67E1-4958-BE42-32FEE0B205DD}
2012-06-20 17:56 - 2012-06-20 18:57 - 00004725 ____A C:\Users\Wolf\Desktop\New Text Document (3).txt
2012-06-20 13:24 - 2012-06-20 13:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-20 06:41 - 2012-06-20 06:41 - 00000000 ____D C:\Users\Wolf\AppData\Local\{F9259AB6-1DC3-4E8B-8AC8-9ACCA67DB57F}
2012-06-20 06:40 - 2012-06-20 18:41 - 00000000 ____D C:\Users\Wolf\AppData\Local\{DB8A37B4-6AE8-4614-9533-7AFD0F18838C}
2012-06-19 16:12 - 2012-06-19 16:12 - 00000000 ____D C:\Users\Wolf\AppData\Local\{967CB5D5-3013-4872-9DFA-B2CBDE65073B}
2012-06-19 07:16 - 2012-06-19 07:16 - 00000000 ____D C:\Users\Wolf\AppData\Roaming\Folding@home-x86
2012-06-19 07:16 - 2012-06-19 07:16 - 00000000 ____D C:\Program Files (x86)\Folding@home
2012-06-19 07:15 - 2012-06-19 07:15 - 02878976 ____A C:\Users\Wolf\Downloads\Folding@home-Win32-x86-systray-623.msi
2012-06-19 04:11 - 2012-06-19 16:12 - 00000000 ____D C:\Users\Wolf\AppData\Local\{E7495E72-311F-4F4E-9F23-312AE87026EA}
2012-06-19 04:11 - 2012-06-19 04:12 - 00000000 ____D C:\Users\Wolf\AppData\Local\{34B56388-6578-42AB-9D56-59148B615D56}
2012-06-18 06:54 - 2012-06-18 07:13 - 00006527 ____A C:\Users\Wolf\Desktop\New Text Document (2).txt
2012-06-18 06:49 - 2012-06-18 06:49 - 00000000 ____D C:\Users\Wolf\AppData\Local\{F7C8FF26-2A7C-44BA-A1BE-6E12077664B8}
2012-06-17 13:33 - 2012-06-17 13:34 - 00000000 ____D C:\Users\Wolf\Desktop\New folder
2012-06-17 06:09 - 2012-06-17 18:10 - 00000000 ____D C:\Users\Wolf\AppData\Local\{864C3DB0-747B-4FAB-9441-5A31AA087E0C}
 
============ 3 Months Modified Files ========================

2012-07-17 04:37 - 2012-02-01 14:03 - 01162618 ____A C:\Windows\WindowsUpdate.log
2012-07-17 04:37 - 2012-02-01 09:40 - 00422068 ____A C:\Windows\System32\perfh011.dat
2012-07-17 04:37 - 2012-02-01 09:40 - 00126022 ____A C:\Windows\System32\perfc011.dat
2012-07-17 04:37 - 2012-02-01 09:19 - 00425622 ____A C:\Windows\System32\perfh012.dat
2012-07-17 04:37 - 2012-02-01 09:19 - 00124184 ____A C:\Windows\System32\perfc012.dat
2012-07-17 04:37 - 2012-02-01 09:12 - 00744962 ____A C:\Windows\System32\perfh013.dat
2012-07-17 04:37 - 2012-02-01 09:12 - 00157512 ____A C:\Windows\System32\perfc013.dat
2012-07-17 04:37 - 2012-02-01 08:44 - 00698898 ____A C:\Windows\System32\perfh007.dat
2012-07-17 04:37 - 2012-02-01 08:44 - 00153222 ____A C:\Windows\System32\perfc007.dat
2012-07-17 04:37 - 2009-07-13 21:13 - 03640564 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-17 04:36 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-17 04:36 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 04:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 04:28 - 2009-07-13 20:51 - 00033874 ____A C:\Windows\setupact.log
2012-07-16 13:59 - 2012-02-01 06:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-16 08:48 - 2012-07-16 08:48 - 00607260 ____R (Swearware) C:\Users\Wolf\Downloads\dds.scr
2012-07-16 08:44 - 2012-07-16 08:44 - 00302592 ____A C:\Users\Wolf\Downloads\mhemx0td.exe
2012-07-16 08:21 - 2012-07-16 08:21 - 00302592 ____A C:\Users\Wolf\Downloads\04lxq7zo.exe
2012-07-16 08:19 - 2010-11-20 19:47 - 00429616 ____A C:\Windows\PFRO.log
2012-07-16 03:46 - 2012-07-16 03:43 - 00076525 ____A C:\Users\Wolf\Downloads\yorkyt.exe.log
2012-07-16 03:43 - 2012-07-16 03:43 - 01415784 ____A C:\Users\Wolf\Downloads\yorkyt.exe
2012-07-15 17:01 - 2012-05-25 07:57 - 03580904 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-15 04:45 - 2012-06-22 19:19 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 16:22 - 2012-05-28 12:56 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-14 16:22 - 2012-05-28 08:03 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-14 16:22 - 2012-05-28 08:03 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-14 16:14 - 2012-05-28 08:03 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-14 15:58 - 2012-05-28 10:11 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-07-14 15:27 - 2012-07-14 14:55 - 209000000 ____A C:\Users\Wolf\Downloads\Shuffle.part4.rar
2012-07-14 15:20 - 2012-07-14 15:20 - 00001037 ____A C:\Users\Wolf\Desktop\Dropbox.lnk
2012-07-14 15:06 - 2012-07-14 13:56 - 209000000 ____A C:\Users\Wolf\Downloads\Shuffle.part2.rar
2012-07-14 13:43 - 2012-07-14 13:42 - 17755632 ____A (Dropbox, Inc.) C:\Users\Wolf\Downloads\Dropbox 1.4.11.exe
2012-07-14 13:04 - 2012-07-14 13:03 - 00682220 ____A (BURIKO Co.,Ltd.) C:\Users\Wolf\Downloads\shuffle.exe
2012-07-14 12:51 - 2012-07-14 12:51 - 00000950 ____A C:\Users\Wolf\Desktop\WBFS Manager 3.0.lnk
2012-07-14 12:51 - 2012-07-14 12:50 - 02847970 ____A C:\Users\Wolf\Downloads\WBFSManager3.0.1-RTW-x64.zip
2012-07-14 12:49 - 2012-07-14 12:49 - 02623374 ____A C:\Users\Wolf\Downloads\WBFSManager3.0.1-RTW-x86.zip
2012-07-14 12:46 - 2012-02-01 05:40 - 00032320 ____A (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS
2012-07-14 11:09 - 2012-07-14 11:09 - 00000936 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2012-07-14 11:08 - 2012-07-14 11:07 - 21764672 ____A (ArenaNet) C:\Users\Wolf\Downloads\Gw2Setup.exe
2012-07-13 18:29 - 2012-07-13 18:29 - 00119771 ____A C:\Users\Wolf\Downloads\StreamPrivacy.zip
2012-07-13 12:19 - 2012-07-13 09:54 - 00000934 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-07-13 10:50 - 2012-07-13 09:52 - 68326616 ____A C:\Users\Wolf\Desktop\Foh Ricky.zip
2012-07-12 07:56 - 2012-07-12 07:54 - 176792672 ____A (NVIDIA Corporation) C:\Users\Wolf\Downloads\304.79-desktop-win8-win7-winvista-64bit-english-beta.exe
2012-07-12 07:50 - 2012-07-12 07:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-12 07:50 - 2012-07-12 07:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-12 04:59 - 2012-02-01 06:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 04:59 - 2012-02-01 06:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 01:20 - 2009-07-13 20:45 - 04904192 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 15:23 - 2012-02-01 06:15 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 10:26 - 2012-07-11 10:26 - 00291592 ____A C:\Windows\Minidump\071112-19032-01.dmp
2012-07-11 10:25 - 2012-07-11 10:25 - 628349831 ____A C:\Windows\MEMORY.DMP
2012-07-11 09:51 - 2012-07-11 09:49 - 142405482 ____A C:\Users\Wolf\Downloads\321324314uuu9.rar
2012-07-11 03:27 - 2012-07-11 03:05 - 135089012 ____A C:\Users\Wolf\Downloads\skyyupIIIII5(1).rar
2012-07-11 03:00 - 2012-07-11 02:27 - 58368000 ____A C:\Users\Wolf\Downloads\skyyupIIIII5.rar.part
2012-07-11 03:00 - 2012-07-11 02:27 - 00000210 ____A C:\Users\Wolf\Downloads\skyyupIIIII5.rar
2012-07-10 14:39 - 2012-07-10 14:39 - 00295316 ____A () C:\Users\Wolf\Downloads\Post_Process_Injector_2_1_Installer-131-2-1.exe
2012-07-10 14:32 - 2012-07-10 14:32 - 00383395 ____A C:\Users\Wolf\Downloads\Confidence-Man_ENB_v1_6_no_dll-5253-1-6.rar
2012-07-10 14:26 - 2012-07-10 14:26 - 03842975 ____A (Black Tree Gaming ) C:\Users\Wolf\Downloads\Nexus Mod Manager-0.18.9.exe
2012-07-10 14:18 - 2012-07-10 14:18 - 00325160 ____A C:\Users\Wolf\Downloads\skse_1_05_09.7z
2012-07-07 11:22 - 2012-07-07 11:22 - 13085120 ____A (Microsoft Corporation) C:\Users\Wolf\Downloads\Silverlight_x64.exe
2012-07-06 18:05 - 2012-07-06 18:05 - 00001306 ____A C:\Users\Public\Desktop\Magic The Gathering - Duels of the Planeswalkers.lnk
2012-07-06 09:52 - 2012-07-06 09:52 - 00002317 ____A C:\Users\Wolf\Documents\buh.xml
2012-07-06 09:38 - 2012-07-06 09:38 - 01504939 ____A (TheEnigmaBlade) C:\Users\Wolf\Downloads\Enigma_Item_Changer_2.2.1_installer.exe
2012-07-06 07:15 - 2012-07-06 07:15 - 00072712 ____A C:\Users\Wolf\Downloads\Tom.Clancys.Ghost.Recon.Future.Soldier-SKIDROW.torrent
2012-07-06 05:52 - 2012-07-06 05:52 - 00933256 ____A (DivX, LLC) C:\Users\Wolf\Downloads\DivXInstaller(1).exe
2012-07-03 10:47 - 2012-02-01 05:30 - 00278588 ____A C:\Windows\DirectX.log
2012-07-03 10:24 - 2012-07-03 10:24 - 00002028 ____A C:\Users\Public\Desktop\Smite Closed Beta.lnk
2012-07-03 10:23 - 2012-07-03 10:23 - 13845856 ____A (Hi-Rez Studios) C:\Users\Wolf\Downloads\InstallHiRezGamesEnglish.exe
2012-07-03 03:46 - 2012-06-22 19:19 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 09:06 - 2012-07-02 09:06 - 00842238 ____A C:\Users\Wolf\Downloads\v2_01_30_src.rar
2012-07-02 09:00 - 2012-07-02 09:00 - 00000977 ____A C:\Users\Wolf\Desktop\ShiftWindow.lnk
2012-07-02 09:00 - 2012-07-02 09:00 - 00000977 ____A C:\Users\UpdatusUser\Desktop\ShiftWindow.lnk
2012-07-02 08:59 - 2012-07-02 08:59 - 00513522 ____A (Grismar ) C:\Users\Wolf\Downloads\setup(1).exe
2012-07-01 01:52 - 2012-07-01 01:52 - 00001816 ____A C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
2012-06-28 19:37 - 2012-07-12 07:57 - 26226536 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 19828072 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 18228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 13365608 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-06-28 19:37 - 2012-07-12 07:57 - 09164648 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 07699304 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 02744680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 02573160 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 02216296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 01865064 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 00828264 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-06-28 19:37 - 2012-07-12 07:57 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-06-28 19:37 - 2012-02-09 13:43 - 00969064 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-06-28 19:37 - 2012-02-09 13:43 - 00060776 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-06-28 19:37 - 2012-02-09 13:43 - 00052584 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-06-28 19:37 - 2012-02-01 05:32 - 15290216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-06-28 19:37 - 2012-02-01 05:32 - 14806376 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-06-28 19:37 - 2012-02-01 05:32 - 12388712 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-06-28 19:37 - 2012-02-01 05:32 - 02723688 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-06-28 19:37 - 2012-02-01 05:32 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-06-28 19:37 - 2012-02-01 05:32 - 01758056 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-06-28 19:37 - 2012-02-01 05:32 - 00016048 ____A C:\Windows\System32\nvinfo.pb
2012-06-28 15:56 - 2012-02-01 07:40 - 02667062 ____A C:\Windows\System32\nvcoproc.bin
2012-06-28 15:55 - 2012-02-01 05:32 - 06193000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-06-28 15:55 - 2012-02-01 05:32 - 03266408 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-06-28 15:55 - 2012-02-01 05:32 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-06-28 15:55 - 2012-02-01 05:32 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-06-28 15:55 - 2012-02-01 05:32 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-06-28 11:27 - 2012-06-28 11:27 - 00999771 ____A C:\Users\Wolf\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2(1).jar
2012-06-28 11:24 - 2012-06-28 11:24 - 00449532 ____A C:\Users\Wolf\Downloads\skmclauncher-3.1.5-win.zip
2012-06-28 11:23 - 2012-06-28 11:23 - 00721312 ____A C:\Users\Wolf\Downloads\worldedit-5.3.zip
2012-06-28 07:44 - 2012-06-28 07:44 - 00428904 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-06-27 12:55 - 2012-06-27 12:54 - 00000028 ____A C:\Users\Wolf\Desktop\Leon.txt
2012-06-26 19:13 - 2012-02-01 05:33 - 00061376 ____A C:\Users\Wolf\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-26 16:40 - 2012-06-26 16:40 - 00999771 ____A C:\Users\Wolf\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar
2012-06-26 16:32 - 2011-07-27 13:57 - 01684977 ____A C:\Users\Wolf\Downloads\DokuCraft_2.5_Light.zip
2012-06-26 16:28 - 2012-06-26 16:28 - 01581077 ____A C:\Users\Wolf\Downloads\mcpatcher-2.3.7_02.exe
2012-06-26 16:27 - 2012-06-26 16:27 - 04389435 ____A C:\Users\Wolf\Downloads\DokuCraft_218326.zip
2012-06-26 16:24 - 2012-06-26 16:24 - 00278561 ____A C:\Users\Wolf\Downloads\Minecraft(1).exe
2012-06-26 15:49 - 2012-06-26 15:49 - 00000879 ____A C:\Users\Public\Desktop\Eien no Aselia - Kono Daichi no Hate de English.lnk
2012-06-26 09:35 - 2012-06-26 09:35 - 12691448 ____A C:\Users\Wolf\Downloads\EQ2_Streaming_setup.exe
2012-06-25 18:17 - 2012-06-21 05:17 - 00001063 ____A C:\Users\Wolf\Desktop\Minecraft - Shortcut.lnk
2012-06-25 15:57 - 2012-06-25 15:57 - 00008912 ____A C:\Users\Wolf\Downloads\Launcher.application
2012-06-24 19:17 - 2012-05-25 07:57 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-24 12:48 - 2012-06-24 12:47 - 63343378 ____A C:\Users\Wolf\Downloads\Japanese Voices v1.1.rar
2012-06-24 12:43 - 2012-06-24 12:41 - 97742831 ____A C:\Users\Wolf\Downloads\De-Censor Elin v1.4.rar
2012-06-24 09:47 - 2012-06-24 09:47 - 00893936 ____A (Oracle Corporation) C:\Users\Wolf\Downloads\jxpiinstall(2).exe
2012-06-24 09:44 - 2012-06-24 09:44 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-24 09:23 - 2012-06-24 09:22 - 00893936 ____A (Oracle Corporation) C:\Users\Wolf\Downloads\jxpiinstall(1).exe
2012-06-23 19:27 - 2012-06-23 19:27 - 02322184 ____A (ESET) C:\Users\Wolf\Downloads\esetsmartinstaller_enu.exe
2012-06-23 19:22 - 2012-06-23 19:22 - 00448512 ____A (OldTimer Tools) C:\Users\Wolf\Downloads\TFC(1).exe
2012-06-23 19:21 - 2012-06-23 19:21 - 00448512 ____A (OldTimer Tools) C:\Users\Wolf\Downloads\TFC.exe
2012-06-23 18:45 - 2012-06-23 18:45 - 00340631 ____A C:\Users\Wolf\Downloads\FSS.exe
2012-06-23 18:43 - 2012-06-23 18:43 - 00869194 ____A C:\Users\Wolf\Desktop\SecurityCheck.exe
2012-06-23 08:19 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-23 08:03 - 2012-06-23 08:03 - 04565820 ____R (Swearware) C:\Users\Wolf\Downloads\ComboFix.exe
2012-06-22 19:17 - 2012-06-22 19:17 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Wolf\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-22 05:04 - 2012-06-22 04:38 - 00003003 ____A C:\formatter.log
2012-06-21 17:48 - 2012-06-21 17:42 - 56679244 ____A C:\Users\Wolf\Downloads\XXXX-PCPv2-U.rar
2012-06-21 17:42 - 2012-06-21 17:42 - 00000617 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2012-06-21 17:41 - 2012-06-21 17:39 - 90847904 ____A (En Masse Entertainment) C:\Users\Wolf\Downloads\TERA-Setup.exe
2012-06-21 17:09 - 2012-06-21 16:57 - 56701864 ____A C:\Users\Wolf\Downloads\6039 - Pokemon Conquest (U).rar
2012-06-21 16:57 - 2012-06-21 16:57 - 00060136 ____A C:\Users\Wolf\Downloads\PMQ_USA_AP-Patch2.rar
2012-06-21 16:46 - 2012-06-21 16:46 - 03095908 ____A C:\Users\Wolf\Downloads\AKAIO 1.8.9z.rar
2012-06-21 16:46 - 2012-06-21 16:46 - 00984640 ____A C:\Users\Wolf\Downloads\USRCheat_4-11-12.7z
2012-06-21 16:34 - 2012-06-21 16:32 - 57350521 ____A C:\Users\Wolf\Downloads\XXXX - Pok駑on Conquest (USA) (PATCHEDv2).rar
2012-06-21 05:44 - 2012-06-21 05:42 - 73520661 ____A C:\Users\Wolf\Downloads\minecraft.rar
2012-06-21 05:20 - 2012-06-21 05:20 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-21 05:20 - 2012-06-21 05:20 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-21 05:20 - 2012-06-21 05:20 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-21 05:20 - 2012-06-21 05:20 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-21 05:20 - 2012-06-21 05:20 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-21 05:19 - 2012-06-21 05:19 - 21869488 ____A (Oracle Corporation) C:\Users\Wolf\Downloads\jre-7u5-windows-x64.exe
2012-06-21 05:17 - 2012-06-21 05:17 - 00278561 ____A C:\Users\Wolf\Downloads\Minecraft.exe
2012-06-20 18:57 - 2012-06-20 17:56 - 00004725 ____A C:\Users\Wolf\Desktop\New Text Document (3).txt
2012-06-19 07:15 - 2012-06-19 07:15 - 02878976 ____A C:\Users\Wolf\Downloads\Folding@home-Win32-x86-systray-623.msi
2012-06-18 07:13 - 2012-06-18 06:54 - 00006527 ____A C:\Users\Wolf\Desktop\New Text Document (2).txt
2012-06-15 17:04 - 2012-06-15 16:59 - 161912074 ____A C:\Users\Wolf\Downloads\[4ls]_katawa_shoujo_enigmatic_box_of_sound_[503ACD68].zip
2012-06-15 15:07 - 2012-06-15 15:07 - 00001905 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
2012-06-15 15:06 - 2012-06-15 15:06 - 01501409 ____A C:\Users\Wolf\Downloads\LOLReplay-0.7.9.1.exe
2012-06-15 08:51 - 2012-06-15 08:51 - 00000797 ____A C:\Users\Wolf\Desktop\Katawa Shoujo.lnk
2012-06-14 13:42 - 2012-06-14 13:42 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2012-06-13 18:53 - 2012-06-12 18:11 - 00005761 ____A C:\Users\Wolf\Desktop\New Text Document.txt
2012-06-11 19:08 - 2012-07-11 15:27 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 18:18 - 2012-06-11 18:17 - 00000049 ____A C:\Users\Wolf\Desktop\Pinger.txt
2012-06-10 12:19 - 2012-06-10 12:19 - 01735565 ____A (Alexander Vigovsky ) C:\Users\Wolf\Downloads\ac3filter_2_4a_lite.exe
2012-06-10 11:20 - 2012-06-10 11:20 - 00933256 ____A (DivX, LLC) C:\Users\Wolf\Downloads\DivXInstaller.exe
2012-06-08 21:43 - 2012-07-11 07:02 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 07:02 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 06:23 - 2012-06-08 06:23 - 00000885 ____A C:\Users\UpdatusUser\Desktop\Play Star Wars Republic Commando.lnk
2012-06-06 16:05 - 2012-06-06 16:05 - 00000223 ____A C:\Windows\MugE.ini
2012-06-06 15:07 - 2012-06-06 15:07 - 00188960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wingde.dll
2012-06-06 15:02 - 2012-06-06 15:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wing32.dll
2012-06-06 15:02 - 2012-06-06 15:02 - 00006736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wingdib.drv
2012-06-06 15:02 - 2012-06-06 15:02 - 00005024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wingpal.wnd
2012-06-06 15:01 - 2012-06-06 15:01 - 00092208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wing.dll
2012-06-05 22:06 - 2012-07-11 07:02 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 07:02 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 07:02 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 07:02 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 07:02 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 15:11 - 2012-06-02 15:11 - 00001234 ____A C:\Users\Wolf\Desktop\Vindictus - Shortcut.lnk
2012-06-02 14:52 - 2012-06-02 14:49 - 130416408 ____A C:\Users\Wolf\Downloads\bmw_perfect_v97.rar
2012-06-02 14:19 - 2012-06-21 22:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 22:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 22:48 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 22:48 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 22:48 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 22:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 22:48 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:46 - 2012-06-02 13:46 - 00536576 ____A (Nexon) C:\Users\Wolf\Downloads\Vindictus_Downloader.exe
2012-06-02 13:46 - 2012-06-02 13:46 - 00446464 ____A (NEXON Inc.) C:\Windows\NEXON_EU_DownloaderUpdater.exe
2012-06-02 13:46 - 2012-06-02 13:46 - 00000235 ____A C:\Windows\SysWOW64\nxEuUninstall.bat
2012-06-02 13:35 - 2012-06-02 13:35 - 03655576 ____A (Nexon) C:\Users\Wolf\Downloads\Setup.exe
2012-06-02 08:21 - 2012-06-02 08:21 - 00621160 ____A (Copyright ゥ 2010 eSupport.com. All Rights Reserved.) C:\Users\Wolf\Downloads\driveragent_987.exe
2012-06-02 08:21 - 2012-06-02 08:21 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-06-02 07:08 - 2012-06-02 07:08 - 02013336 ____A C:\Users\Wolf\Downloads\MapleStoryDownloader.exe
2012-06-02 06:27 - 2012-06-02 06:08 - 113899850 ____A C:\Users\Wolf\Downloads\Bf3-mpcr.rar
2012-06-02 05:19 - 2012-06-21 22:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 22:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 15:22 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 15:22 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 15:23 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 15:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 15:23 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 15:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 15:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 15:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 15:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 15:23 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 15:23 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 15:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 15:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 15:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 15:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 15:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 15:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 15:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 15:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 15:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 15:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 15:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 15:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 15:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 15:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 15:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 15:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 15:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 07:02 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 07:02 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 07:02 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 07:02 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 07:02 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 07:02 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 07:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 07:02 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 07:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 08:24 - 2012-06-01 08:24 - 04171406 ____A C:\Users\Wolf\Downloads\XMouseButtonControlSetup.2.4.exe
2012-05-31 15:14 - 2012-05-31 15:14 - 00000092 ____A C:\Users\Wolf\AppData\Local\fusioncache.dat
2012-05-31 14:22 - 2012-05-31 14:19 - 168454136 ____A (NVIDIA Corporation) C:\Users\Wolf\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-31 14:17 - 2012-05-31 14:17 - 00892360 ____A (Oracle Corporation) C:\Users\Wolf\Downloads\jxpiinstall.exe
2012-05-31 09:18 - 2012-05-31 09:18 - 00001298 ____A C:\Users\Public\Desktop\Crysis.lnk
2012-05-31 05:37 - 2012-05-31 05:37 - 21503784 ____A (Macrovision Corporation) C:\Users\Wolf\Downloads\HWSE_SE_v3.2.2.1.exe
2012-05-31 05:36 - 2012-05-31 05:36 - 13387288 ____A (Macrovision Corporation) C:\Users\Wolf\Downloads\HCLINK_v3.2.2.1(2).exe
2012-05-31 05:29 - 2012-05-31 05:29 - 62444312 ____A (Macrovision Corporation) C:\Users\Wolf\Downloads\HCLINK_v2.9.0.0.exe
2012-05-31 05:28 - 2012-05-31 05:28 - 13387288 ____A (Macrovision Corporation) C:\Users\Wolf\Downloads\HCLINK_v3.2.2.1(1).exe
2012-05-31 05:06 - 2012-05-31 05:05 - 13387288 ____A (Macrovision Corporation) C:\Users\Wolf\Downloads\HCLINK_v3.2.2.1.exe
2012-05-30 04:28 - 2012-05-30 04:28 - 00001802 ____A C:\Users\Public\Desktop\Dragon Saga.lnk
2012-05-30 03:48 - 2012-05-30 03:48 - 00330120 ____A (Gravity Interactive, Inc.) C:\Users\Wolf\Downloads\DragonSaga-Installer-0.2.5-20120330.exe
2012-05-29 06:49 - 2012-05-29 06:49 - 00001989 ____A C:\Users\Public\Desktop\PCSX2 0.9.8 (r4600).lnk
2012-05-29 06:48 - 2012-05-29 06:48 - 12780479 ____A C:\Users\Wolf\Downloads\pcsx2-0.9.8-r4600-setup.exe
2012-05-29 06:48 - 2012-05-29 06:48 - 04353259 ____A (Igor Pavlov) C:\Users\Wolf\Downloads\dolphin-3.0-win64.exe
2012-05-29 05:41 - 2012-05-29 05:41 - 00002105 ____A C:\Users\Public\Desktop\A.V.A.lnk
2012-05-28 14:48 - 2012-05-28 14:48 - 00002560 ____A C:\Users\Wolf\Documents\Register Vegas Pro.htm
2012-05-28 14:44 - 2012-05-28 14:44 - 00001908 ____A C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
2012-05-28 14:38 - 2012-05-28 14:38 - 00000562 ____A C:\Users\Wolf\Desktop\Fraps.lnk
2012-05-28 12:53 - 2012-05-28 12:53 - 00001907 ____A C:\Users\Public\Desktop\ijji REACTOR.lnk
2012-05-28 12:52 - 2012-05-28 12:52 - 07822632 ____A (Macrovision Corporation) C:\Users\Wolf\Downloads\IJJI_REACTOR_INST_EN.exe
2012-05-28 11:12 - 2012-05-28 07:34 - 198654664 ____A C:\Users\Wolf\Downloads\U_AVA_SETUP_Jan2012.zip
2012-05-28 09:12 - 2012-05-28 09:12 - 00000796 ____A C:\Users\Public\Desktop\Dragon Nest.lnk
2012-05-28 08:40 - 2012-05-28 07:28 - 2536606647 ____A (Shanda Games International) C:\Users\Wolf\Downloads\DNClientVer60_20120423.exe
2012-05-28 07:19 - 2012-05-28 07:18 - 02072456 ____A C:\Users\Wolf\Downloads\BlacklightRetribution_Downloader_EN.exe
2012-05-28 03:14 - 2012-05-28 03:14 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-28 03:14 - 2012-05-28 03:14 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-28 03:14 - 2012-05-28 03:14 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-28 03:14 - 2012-05-28 03:14 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-28 03:14 - 2012-05-28 03:14 - 00000725 ____A C:\Users\Wolf\Desktop\Dustforce.lnk
2012-05-27 13:17 - 2012-05-27 12:51 - 00021225 ____A C:\Users\Wolf\Documents\Install Dragon Age Origins.log
2012-05-27 13:05 - 2012-05-27 13:05 - 00000754 ____A C:\Users\Public\Desktop\Dragon Age Origins.lnk
2012-05-27 09:36 - 2012-05-27 09:36 - 00001147 ____A C:\Users\Public\Desktop\Bamboo Dock.lnk
2012-05-27 09:36 - 2012-05-26 06:12 - 00000002 ____A C:\Users\Wolf\.bdockinstall.log
2012-05-27 09:33 - 2012-05-27 09:33 - 07434944 ____A C:\Users\Wolf\Downloads\bamboo_setup_web0407final(2).exe
2012-05-27 09:15 - 2012-05-27 09:15 - 07434944 ____A C:\Users\Wolf\Downloads\bamboo_setup_web0407final(1).exe
2012-05-27 03:22 - 2012-05-27 03:22 - 00001003 ____A C:\Users\Public\Desktop\Street Fighter X Tekken.lnk
2012-05-27 02:57 - 2012-05-27 02:57 - 00001095 ____A C:\Users\Public\Desktop\Sniper Elite V2.lnk
2012-05-27 02:46 - 2012-05-27 02:44 - 00000422 ____A C:\Windows\{27018D57-D152-44EF-BCE0-5E3B3445EABE}_WiseFW.ini
2012-05-27 02:32 - 2012-05-27 02:32 - 00000984 ____A C:\Users\Public\Desktop\Blades of Time.lnk
2012-05-26 18:17 - 2012-05-26 18:17 - 00000999 ____A C:\Users\Public\Desktop\Magicka.lnk
2012-05-26 13:37 - 2012-05-26 13:37 - 24220864 ____A (SplitMediaLabs) C:\Users\Wolf\Downloads\xsplit_installer_v1.0.1204.1301.exe
2012-05-26 13:07 - 2012-05-26 13:07 - 00000857 ____A C:\Users\Wolf\Desktop\League of Legends.lnk
2012-05-26 11:20 - 2012-05-26 11:20 - 00001727 ____A C:\Users\Wolf\Desktop\Photoshop - Shortcut.lnk
2012-05-26 08:17 - 2012-05-26 07:47 - 2119376047 ____A C:\Users\Wolf\Downloads\PSE9.zip
2012-05-26 07:43 - 2012-05-26 07:34 - 544160151 ____A C:\Users\Wolf\Downloads\PSE9.zip.part
2012-05-26 07:36 - 2012-05-26 07:34 - 72725528 ____A (Ambient Design) C:\Users\Wolf\Downloads\install_artrage_studiopro.exe
2012-05-26 07:35 - 2012-05-26 07:34 - 07434944 ____A C:\Users\Wolf\Downloads\bamboo_setup_web0407final.exe
2012-05-26 07:17 - 2012-05-26 07:17 - 00001181 ____A C:\Users\Public\Desktop\openCanvas5e.lnk
2012-05-26 07:13 - 2012-05-26 07:13 - 02330770 ____A (portalgraphics.net ) C:\Users\Wolf\Downloads\setup_oC51_04e.exe
2012-05-26 07:10 - 2012-05-26 07:10 - 02271209 ____A (portalgraphics.net ) C:\Users\Wolf\Downloads\setup_oC51_04.exe
2012-05-26 06:25 - 2012-05-26 06:25 - 00002156 ____A C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
2012-05-26 06:24 - 2012-05-26 06:24 - 00001152 ____A C:\Users\Wolf\Desktop\Play IW4M (Modern Warfare 2).lnk
2012-05-26 06:23 - 2012-05-26 06:23 - 00001013 ____A C:\Users\Public\Desktop\Worms Ultimate Mayhem.lnk
2012-05-26 01:58 - 2012-05-26 01:58 - 00001185 ____A C:\Users\Wolf\Desktop\Dead Island.lnk
2012-05-26 00:15 - 2012-05-26 00:15 - 00001083 ____A C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2012-05-25 14:31 - 2012-05-25 14:31 - 00000786 ____A C:\Users\Public\Desktop\Sonic Generations.lnk
2012-05-25 11:44 - 2012-05-25 11:44 - 00156672 ____A (Microsoft) C:\Users\Wolf\Downloads\InstallIW4M.exe
2012-05-25 11:29 - 2012-05-25 11:29 - 15556319 ____A C:\Users\Wolf\Downloads\4D1 Patcher(r88).zip
2012-05-25 11:26 - 2012-05-25 11:26 - 07731209 ____A C:\Users\Wolf\Downloads\alterRevolution Client.rar
2012-05-25 11:26 - 2012-05-25 11:26 - 02246711 ____A C:\Users\Wolf\Downloads\alterRevolution Dedicated 0.3c.rar
2012-05-25 10:12 - 2012-05-25 10:12 - 00001309 ____A C:\Users\Wolf\Desktop\Devil May Cry 4.lnk
2012-05-25 07:49 - 2012-05-25 07:48 - 12621696 ____A (Microsoft Corporation) C:\Users\Wolf\Downloads\mseinstall.exe
2012-05-25 07:48 - 2012-05-25 07:48 - 00523840 ____A (Microsoft Corporation) C:\Users\Wolf\Downloads\mseinstall.exe.part
2012-05-25 03:59 - 2012-05-25 03:59 - 00002213 ____A C:\Users\Public\Desktop\AION Free-To-Play.lnk
2012-05-25 03:44 - 2012-05-25 03:39 - 145138568 ____A (Gameforge) C:\Users\Wolf\Downloads\setup_20120224.exe
2012-05-25 03:30 - 2012-05-25 03:30 - 01639789 ____A C:\Users\Wolf\Downloads\winrar-x64-411.exe
2012-05-25 03:29 - 2012-05-25 03:29 - 01506653 ____A C:\Users\Wolf\Downloads\wrar411.exe
2012-05-25 02:43 - 2012-05-25 02:43 - 01376768 ____A C:\Users\Wolf\Downloads\7z920-x64.msi
2012-05-22 03:32 - 2012-06-26 16:36 - 08386590 ____A C:\Users\Wolf\Downloads\Soartex Fanver.zip
2012-05-21 05:10 - 2012-07-12 07:57 - 00188776 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-05-21 05:10 - 2012-07-12 07:57 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-05-20 23:34 - 2012-05-31 14:23 - 01468264 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-05-19 23:49 - 2012-05-19 23:49 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-05-19 23:49 - 2012-05-19 23:49 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-05-15 02:48 - 2012-05-31 14:23 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-05-31 14:23 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-02-01 05:32 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-04 09:29 - 2012-07-12 07:50 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 09:29 - 2012-05-31 14:18 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 09:29 - 2012-05-31 14:18 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:06 - 2012-06-14 02:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-21 03:09 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-14 02:34 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 02:34 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-21 03:09 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-06-14 02:34 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 21:32 - 2012-06-14 02:34 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-14 02:34 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-14 02:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 02:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 02:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-14 02:33 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 02:33 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 02:33 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 02:33 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 02:33 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 02:33 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\@
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\L
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\L\00000004.@
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\L\1afb2d56
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\L\201d3dde
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\00000004.@
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\00000008.@
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\000000cb.@
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000000.@
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000032.@
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8171 MB
Available physical RAM: 7309.73 MB
Total Pagefile: 8169.2 MB
Available Pagefile: 7307.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:468.26 GB) (Free:264.09 GB) NTFS
2 Drive e: (Games) (Fixed) (Total:463.16 GB) (Free:82.87 GB) NTFS
3 Drive f: (GSP1RMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:3.73 GB) (Free:3.06 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 3823 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 468 GB 101 MB
Partition 3 Primary 463 GB 468 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 468 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Games NTFS Partition 463 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3821 MB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 3821 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 08:36

======================= End Of Log ==========================
 
FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-18 01:23:39 Run:2
Running from H:\

==============================================

C:\Windows\Installer\{52665dca-b9ce-8bb0-6373-a2219d8ad522} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====
 
Hi again. Please download and run this tool next:

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
I had to run ComboFix with my Anti Virus running, I was not able to disable it, since it's.. blocked somehow. So I figured it wouldn't even be able to interfere.

ComboFix 12-07-18.04 - Wolf 8/2012 Wed 20:45:22.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8172.5023 [GMT 2:00]
Running from: c:\users\Wolf\Downloads\svchost.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 18:52 . 2012-07-18 18:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-18 18:52 . 2012-07-18 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 00:59 . 2012-07-16 00:59 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-15 12:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3526E98-F6D3-466B-BB77-7113A71B25FB}\mpengine.dll
2012-07-15 00:13 . 2012-07-15 00:13 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-14 23:20 . 2012-07-18 13:14 -------- d-----r- c:\users\Wolf\Dropbox
2012-07-14 21:43 . 2012-07-18 13:14 -------- d-----w- c:\users\Wolf\AppData\Roaming\Dropbox
2012-07-14 20:52 . 2012-07-14 20:52 -------- d-----w- c:\users\Wolf\AppData\Local\WBFSManager
2012-07-14 20:51 . 2012-07-14 20:51 -------- d-----w- c:\program files\WBFS
2012-07-14 19:09 . 2012-07-14 19:09 -------- d-----w- c:\program files (x86)\Guild Wars 2
2012-07-14 02:31 . 2012-07-14 02:31 -------- d-----w- c:\users\Wolf\AppData\Local\StreamPrivacy
2012-07-13 17:54 . 2012-07-13 17:54 -------- d-----w- c:\program files\Nexus Mod Manager
2012-07-13 15:28 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 15:50 . 2012-07-12 15:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-11 23:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 23:22 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 23:22 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-10 22:26 . 2012-07-13 17:56 -------- d-----w- c:\users\Wolf\AppData\Local\Black_Tree_Gaming
2012-07-10 06:35 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-07 19:22 . 2012-07-07 19:22 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-07 19:22 . 2012-07-07 19:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-07 15:59 . 2012-07-12 19:12 -------- d-----w- c:\users\Wolf\riotsGamesLogs
2012-07-04 13:09 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 13:09 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45A86A15-33D1-43ED-9819-6AC133713525}\gapaengine.dll
2012-07-03 18:56 . 2012-07-03 18:56 -------- d-----w- c:\users\Wolf\AppData\Local\Chromium
2012-07-03 18:24 . 2012-07-03 18:56 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-07-03 18:24 . 2012-07-03 18:25 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-07-02 17:00 . 2012-07-02 17:00 -------- d-----w- c:\program files (x86)\ShiftWindow
2012-06-28 15:44 . 2012-06-28 15:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-27 14:29 . 2012-06-27 14:48 -------- d-----w- c:\users\Wolf\AppData\Local\Turbine
2012-06-27 00:25 . 2012-06-28 19:25 -------- d-----w- c:\users\Wolf\AppData\Roaming\.minecraft
2012-06-26 02:25 . 2012-06-26 02:25 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-06-25 23:57 . 2012-06-26 16:44 -------- d-----w- c:\users\Wolf\AppData\Local\Deployment
2012-06-25 23:57 . 2012-06-25 23:57 -------- d-----w- c:\users\Wolf\AppData\Local\Apps
2012-06-25 14:48 . 2012-06-25 14:48 -------- d-----w- c:\users\Wolf\AppData\Roaming\LolClient
2012-06-25 03:14 . 2012-06-25 03:14 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 03:14 . 2012-06-25 03:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-24 19:08 . 2012-06-24 19:08 -------- d-----w- c:\program files (x86)\Oracle
2012-06-24 03:27 . 2012-06-24 03:27 -------- d-----w- c:\program files (x86)\ESET
2012-06-23 22:38 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20566059-211C-4448-9330-F71ECFBAE5C7}\mpengine.dll
2012-06-23 03:55 . 2012-06-23 14:25 -------- d-----w- C:\FRST
2012-06-23 03:19 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 02:37 . 2012-06-23 02:37 -------- d-----w- c:\users\Wolf\AppData\Roaming\Malwarebytes
2012-06-23 02:37 . 2012-06-23 02:37 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 02:37 . 2012-07-15 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-22 12:37 . 2012-06-22 12:37 -------- d-----w- c:\program files (x86)\SDA
2012-06-22 12:36 . 2012-06-22 13:06 -------- d-----w- c:\users\Wolf\AppData\Local\Downloaded Installations
2012-06-22 06:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 06:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 06:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 06:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 06:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 06:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 06:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 06:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 06:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 01:42 . 2012-06-22 01:42 -------- d-----w- c:\users\Wolf\AppData\Local\TERA
2012-06-21 13:20 . 2012-06-21 13:20 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 13:20 . 2012-06-21 13:20 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-21 13:20 . 2012-06-21 13:20 268720 ----a-w- c:\windows\system32\javaws.exe
2012-06-21 13:20 . 2012-06-21 13:20 189360 ----a-w- c:\windows\system32\javaw.exe
2012-06-21 13:20 . 2012-06-21 13:20 188840 ----a-w- c:\windows\system32\java.exe
2012-06-21 13:20 . 2012-06-21 13:20 -------- d-----w- c:\program files\Java
2012-06-21 11:09 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 11:09 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-20 21:24 . 2012-06-20 21:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 15:16 . 2012-06-19 15:16 -------- d-----w- c:\users\Wolf\AppData\Roaming\Folding@home-x86
2012-06-19 15:16 . 2012-06-19 15:16 -------- d-----w- c:\program files (x86)\Folding@home
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 00:22 . 2012-05-28 16:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-15 00:22 . 2012-05-28 20:56 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 00:22 . 2012-05-28 16:03 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-15 00:14 . 2012-05-28 16:03 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-14 23:58 . 2012-05-28 18:11 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-14 20:46 . 2012-02-01 13:40 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-07-12 12:59 . 2012-02-01 14:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 12:59 . 2012-02-01 14:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 23:23 . 2012-02-01 14:15 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 03:37 . 2012-02-09 21:43 969064 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-06-29 03:37 . 2012-02-09 21:43 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-29 03:37 . 2012-02-09 21:43 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-29 03:37 . 2012-02-01 13:32 2723688 ----a-w- c:\windows\system32\nvapi64.dll
2012-06-29 03:37 . 2012-02-01 13:32 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-06-29 03:37 . 2012-02-01 13:32 1758056 ----a-w- c:\windows\system32\nvdispco64.dll
2012-06-29 03:37 . 2012-02-01 13:32 15290216 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-06-29 03:37 . 2012-02-01 13:32 14806376 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-06-29 03:37 . 2012-02-01 13:32 12388712 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-06-28 23:56 . 2012-02-01 15:40 2667062 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-28 23:55 . 2012-02-01 13:32 3266408 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-28 23:55 . 2012-02-01 13:32 6193000 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-28 23:55 . 2012-02-01 13:32 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-28 23:55 . 2012-02-01 13:32 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-28 23:55 . 2012-02-01 13:32 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-14 21:42 . 2012-06-14 21:42 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-06-06 23:07 . 2012-06-06 23:07 188960 ----a-w- c:\windows\SysWow64\wingde.dll
2012-06-06 23:02 . 2012-06-12 17:13 12800 ----a-w- c:\windows\system\wing32.dll
2012-06-06 23:02 . 2012-06-06 23:02 12800 ----a-w- c:\windows\SysWow64\wing32.dll
2012-06-06 23:02 . 2012-06-06 23:02 6736 ----a-w- c:\windows\SysWow64\wingdib.drv
2012-06-06 23:02 . 2012-06-06 23:02 5024 ----a-w- c:\windows\SysWow64\wingpal.wnd
2012-06-06 23:01 . 2012-06-12 17:13 92208 ----a-w- c:\windows\system\wing.dll
2012-06-06 23:01 . 2012-06-06 23:01 92208 ----a-w- c:\windows\SysWow64\wing.dll
2012-06-02 21:46 . 2012-06-02 21:46 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-06-02 21:46 . 2012-06-02 21:46 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-06-02 16:21 . 2012-06-02 16:21 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-05-28 11:14 . 2012-05-28 11:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-28 11:14 . 2012-05-28 11:14 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-28 11:14 . 2012-05-28 11:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-28 11:14 . 2012-05-28 11:14 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-21 07:34 . 2012-05-31 22:23 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-05-20 07:49 . 2012-05-20 07:49 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-20 07:49 . 2012-05-20 07:49 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-15 10:48 . 2012-05-31 22:23 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-31 22:23 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-02-01 13:32 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-04 17:29 . 2012-05-31 22:18 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 17:29 . 2012-05-31 22:18 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 10:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 10:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 10:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 10:34 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-14 10:34 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-14 10:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 10:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 10:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 10:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 10:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 10:33 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 10:33 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 10:33 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 10:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 10:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-01 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-06-02 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2012-02-01 4878912]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2011-09-28 1039872]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-6-12 512000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;w:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-06-02 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-26 1038088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-01 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-01 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-02-01 15936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-28 382312]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-03-04 87040]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-07-14 32320]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-01 12:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\sp5n7cz4.default\
FF - prefs.js: network.proxy.ftp - 216.77.188.96
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 216.77.188.96
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 216.77.188.96
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 216.77.188.96
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
AddRemove-BattlEye A2 Free - c:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3201196492-3593950166-1926669991-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3201196492-3593950166-1926669991-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-07-18 20:59:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 18:59
.
Pre-Run: 276,614,406,144 bytes free
Post-Run: 276,900,024,320 bytes free
.
- - End Of File - - A7E6ABC6AD8954167C5201151C777613
 
Hi again!

Do these proxies look familiar?

FF - prefs.js: network.proxy.ftp - 216.77.188.96
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 216.77.188.96
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 216.77.188.96
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 216.77.188.96
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
Click to expand...

NEXT FIXES

1. Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2.
mbamicontw5.gif
Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

4. Post the following in your next reply:
  • MBAM log
  • ESET log
And, please tell me how your computer is doing.
 
Yes, I use that proxy to use Pandora, an online radio station. :)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolf :: WOLF-PC [administrator]

7/18/2012 11:29:10 PM
mbam-log-2012-07-18 (23-29-10).txt

Scan type: Full scan (C:\|W:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 592250
Time elapsed: 1 hour(s), 57 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Wolf\Downloads\svchost.exe.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4d21fc1f23bcd4bb56e7fade96924e6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-24 06:03:35
# local_time=2012-06-24 08:03:35 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 467 92138416 0 0
# compatibility_mode=8192 67108863 100 0 89 89 0 0
# scanned=361330
# found=7
# cleaned=7
# scan_time=9249
C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\00000001.@ Win64/Sirefef.AI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Rockstar Games\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4d21fc1f23bcd4bb56e7fade96924e6
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-18 11:32:16
# local_time=2012-07-19 01:32:16 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2109217 94284186 0 0
# compatibility_mode=8192 67108863 100 0 2145859 2145859 0 0
# scanned=7
# found=0
# cleaned=0
# scan_time=80
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4d21fc1f23bcd4bb56e7fade96924e6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 03:23:32
# local_time=2012-07-19 05:23:32 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2117021 94291990 0 0
# compatibility_mode=8192 67108863 100 0 2153663 2153663 0 0
# scanned=397430
# found=3
# cleaned=3
# scan_time=6072
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Wizards of the Coast LLC\Magic The Gathering - Duels of the Planeswalkers\Steamclient.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
 
Please download CKScanner by askey127 from here

Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\dcgame\cookedpc\dcfxgroups\power\electric\dcfxpowele_thundercrack_imp.upk
scanner sequence 3.NA.11.QCLBBV
----- EOF -----
 
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Rockstar Games\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Click to expand...

These are detected as cracks.

[font=Arial Black][size=18]☞Cracks/Keygens☜[/size][/font]

Your log reveals you have cracks/keygens on your computer.

I have been questioned many times on why these things are bad. I will tell you that they are one of the top distributors of malware, and are rarely safe.

Most popular cracks or keygens I see, are for Adobe CS3/CS4/CS5, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware." Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Hm.. Interesting.
I do have another Issue, I don't know if it's relevant or not, but my anti virus doesn't work.
And I'm afraid to reinstall it, cause the last time I tried that it activated a Sirefef virus, and my computer would restart every minute.

This is the error message it gives me: "Security Essentials isn't monitoring your pc because the program's service stopped. You should restart it now." And when I press the "Start now" button it gives me another message saying: "Couldn't start the Security Essentials service. The specified service does not exist as an installed service. Click help for more information about this problem." (error code 0x80070424).

I am using Microsoft Security Essentials.
 
It probably would be in best interest to reinstall it.

As long as you are downloading it from Microsoft.com, then it shall be safe.

Otherwise, you can use other free antivirus programs. Your choice. Let me know, please.
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
Not sure.. but this might be the same log as the previous time we did this.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4d21fc1f23bcd4bb56e7fade96924e6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-24 06:03:35
# local_time=2012-06-24 08:03:35 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 467 92138416 0 0
# compatibility_mode=8192 67108863 100 0 89 89 0 0
# scanned=361330
# found=7
# cleaned=7
# scan_time=9249
C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\00000001.@ Win64/Sirefef.AI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Rockstar Games\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4d21fc1f23bcd4bb56e7fade96924e6
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-18 11:32:16
# local_time=2012-07-19 01:32:16 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2109217 94284186 0 0
# compatibility_mode=8192 67108863 100 0 2145859 2145859 0 0
# scanned=7
# found=0
# cleaned=0
# scan_time=80
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4d21fc1f23bcd4bb56e7fade96924e6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 03:23:32
# local_time=2012-07-19 05:23:32 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2117021 94291990 0 0
# compatibility_mode=8192 67108863 100 0 2153663 2153663 0 0
# scanned=397430
# found=3
# cleaned=3
# scan_time=6072
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\{52665dca-b9ce-8bb0-6373-a2219d8ad522}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
W:\Program Files (x86)\Wizards of the Coast LLC\Magic The Gathering - Duels of the Planeswalkers\Steamclient.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4d21fc1f23bcd4bb56e7fade96924e6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-25 10:05:19
# local_time=2012-07-26 12:05:19 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2696999 94871968 0 0
# compatibility_mode=8192 67108863 100 0 2733641 2733641 0 0
# scanned=453420
# found=0
# cleaned=0
# scan_time=11800
 
Status
Not open for further replies.

Similar threads

arsonfly
Hi all, I have a problem with random FPS lag from out of nowhere.
Replies
1
Views
2K
khadirajohn
K
BrokeennClock
  • Locked
Inactive Virus / Malware
Replies
2
Views
2K
Broni
Broni
P
  • Locked
Inactive Laptop shutting down before scan complete (logs inside)
Replies
2
Views
2K
Broni
Broni

Latest posts

Back