Inactive [A] Win64/Sirefef.AE & AI and Patched.B.Gen trojans, etc

[hahaer]

Depressing.

Here's my MBAM log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
hahaer :: HAHAER-PC [administrator]

Protection: Enabled

6/26/2012 1:55:13 PM
mbam-log-2012-06-26 (13-55-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206488
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

 

[hahaer]

GMER produced no log.

The DDS.txt is as follows:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by hahaer at 14:29:10 on 2012-06-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.2132 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\Explorer.EXE
C:\Users\hahaer\AppData\Roaming\Mozilla\Firefox\Profiles\pjy1v7h8.default\extensions\startup.service@mozilla.com\svc.exe
C:\Windows\SysWOW64\MlCyMonS.exe
C:\Program Files (x86)\MUSILAND\Monitor Series(USB)\MlCyMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SecureW2\sw2_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\hahaer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
uRun: [Google Update] "C:\Users\hahaer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\hahaer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\hahaer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\hahaer\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\hahaer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\Users\hahaer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\hahaer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 8.8.4.4 8.8.8.8 24.28.193.97
TCP: Interfaces\{30A4754F-D528-4B8F-854A-FEB6A103692E} : DhcpNameServer = 8.8.4.4 8.8.8.8 24.28.193.97
TCP: Interfaces\{30A4754F-D528-4B8F-854A-FEB6A103692E}\2375942554939353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30A4754F-D528-4B8F-854A-FEB6A103692E}\84F6D656 : DhcpNameServer = 192.168.1.1 209.18.47.61
TCP: Interfaces\{30A4754F-D528-4B8F-854A-FEB6A103692E}\D6F62696C656E65647 : DhcpNameServer = 138.23.146.213 138.23.201.101
TCP: Interfaces\{DD833444-A3DE-408E-8AAC-381F30CB4A81} : DhcpNameServer = 138.23.146.213 138.23.201.101
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [(Default)]
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hahaer\AppData\Roaming\Mozilla\Firefox\Profiles\pjy1v7h8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 148.222.11.80
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 148.222.11.80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 148.222.11.80
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 148.222.11.80
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\hahaer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\hahaer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\hahaer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
.
=============== Created Last 30 ================
.
2012-06-26 20:54:11 -------- d-----w- C:\Users\hahaer\AppData\Roaming\Malwarebytes
2012-06-26 20:54:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-26 20:54:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-26 20:54:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 11:19:35 -------- d-----w- C:\Users\hahaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-26 05:09:20 328704 ----a-w- C:\Windows\SysWow64\services.exe
2012-06-26 03:31:22 -------- d-----w- C:\Users\hahaer\AppData\Local\ESET
2012-06-23 21:58:49 -------- d-----w- C:\Program Files (x86)\SQUARE ENIX
2012-06-22 19:50:59 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DAD2CAA-0940-4785-A8F9-7FDB2BD5A775}\mpengine.dll
2012-06-22 19:47:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 19:47:23 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 19:47:10 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 19:47:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 22:45:03 4145600 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-06-21 22:44:22 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-06-18 23:30:42 -------- d-----w- C:\Program Files (x86)\SEGA
2012-06-18 20:28:11 -------- d-----w- C:\Users\hahaer\AppData\Roaming\SEGA
2012-06-15 23:13:03 -------- d-----w- C:\KAG
2012-06-15 20:37:04 -------- d-----w- C:\Program Files\iTunes
2012-06-15 20:37:04 -------- d-----w- C:\Program Files\iPod
2012-06-15 20:37:04 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-13 07:35:57 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-13 07:35:56 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-10 00:53:17 -------- d-----w- C:\Users\hahaer\AppData\Local\Macromedia
2012-06-07 02:48:44 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-07 02:48:17 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-07 02:39:40 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-07 02:39:40 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-07 02:29:51 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 02:29:51 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-26 21:15:40 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-06-23 22:55:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 22:55:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-05 01:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 14:31:52.74 ===============

 

[hahaer]

The Attach.txt is as follows:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/25/2011 9:28:08 PM
System Uptime: 6/26/2012 2:15:05 PM (0 hours ago)
.
Motherboard: | | KHLB2
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 26.816 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_003E14C0&REV_00\4&3A5AFE7D&0&03E0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_003E14C0&REV_00\4&3A5AFE7D&0&03E0
Service:
.
Class GUID:
Description: FingerPrinter Reader
Device ID: USB\VID_1C7A&PID_0801\00000000000006
Manufacturer:
Name: FingerPrinter Reader
PNP Device ID: USB\VID_1C7A&PID_0801\00000000000006
Service:
.
Class GUID:
Description:
Device ID: ACPI\CPL0002\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\CPL0002\2&DABA3FF&1
Service:
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\3&11583659&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\3&11583659&0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_003E14C0&REV_00\4&3A5AFE7D&0&00E0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_003E14C0&REV_00\4&3A5AFE7D&0&00E0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
??????????
?????†CROSS
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.3)
ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10
Apple Application Support
Apple Software Update
Ballistic version 1.0
Bandisoft MPEG-1 Decoder
Brother MFL-Pro Suite MFC-7420
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Pro Control Center
CCC Help English
DAEMON Tools Lite
Diablo III
Digsby
Dota 2
Dropbox
Everything 1.2.1.371
ffdshow v1.1.3978 [2011-08-25]
foobar2000 v1.1.11
Google Chrome
Google Talk Plugin
Haali Media Splitter
Java Auto Updater
Java(TM) 6 Update 27
Java(TM) 7 Update 4
JavaFX 2.1.0
KAG 0.95A
LastPass (uninstall only)
Launchy 2.5
LAV Filters 0.44
League of Legends
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
Media Player Classic - Home Cinema v1.5.2.3456
Microsoft AppLocale
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Research Mesh Virtual WIFI
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 en-US)
Nexon Game Manager
Notepad++
NotiPage version 1.07
NSIS Maristice English
NVIDIA PhysX
NX Client for Windows 3.5.0-7
Offspring Fling!
“Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg
OpenAL
PDF Settings CS5
PHANTASY STAR ONLINE 2
Picasa 3
Quantum Conundrum
QuickTime
Rainmeter
Razer DeathAdder(TM) Mouse
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
SecureW2 Enterprise Client 3.4.7 MSI Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.5
Soku Lobby
SpeedCrunch 0.10
Spiral Knights
Steam
SteelSeries Kinzu Optical Mouse
SumatraPDF
TeamViewer 7
TouchFreeze
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Ys Origin
YsVI
.
==== Event Viewer Messages From Past Week ========
.
6/26/2012 3:36:20 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/26/2012 2:18:10 PM, Error: Service Control Manager [7034] -
6/26/2012 2:13:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
6/26/2012 12:13:40 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
6/25/2012 10:54:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/25/2012 10:54:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/25/2012 10:54:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/25/2012 10:53:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
.
==== End Of File ===========================

 

[hahaer]

The FRST log is coming soon.

 

[hahaer]

My BIOS didn't have Advanced Boot Options on F8. With some fiddling I was able to reach it, but it didn't have an option to run a recovery environment. On the alternative, I don't have a disk to work with either.
I'll keep looking into this, but in any case here is the FRST.txt which was obtained from running safe mode with command prompt (which is probably a poor equivalent).
Notably my services.exe seems to be modified.

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by hahaer at 26-06-2012 15:11:52
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-06-26 14:45 - 2012-06-26 14:45 - 00000380 ____A C:\Windows\PFRO.log
2012-06-26 14:37 - 2012-06-26 14:37 - 01425797 ____A C:\Users\hahaer\Desktop\FRST64.exe
2012-06-26 14:27 - 2012-06-26 14:27 - 00000000 ____A C:\Users\hahaer\Desktop\gmer.log
2012-06-26 14:15 - 2012-06-26 14:56 - 00000504 ____A C:\Windows\setupact.log
2012-06-26 14:15 - 2012-06-26 14:15 - 00000000 ____A C:\Windows\setuperr.log
2012-06-26 14:14 - 2012-06-26 14:14 - 00000000 ____A C:\Users\hahaer\Desktop\New Text Document.txt
2012-06-26 14:05 - 2012-06-26 14:05 - 00302592 ____A C:\Users\hahaer\Desktop\erybqx5l.exe
2012-06-26 13:54 - 2012-06-26 13:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 13:54 - 2012-06-26 13:54 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Malwarebytes
2012-06-26 13:54 - 2012-06-26 13:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 13:54 - 2012-06-26 13:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 13:54 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 13:36 - 2012-06-26 13:36 - 00000000 ____D C:\Windows\erdnt
2012-06-26 13:30 - 2012-06-26 13:36 - 00000000 ___SD C:\32788R22FWJFW
2012-06-26 13:30 - 2012-06-26 13:30 - 00000000 ____D C:\Qoobox
2012-06-26 13:29 - 2012-06-26 13:29 - 04569121 ____R (Swearware) C:\Users\hahaer\Desktop\cmbofx.exe
2012-06-26 04:19 - 2012-06-26 04:19 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-26 00:16 - 2012-06-26 00:19 - 00001908 ____A C:\Windows\diagwrn.xml
2012-06-26 00:16 - 2012-06-26 00:19 - 00001908 ____A C:\Windows\diagerr.xml
2012-06-25 23:01 - 2012-06-25 23:02 - 00000000 ____A C:\Windows\SysWOW64\sfc
2012-06-25 22:15 - 2012-06-25 22:15 - 00133309 ____A C:\Windows\SysWOW64\aaaaaaaaaa.7z
2012-06-25 22:12 - 2012-06-25 22:12 - 00133309 ____A C:\Windows\SysWOW64\arg.7z
2012-06-25 22:11 - 2012-06-25 22:11 - 00133309 ____A C:\Windows\SysWOW64\services.7z
2012-06-25 22:10 - 2012-06-25 22:12 - 00000000 ____D C:\Users\hahaer\Desktop\New folder (2)
2012-06-25 22:09 - 2012-06-25 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2012-06-25 22:08 - 2012-06-25 22:08 - 00000000 ____D C:\Users\hahaer\Desktop\New folder
2012-06-25 20:31 - 2012-06-25 20:31 - 00000000 ____D C:\Users\hahaer\AppData\Local\ESET
2012-06-24 18:19 - 2012-06-24 18:22 - 298815801 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 10 [887B8BB8].mkv
2012-06-23 22:23 - 2012-06-23 22:54 - 285377061 ____A C:\Users\hahaer\Downloads\[UTW]_Fate_Zero_-_25_[h264-720p][DEBA6F45].mkv
2012-06-23 14:58 - 2012-06-23 14:58 - 00000000 ____D C:\Program Files (x86)\SQUARE ENIX
2012-06-22 23:21 - 2012-06-22 23:33 - 665951450 ____A C:\Users\hahaer\Downloads\[UTW]_Accel_World_-_11_[h264-720p][7D3851F8].mkv
2012-06-22 12:47 - 2012-06-02 15:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 12:47 - 2012-06-02 15:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 12:47 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 12:47 - 2012-06-02 15:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 12:47 - 2012-06-02 15:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 12:47 - 2012-06-02 15:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 12:47 - 2012-06-02 15:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 12:47 - 2012-06-02 15:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 12:47 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 15:45 - 2012-06-20 08:28 - 04145600 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2012-06-21 15:44 - 2012-06-21 15:44 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-18 16:42 - 2012-06-18 16:42 - 00001338 ____A C:\Users\hahaer\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-06-18 16:30 - 2012-06-18 16:30 - 00000000 ____D C:\Users\hahaer\Documents\SEGA
2012-06-18 16:30 - 2012-06-18 16:30 - 00000000 ____D C:\Program Files (x86)\SEGA
2012-06-18 13:28 - 2012-06-18 13:28 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\SEGA
2012-06-17 18:09 - 2012-06-17 18:11 - 244323531 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 09 [9CA138C8].mkv
2012-06-17 14:44 - 2012-06-17 14:49 - 307888933 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_09_[00362F12].mkv
2012-06-17 14:31 - 2012-06-17 14:35 - 296879705 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_08_[B8117C3F].mkv
2012-06-17 13:00 - 2012-06-17 13:00 - 05252792 ____A C:\Users\hahaer\Desktop\new 2.txt
2012-06-17 12:48 - 2012-06-17 12:52 - 263534997 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_07_[929816ED].mkv
2012-06-17 12:42 - 2012-06-17 12:46 - 301250177 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_06_[3BC4F498].mkv
2012-06-17 12:12 - 2012-06-17 12:17 - 313210610 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_10_[939FF9C9].mkv
2012-06-15 16:13 - 2012-06-20 14:16 - 00000000 ____D C:\KAG
2012-06-15 13:37 - 2012-06-15 13:38 - 00000000 ____D C:\Program Files\iTunes
2012-06-15 13:37 - 2012-06-15 13:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-15 13:37 - 2012-06-15 13:37 - 00000000 ____D C:\Program Files\iPod
2012-06-13 00:37 - 2012-04-19 22:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 00:36 - 2012-05-14 21:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 00:36 - 2012-05-14 20:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 00:36 - 2012-05-14 20:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 00:36 - 2012-05-14 20:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 00:36 - 2012-05-14 18:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 00:36 - 2012-05-04 04:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 00:36 - 2012-05-04 03:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 00:36 - 2012-05-04 03:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 00:36 - 2012-04-25 22:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 00:36 - 2012-04-25 22:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 00:36 - 2012-04-25 22:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 00:36 - 2012-04-19 22:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 00:36 - 2012-04-19 22:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 00:36 - 2012-04-19 22:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 00:36 - 2012-04-19 22:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 00:36 - 2012-04-19 22:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 00:36 - 2012-04-19 22:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 00:36 - 2012-04-19 22:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 00:36 - 2012-04-19 22:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 00:36 - 2012-04-19 22:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 00:36 - 2012-04-19 21:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 00:36 - 2012-04-19 21:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-13 00:36 - 2012-04-19 21:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 00:36 - 2012-04-19 21:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 00:36 - 2012-04-19 21:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 00:36 - 2012-04-19 21:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 00:36 - 2012-04-19 20:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 00:36 - 2012-04-19 20:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 00:35 - 2012-04-27 22:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 00:35 - 2012-04-27 20:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-10 21:49 - 2012-06-10 21:57 - 345603864 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 08 [3C5D980E].mkv
2012-06-09 23:44 - 2012-06-09 23:47 - 228396763 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_05v2_[105A7A12].mkv
2012-06-09 23:28 - 2012-06-09 23:33 - 289411955 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 04 [23E4EC17].mkv
2012-06-09 22:33 - 2012-06-09 22:35 - 297282597 ____A C:\Users\hahaer\Downloads\[SubDESU]_Yozakura_Quartet_Hoshi_no_Umi_-_03_[D2D6A779].mkv
2012-06-09 17:53 - 2012-06-09 17:53 - 00000000 ____D C:\Users\hahaer\AppData\Local\Macromedia
2012-06-06 19:48 - 2012-06-06 19:48 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-06 19:48 - 2012-04-04 18:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-06 19:48 - 2012-04-04 18:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-06 19:39 - 2012-06-06 19:39 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-06 19:39 - 2012-06-06 19:39 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-06 19:39 - 2012-06-06 19:39 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-06 19:39 - 2012-06-06 19:39 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-06 19:39 - 2012-06-06 19:39 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-06 19:38 - 2012-06-06 19:38 - 00000000 ____D C:\Program Files\Java
2012-06-04 12:28 - 2012-06-06 23:11 - 00000000 ____D C:\Users\hahaer\Desktop\Pending
2012-06-04 00:06 - 2012-06-04 00:04 - 310342534 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 07 [7CA72A38].mkv
2012-05-27 21:52 - 2012-05-27 21:58 - 251682715 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 06 [F6C90034].mkv


============ 3 Months Modified Files and Folders =============

2012-06-26 15:11 - 2012-06-26 15:11 - 00000000 ____D C:\FRST
2012-06-26 14:57 - 2011-10-06 13:11 - 00000000 ___RD C:\Users\hahaer\Dropbox
2012-06-26 14:57 - 2011-10-06 13:08 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Dropbox
2012-06-26 14:56 - 2012-06-26 14:15 - 00000504 ____A C:\Windows\setupact.log
2012-06-26 14:56 - 2011-10-05 16:53 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
2012-06-26 14:56 - 2011-08-25 21:35 - 00000000 ____D C:\Users\hahaer\AppData\Local\Digsby
2012-06-26 14:56 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 14:50 - 2012-05-13 12:47 - 01188461 ____A C:\Windows\WindowsUpdate.log
2012-06-26 14:50 - 2009-07-13 21:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 14:50 - 2009-07-13 21:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 14:45 - 2012-06-26 14:45 - 00000380 ____A C:\Windows\PFRO.log
2012-06-26 14:40 - 2009-07-13 22:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 14:38 - 2011-08-25 22:26 - 00000000 ____D C:\Users\hahaer\Downloads\(~)
2012-06-26 14:37 - 2012-06-26 14:37 - 01425797 ____A C:\Users\hahaer\Desktop\FRST64.exe
2012-06-26 14:27 - 2012-06-26 14:27 - 00000000 ____A C:\Users\hahaer\Desktop\gmer.log
2012-06-26 14:15 - 2012-06-26 14:15 - 00000000 ____A C:\Windows\setuperr.log
2012-06-26 14:14 - 2012-06-26 14:14 - 00000000 ____A C:\Users\hahaer\Desktop\New Text Document.txt
2012-06-26 14:05 - 2012-06-26 14:05 - 00302592 ____A C:\Users\hahaer\Desktop\erybqx5l.exe
2012-06-26 13:55 - 2012-04-06 18:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-26 13:54 - 2012-06-26 13:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 13:54 - 2012-06-26 13:54 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Malwarebytes
2012-06-26 13:54 - 2012-06-26 13:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 13:54 - 2012-06-26 13:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 13:50 - 2011-10-06 14:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-26 13:43 - 2011-10-03 15:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751065396-3435581585-1394504295-1001UA.job
2012-06-26 13:36 - 2012-06-26 13:36 - 00000000 ____D C:\Windows\erdnt
2012-06-26 13:36 - 2012-06-26 13:30 - 00000000 ___SD C:\32788R22FWJFW
2012-06-26 13:30 - 2012-06-26 13:30 - 00000000 ____D C:\Qoobox
2012-06-26 13:29 - 2012-06-26 13:29 - 04569121 ____R (Swearware) C:\Users\hahaer\Desktop\cmbofx.exe
2012-06-26 05:24 - 2011-08-25 22:34 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\foobar2000
2012-06-26 05:23 - 2011-08-25 22:35 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Media Player Classic
2012-06-26 04:44 - 2011-08-25 21:40 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Mozilla
2012-06-26 04:19 - 2012-06-26 04:19 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-26 04:08 - 2012-01-15 19:25 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-26 04:08 - 2011-09-23 12:55 - 00000000 ____D C:\Users\hahaer\AppData\Local\Adobe
2012-06-26 03:36 - 2012-05-20 22:55 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-26 00:37 - 2011-08-25 23:08 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\DAEMON Tools Lite
2012-06-26 00:37 - 2011-08-25 21:34 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\uTorrent
2012-06-26 00:19 - 2012-06-26 00:16 - 00001908 ____A C:\Windows\diagwrn.xml
2012-06-26 00:19 - 2012-06-26 00:16 - 00001908 ____A C:\Windows\diagerr.xml
2012-06-25 23:02 - 2012-06-25 23:01 - 00000000 ____A C:\Windows\SysWOW64\sfc
2012-06-25 22:37 - 2011-11-27 17:35 - 00000000 ____D C:\Program Files (x86)\Everything
2012-06-25 22:12 - 2012-06-25 22:10 - 00000000 ____D C:\Users\hahaer\Desktop\New folder (2)
2012-06-25 22:11 - 2012-06-25 22:11 - 00133309 ____A C:\Windows\SysWOW64\services.7z
2012-06-25 22:08 - 2012-06-25 22:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2012-06-25 22:08 - 2012-06-25 22:08 - 00000000 ____D C:\Users\hahaer\Desktop\New folder
2012-06-25 21:59 - 2009-07-13 22:08 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-25 21:44 - 2011-10-03 15:35 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751065396-3435581585-1394504295-1001Core.job
2012-06-25 20:31 - 2012-06-25 20:31 - 00000000 ____D C:\Users\hahaer\AppData\Local\ESET
2012-06-25 14:35 - 2011-08-26 00:12 - 00000000 ____D C:\Users\hahaer\Downloads\Torrents
2012-06-25 03:55 - 2011-08-25 21:34 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-24 22:10 - 2012-03-25 03:50 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\mIRC
2012-06-24 18:22 - 2012-06-24 18:19 - 298815801 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 10 [887B8BB8].mkv
2012-06-24 18:18 - 2012-04-25 15:29 - 00000000 ____D C:\Program Files (x86)\mIRC
2012-06-23 22:54 - 2012-06-23 22:23 - 285377061 ____A C:\Users\hahaer\Downloads\[UTW]_Fate_Zero_-_25_[h264-720p][DEBA6F45].mkv
2012-06-23 15:55 - 2012-04-06 18:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 15:55 - 2011-08-25 21:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-23 15:09 - 2011-12-07 17:06 - 00000000 ____D C:\Users\hahaer\Documents\My Games
2012-06-23 14:58 - 2012-06-23 14:58 - 00000000 ____D C:\Program Files (x86)\SQUARE ENIX
2012-06-23 14:25 - 2012-01-16 15:09 - 00000000 ____D C:\Nexon
2012-06-22 23:33 - 2012-06-22 23:21 - 665951450 ____A C:\Users\hahaer\Downloads\[UTW]_Accel_World_-_11_[h264-720p][7D3851F8].mkv
2012-06-22 22:16 - 2011-12-29 19:47 - 00000000 ____D C:\Users\hahaer\Downloads\Touhou lossy music collection
2012-06-21 15:44 - 2012-06-21 15:44 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-20 14:16 - 2012-06-15 16:13 - 00000000 ____D C:\KAG
2012-06-20 08:28 - 2012-06-21 15:45 - 04145600 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2012-06-18 16:42 - 2012-06-18 16:42 - 00001338 ____A C:\Users\hahaer\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-06-18 16:30 - 2012-06-18 16:30 - 00000000 ____D C:\Users\hahaer\Documents\SEGA
2012-06-18 16:30 - 2012-06-18 16:30 - 00000000 ____D C:\Program Files (x86)\SEGA
2012-06-18 13:28 - 2012-06-18 13:28 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\SEGA
2012-06-18 12:46 - 2012-04-25 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 01:05 - 2011-08-25 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-17 18:11 - 2012-06-17 18:09 - 244323531 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 09 [9CA138C8].mkv
2012-06-17 14:49 - 2012-06-17 14:44 - 307888933 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_09_[00362F12].mkv
2012-06-17 14:35 - 2012-06-17 14:31 - 296879705 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_08_[B8117C3F].mkv
2012-06-17 13:00 - 2012-06-17 13:00 - 05252792 ____A C:\Users\hahaer\Desktop\new 2.txt
2012-06-17 12:52 - 2012-06-17 12:48 - 263534997 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_07_[929816ED].mkv
2012-06-17 12:46 - 2012-06-17 12:42 - 301250177 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_06_[3BC4F498].mkv
2012-06-17 12:17 - 2012-06-17 12:12 - 313210610 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_10_[939FF9C9].mkv
2012-06-17 03:26 - 2011-10-22 19:12 - 00000000 ____D C:\Users\hahaer\Downloads\DTA
2012-06-15 17:01 - 2011-08-25 21:44 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Skype
2012-06-15 13:38 - 2012-06-15 13:37 - 00000000 ____D C:\Program Files\iTunes
2012-06-15 13:38 - 2012-06-15 13:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-15 13:37 - 2012-06-15 13:37 - 00000000 ____D C:\Program Files\iPod
2012-06-13 12:06 - 2009-07-13 21:45 - 02449208 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 03:16 - 2011-08-31 22:49 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 03:10 - 2011-09-03 00:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-10 21:57 - 2012-06-10 21:49 - 345603864 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 08 [3C5D980E].mkv
2012-06-09 23:47 - 2012-06-09 23:44 - 228396763 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_05v2_[105A7A12].mkv
2012-06-09 23:33 - 2012-06-09 23:28 - 289411955 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 04 [23E4EC17].mkv
2012-06-09 22:35 - 2012-06-09 22:33 - 297282597 ____A C:\Users\hahaer\Downloads\[SubDESU]_Yozakura_Quartet_Hoshi_no_Umi_-_03_[D2D6A779].mkv
2012-06-09 17:53 - 2012-06-09 17:53 - 00000000 ____D C:\Users\hahaer\AppData\Local\Macromedia
2012-06-06 23:11 - 2012-06-04 12:28 - 00000000 ____D C:\Users\hahaer\Desktop\Pending
2012-06-06 19:48 - 2012-06-06 19:48 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-06 19:48 - 2011-09-01 14:12 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-06 19:48 - 2011-09-01 14:12 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-06 19:47 - 2011-09-01 14:12 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-06 19:39 - 2012-06-06 19:39 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-06 19:39 - 2012-06-06 19:39 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-06 19:39 - 2012-06-06 19:39 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-06 19:39 - 2012-06-06 19:39 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-06 19:39 - 2012-06-06 19:39 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-06 19:38 - 2012-06-06 19:38 - 00000000 ____D C:\Program Files\Java
2012-06-06 00:53 - 2011-09-30 09:23 - 00002308 ____A C:\Users\hahaer\.Xauthority
2012-06-06 00:53 - 2011-09-30 09:14 - 00000000 ____D C:\Users\hahaer\.nx
2012-06-06 00:53 - 2011-08-25 21:28 - 00000000 ____D C:\users\hahaer
2012-06-04 00:04 - 2012-06-04 00:06 - 310342534 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 07 [7CA72A38].mkv
2012-06-02 15:19 - 2012-06-22 12:47 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 15:19 - 2012-06-22 12:47 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 15:19 - 2012-06-22 12:47 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:19 - 2012-06-22 12:47 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 15:19 - 2012-06-22 12:47 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 15:19 - 2012-06-22 12:47 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 15:15 - 2012-06-22 12:47 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:15 - 2012-06-22 12:47 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:15 - 2012-06-22 12:47 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 17:23 - 2011-10-07 19:54 - 00000000 ____D C:\FrozenSynapse
2012-05-30 17:22 - 2012-02-18 23:06 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2012-05-27 21:58 - 2012-05-27 21:52 - 251682715 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 06 [F6C90034].mkv
2012-05-25 22:26 - 2012-02-21 18:05 - 00000000 ____D C:\Windows\System32\appmgmt
2012-05-25 16:39 - 2012-05-25 16:39 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\offspringfling
2012-05-25 14:06 - 2011-08-25 21:34 - 00000000 ____D C:\Program Files\Defraggler
2012-05-25 09:56 - 2012-05-25 09:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-23 17:00 - 2012-05-23 17:00 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\LolClient2
2012-05-23 16:40 - 2012-05-23 16:08 - 00000000 ____D C:\Users\hahaer\Documents\PineappleSmashCrew
2012-05-23 16:08 - 2012-05-23 16:08 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Quest3D
2012-05-21 01:15 - 2012-05-21 01:10 - 237129784 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 05 [9773D745].mkv
2012-05-19 12:47 - 2012-05-19 12:47 - 00000000 ____D C:\Program Files (x86)\Offspring Fling
2012-05-19 12:46 - 2011-08-25 22:11 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Adobe
2012-05-19 11:42 - 2012-05-19 11:42 - 00000274 ____A C:\Users\Public\Documents\neople_uninstaller0.bat
2012-05-19 01:20 - 2012-05-19 01:10 - 302223534 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 07 [5A95DBAF].mkv
2012-05-19 01:11 - 2012-05-19 00:57 - 274086271 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 06 [7D057758].mkv
2012-05-19 01:07 - 2012-05-19 00:46 - 334528296 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 03 [BDBFA66E].mkv
2012-05-19 01:05 - 2012-05-19 00:47 - 256383937 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 05 [F81E3D11].mkv
2012-05-19 01:03 - 2012-05-19 00:43 - 229637595 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 02 [08DD7C48].mkv
2012-05-19 00:53 - 2012-05-19 00:47 - 245544250 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 04 [108B653A].mkv
2012-05-18 09:56 - 2012-01-31 21:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-18 09:56 - 2012-01-31 21:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 21:01 - 2012-06-13 00:36 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 20:59 - 2012-06-13 00:36 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 20:03 - 2012-06-13 00:36 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 20:00 - 2012-06-13 00:36 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 18:32 - 2012-06-13 00:36 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 01:04 - 2012-05-14 00:34 - 371279358 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 04 [AA61A624].mkv
2012-05-12 02:26 - 2009-07-14 00:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 01:38 - 2012-05-06 23:24 - 235079370 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 03 [CED1D963].mkv
2012-05-04 04:06 - 2012-06-13 00:36 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:03 - 2012-06-13 00:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 03:03 - 2012-06-13 00:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 16:22 - 2012-04-10 19:31 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-05-02 16:22 - 2012-04-10 19:31 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-05-01 02:17 - 2012-05-01 02:06 - 314570792 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 02v2 [82AF6EF7].mkv
2012-04-29 02:48 - 2012-04-26 00:01 - 318616605 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 03 [D0DFF808].mkv
2012-04-27 22:32 - 2012-06-13 00:35 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 20:55 - 2012-06-13 00:35 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 22:41 - 2012-06-13 00:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 22:41 - 2012-06-13 00:36 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 22:34 - 2012-06-13 00:36 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 21:44 - 2012-04-25 21:27 - 358673533 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 02 [7AE9CF95].mkv
2012-04-25 21:18 - 2012-04-25 21:05 - 317827251 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 01 [2F4D073C].mkv
2012-04-25 20:01 - 2012-04-25 20:01 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-21 03:05 - 2012-04-21 03:03 - 00000000 ____D C:\Users\hahaer\AppData\Local\Insanely Twisted Shadow Planet
2012-04-21 00:56 - 2012-04-21 00:49 - 486731659 ____A C:\Users\hahaer\Downloads\[gg]_EUREKA_SEVEN_AO_-_01_[946DCCD6].mkv
2012-04-21 00:50 - 2012-04-21 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Game Studios
2012-04-20 18:52 - 2012-04-20 18:52 - 00000000 ____D C:\Users\hahaer\Documents\Diablo III
2012-04-20 18:52 - 2012-04-20 18:52 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-19 22:42 - 2012-06-13 00:37 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 22:42 - 2012-06-13 00:36 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 22:42 - 2012-06-13 00:36 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 22:42 - 2012-06-13 00:36 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 22:42 - 2012-06-13 00:36 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 22:42 - 2012-06-13 00:36 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 22:42 - 2012-06-13 00:36 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 22:42 - 2012-06-13 00:36 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 22:39 - 2012-04-19 22:39 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-19 22:00 - 2012-06-13 00:36 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 22:00 - 2012-06-13 00:36 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 21:57 - 2012-06-13 00:36 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 21:57 - 2012-06-13 00:36 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 21:57 - 2012-06-13 00:36 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 21:56 - 2012-06-13 00:36 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 21:56 - 2012-06-13 00:36 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 21:56 - 2012-06-13 00:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 20:45 - 2012-06-13 00:36 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 20:16 - 2012-06-13 00:36 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-17 01:27 - 2012-04-17 01:02 - 308787064 ____A C:\Users\hahaer\Downloads\[Underwater-Mahjong] Saki Achiga-hen - Episode of Side-A - 01 (720p) [B7CCC6DF].mkv
2012-04-17 01:09 - 2012-04-17 00:56 - 306605179 ____A C:\Users\hahaer\Downloads\[Underwater-Mahjong] Saki Achiga-hen - Episode of Side-A - 02 (720p) [649CC122].mkv
2012-04-17 01:05 - 2012-01-15 23:01 - 00000132 ____A C:\Users\hahaer\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-04-16 02:12 - 2012-04-16 02:12 - 00000000 ____D C:\Users\hahaer\AppData\Local\Chromium
2012-04-12 20:35 - 2012-04-12 20:23 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\NeopleLauncherDFO
2012-04-10 19:31 - 2011-08-25 22:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-08 19:27 - 2011-08-25 21:34 - 00000000 ____D C:\Program Files (x86)\foobar2000
2012-04-08 18:20 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-04-05 22:33 - 2012-04-05 22:28 - 276981496 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 01 [261B2905].mkv
2012-04-04 18:47 - 2012-06-06 19:48 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 18:47 - 2012-06-06 19:48 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 18:47 - 2011-09-01 14:12 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-04 15:56 - 2012-06-26 13:54 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 18:05 - 2011-09-07 22:22 - 00190560 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-03-31 23:24 - 2012-03-31 22:55 - 803456066 ____A C:\Users\hahaer\Downloads\[Commie] Hayate no Gotoku! Heaven is a Place on Earth [BD 720p AAC] [402B8673].mkv
2012-03-31 12:52 - 2011-08-25 21:42 - 00111208 ____A C:\Users\hahaer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-30 23:53 - 2012-03-30 23:39 - 00000000 ____D C:\FALCOM
2012-03-30 23:51 - 2012-03-30 23:39 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\FALCOM
2012-03-30 04:35 - 2012-05-11 19:17 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}\L
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}\U

ZeroAccess:
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}\@
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}\L
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}\U

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4060.8 MB
Available physical RAM: 3524.74 MB
Total Pagefile: 8119.79 MB
Available Pagefile: 7593.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:26.82 GB) NTFS
3 Drive e: () (Removable) (Total:3.78 GB) (Free:0.56 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3875 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 232 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3871 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Removable 3871 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-21 19:15

======================= End Of Log ==========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================

here is the FRST.txt which was obtained from running safe mode with command prompt

Unfortunately we can't fix ZeroAccess infection from there.
You have to provide FRST log from recovery environment.

You can always create Windows 7 DVD. See pinned topics at my forum: http://www.smartestcomputing.us.com/forum/98-windows-7/

 

[hahaer]

Your assistance is much obliged.

I seem to have been able to get into the Advanced Boot Options from a windows installer on a flash drive, I hope that's acceptable. Here's the FRST log obtained from it:

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 26-06-2012 17:57:09
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8067616 2009-08-25] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\hahaer\...\Run: [Google Update] "C:\Users\hahaer\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-23] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8 24.28.193.97
Startup: C:\Users\hahaer\Start Menu\Programs\Startup\Digsby.lnk
ShortcutTarget: Digsby.lnk -> C:\Program Files (x86)\Digsby\digsby.exe ()
Startup: C:\Users\hahaer\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\hahaer\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\hahaer\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\hahaer\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ======

2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42360 2011-01-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810144 2011-01-12] (ESET)
2 Firefox Service; C:\Users\hahaer\AppData\Roaming\Mozilla\Firefox\Profiles\pjy1v7h8.default\extensions\startup.service@mozilla.com\svc.exe [83456 2011-03-09] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MlCyMonS; C:\Windows\SysWOW64\MlCyMonS.exe [64512 2011-06-26] ()
2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [119176 2010-11-05] (SecureW2 B.V.)

========================== Drivers (Whitelisted) =============

3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-08-25] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [170640 2010-12-21] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [141264 2010-12-21] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [125296 2010-12-21] (ESET)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MlCyMon; C:\Windows\System32\Drivers\MlCyMon.sys [403312 2011-06-29] (MUSILAND®)
3 MlCyMonBus; C:\Windows\System32\Drivers\MlCyMonBus.sys [29808 2011-06-29] (MUSILAND®)
3 MlCyMonFW; C:\Windows\System32\Drivers\MlCyMonFW.sys [33904 2011-06-29] (MUSILAND®)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-26 14:16 - 2012-06-26 15:02 - 00036326 ____A C:\Users\hahaer\Desktop\FRST.txt
2012-06-26 14:11 - 2012-06-26 17:57 - 00000000 ____D C:\FRST
2012-06-26 13:45 - 2012-06-26 13:45 - 00000380 ____A C:\Windows\PFRO.log
2012-06-26 13:37 - 2012-06-26 13:37 - 01425797 ____A C:\Users\hahaer\Desktop\FRST64.exe
2012-06-26 13:27 - 2012-06-26 13:27 - 00000000 ____A C:\Users\hahaer\Desktop\gmer.log
2012-06-26 13:15 - 2012-06-26 16:51 - 00000930 ____A C:\Windows\setupact.log
2012-06-26 13:15 - 2012-06-26 13:15 - 00000000 ____A C:\Windows\setuperr.log
2012-06-26 13:14 - 2012-06-26 13:14 - 00000000 ____A C:\Users\hahaer\Desktop\New Text Document.txt
2012-06-26 13:05 - 2012-06-26 13:05 - 00302592 ____A C:\Users\hahaer\Desktop\erybqx5l.exe
2012-06-26 12:54 - 2012-06-26 12:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 12:54 - 2012-06-26 12:54 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Malwarebytes
2012-06-26 12:54 - 2012-06-26 12:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 12:54 - 2012-06-26 12:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 12:54 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 12:36 - 2012-06-26 12:36 - 00000000 ____D C:\Windows\erdnt
2012-06-26 12:30 - 2012-06-26 12:36 - 00000000 ___SD C:\32788R22FWJFW
2012-06-26 12:30 - 2012-06-26 12:30 - 00000000 ____D C:\Qoobox
2012-06-26 12:29 - 2012-06-26 12:29 - 04569121 ____R (Swearware) C:\Users\hahaer\Desktop\cmbofx.exe
2012-06-26 03:19 - 2012-06-26 03:19 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-25 23:16 - 2012-06-25 23:19 - 00001908 ____A C:\Windows\diagwrn.xml
2012-06-25 23:16 - 2012-06-25 23:19 - 00001908 ____A C:\Windows\diagerr.xml
2012-06-25 22:01 - 2012-06-25 22:02 - 00000000 ____A C:\Windows\SysWOW64\sfc
2012-06-25 21:10 - 2012-06-25 21:12 - 00000000 ____D C:\Users\hahaer\Desktop\New folder (2)
2012-06-25 21:09 - 2012-06-25 21:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2012-06-25 21:08 - 2012-06-25 21:08 - 00000000 ____D C:\Users\hahaer\Desktop\New folder
2012-06-25 19:31 - 2012-06-25 19:31 - 00000000 ____D C:\Users\hahaer\AppData\Local\ESET
2012-06-24 17:19 - 2012-06-24 17:22 - 298815801 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 10 [887B8BB8].mkv
2012-06-23 21:23 - 2012-06-23 21:54 - 285377061 ____A C:\Users\hahaer\Downloads\[UTW]_Fate_Zero_-_25_[h264-720p][DEBA6F45].mkv
2012-06-23 13:58 - 2012-06-23 13:58 - 00000000 ____D C:\Program Files (x86)\SQUARE ENIX
2012-06-22 22:21 - 2012-06-22 22:33 - 665951450 ____A C:\Users\hahaer\Downloads\[UTW]_Accel_World_-_11_[h264-720p][7D3851F8].mkv
2012-06-22 11:47 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 11:47 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 11:47 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 11:47 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 11:47 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 11:47 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 11:47 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 11:47 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 11:47 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 14:45 - 2012-06-20 07:28 - 04145600 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2012-06-21 14:44 - 2012-06-21 14:44 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-18 15:42 - 2012-06-18 15:42 - 00001338 ____A C:\Users\hahaer\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-06-18 15:30 - 2012-06-18 15:30 - 00000000 ____D C:\Users\hahaer\Documents\SEGA
2012-06-18 15:30 - 2012-06-18 15:30 - 00000000 ____D C:\Program Files (x86)\SEGA
2012-06-18 12:28 - 2012-06-18 12:28 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\SEGA
2012-06-17 17:09 - 2012-06-17 17:11 - 244323531 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 09 [9CA138C8].mkv
2012-06-17 13:44 - 2012-06-17 13:49 - 307888933 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_09_[00362F12].mkv
2012-06-17 13:31 - 2012-06-17 13:35 - 296879705 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_08_[B8117C3F].mkv
2012-06-17 12:00 - 2012-06-17 12:00 - 05252792 ____A C:\Users\hahaer\Desktop\new 2.txt
2012-06-17 11:48 - 2012-06-17 11:52 - 263534997 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_07_[929816ED].mkv
2012-06-17 11:42 - 2012-06-17 11:46 - 301250177 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_06_[3BC4F498].mkv
2012-06-17 11:12 - 2012-06-17 11:17 - 313210610 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_10_[939FF9C9].mkv
2012-06-15 15:13 - 2012-06-20 13:16 - 00000000 ____D C:\KAG
2012-06-15 12:37 - 2012-06-15 12:38 - 00000000 ____D C:\Program Files\iTunes
2012-06-15 12:37 - 2012-06-15 12:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-15 12:37 - 2012-06-15 12:37 - 00000000 ____D C:\Program Files\iPod
2012-06-12 23:37 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 23:36 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 23:36 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 23:36 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 23:36 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 23:36 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 23:36 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 23:36 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 23:36 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 23:36 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 23:36 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 23:36 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 23:36 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 23:36 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 23:36 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 23:36 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-12 23:36 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 23:36 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 23:36 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 23:36 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 23:36 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 23:36 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 23:36 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-12 23:36 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 23:36 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 23:36 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 23:36 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 23:36 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 23:36 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 23:35 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-12 23:35 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-10 20:49 - 2012-06-10 20:57 - 345603864 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 08 [3C5D980E].mkv
2012-06-09 22:44 - 2012-06-09 22:47 - 228396763 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_05v2_[105A7A12].mkv
2012-06-09 22:28 - 2012-06-09 22:33 - 289411955 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 04 [23E4EC17].mkv
2012-06-09 21:33 - 2012-06-09 21:35 - 297282597 ____A C:\Users\hahaer\Downloads\[SubDESU]_Yozakura_Quartet_Hoshi_no_Umi_-_03_[D2D6A779].mkv
2012-06-09 16:53 - 2012-06-09 16:53 - 00000000 ____D C:\Users\hahaer\AppData\Local\Macromedia
2012-06-06 18:48 - 2012-06-06 18:48 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-06 18:48 - 2012-04-04 17:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-06 18:48 - 2012-04-04 17:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-06 18:39 - 2012-06-06 18:39 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-06 18:39 - 2012-06-06 18:39 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-06 18:39 - 2012-06-06 18:39 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-06 18:39 - 2012-06-06 18:39 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-06 18:39 - 2012-06-06 18:39 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-06 18:38 - 2012-06-06 18:38 - 00000000 ____D C:\Program Files\Java
2012-06-04 11:28 - 2012-06-06 22:11 - 00000000 ____D C:\Users\hahaer\Desktop\Pending
2012-06-03 23:06 - 2012-06-03 23:04 - 310342534 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 07 [7CA72A38].mkv
2012-05-27 20:52 - 2012-05-27 20:58 - 251682715 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 06 [F6C90034].mkv


============ 3 Months Modified Files and Folders =============

2012-06-26 17:57 - 2012-06-26 14:11 - 00000000 ____D C:\FRST
2012-06-26 16:54 - 2012-05-13 11:47 - 01226260 ____A C:\Windows\WindowsUpdate.log
2012-06-26 16:54 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 16:54 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 16:53 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 16:51 - 2012-06-26 13:15 - 00000930 ____A C:\Windows\setupact.log
2012-06-26 16:51 - 2011-10-06 12:11 - 00000000 ___RD C:\Users\hahaer\Dropbox
2012-06-26 16:51 - 2011-10-06 12:08 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Dropbox
2012-06-26 16:51 - 2011-10-05 15:53 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
2012-06-26 16:51 - 2011-08-25 20:35 - 00000000 ____D C:\Users\hahaer\AppData\Local\Digsby
2012-06-26 16:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 16:43 - 2011-10-03 14:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751065396-3435581585-1394504295-1001UA.job
2012-06-26 15:55 - 2012-04-06 17:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-26 15:25 - 2011-08-25 21:26 - 00000000 ____D C:\Users\hahaer\Downloads\(~)
2012-06-26 15:02 - 2012-06-26 14:16 - 00036326 ____A C:\Users\hahaer\Desktop\FRST.txt
2012-06-26 13:45 - 2012-06-26 13:45 - 00000380 ____A C:\Windows\PFRO.log
2012-06-26 13:37 - 2012-06-26 13:37 - 01425797 ____A C:\Users\hahaer\Desktop\FRST64.exe
2012-06-26 13:27 - 2012-06-26 13:27 - 00000000 ____A C:\Users\hahaer\Desktop\gmer.log
2012-06-26 13:15 - 2012-06-26 13:15 - 00000000 ____A C:\Windows\setuperr.log
2012-06-26 13:14 - 2012-06-26 13:14 - 00000000 ____A C:\Users\hahaer\Desktop\New Text Document.txt
2012-06-26 13:05 - 2012-06-26 13:05 - 00302592 ____A C:\Users\hahaer\Desktop\erybqx5l.exe
2012-06-26 12:54 - 2012-06-26 12:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 12:54 - 2012-06-26 12:54 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Malwarebytes
2012-06-26 12:54 - 2012-06-26 12:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 12:54 - 2012-06-26 12:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 12:50 - 2011-10-06 13:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-26 12:36 - 2012-06-26 12:36 - 00000000 ____D C:\Windows\erdnt
2012-06-26 12:36 - 2012-06-26 12:30 - 00000000 ___SD C:\32788R22FWJFW
2012-06-26 12:30 - 2012-06-26 12:30 - 00000000 ____D C:\Qoobox
2012-06-26 12:29 - 2012-06-26 12:29 - 04569121 ____R (Swearware) C:\Users\hahaer\Desktop\cmbofx.exe
2012-06-26 04:24 - 2011-08-25 21:34 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\foobar2000
2012-06-26 04:23 - 2011-08-25 21:35 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Media Player Classic
2012-06-26 03:44 - 2011-08-25 20:40 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Mozilla
2012-06-26 03:19 - 2012-06-26 03:19 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-26 03:08 - 2012-01-15 18:25 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-26 03:08 - 2011-09-23 11:55 - 00000000 ____D C:\Users\hahaer\AppData\Local\Adobe
2012-06-26 02:36 - 2012-05-20 21:55 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-25 23:37 - 2011-08-25 22:08 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\DAEMON Tools Lite
2012-06-25 23:37 - 2011-08-25 20:34 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\uTorrent
2012-06-25 23:19 - 2012-06-25 23:16 - 00001908 ____A C:\Windows\diagwrn.xml
2012-06-25 23:19 - 2012-06-25 23:16 - 00001908 ____A C:\Windows\diagerr.xml
2012-06-25 22:02 - 2012-06-25 22:01 - 00000000 ____A C:\Windows\SysWOW64\sfc
2012-06-25 21:37 - 2011-11-27 16:35 - 00000000 ____D C:\Program Files (x86)\Everything
2012-06-25 21:15 - 2012-06-25 21:15 - 00133309 ____A C:\Windows\SysWOW64\aaaaaaaaaa.7z
2012-06-25 21:12 - 2012-06-25 21:12 - 00133309 ____A C:\Windows\SysWOW64\arg.7z
2012-06-25 21:12 - 2012-06-25 21:10 - 00000000 ____D C:\Users\hahaer\Desktop\New folder (2)
2012-06-25 21:11 - 2012-06-25 21:11 - 00133309 ____A C:\Windows\SysWOW64\services.7z
2012-06-25 21:08 - 2012-06-25 21:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2012-06-25 21:08 - 2012-06-25 21:08 - 00000000 ____D C:\Users\hahaer\Desktop\New folder
2012-06-25 20:59 - 2009-07-13 21:08 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-25 20:44 - 2011-10-03 14:35 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751065396-3435581585-1394504295-1001Core.job
2012-06-25 19:31 - 2012-06-25 19:31 - 00000000 ____D C:\Users\hahaer\AppData\Local\ESET
2012-06-25 13:35 - 2011-08-25 23:12 - 00000000 ____D C:\Users\hahaer\Downloads\Torrents
2012-06-25 02:55 - 2011-08-25 20:34 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-24 21:10 - 2012-03-25 02:50 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\mIRC
2012-06-24 17:22 - 2012-06-24 17:19 - 298815801 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 10 [887B8BB8].mkv
2012-06-24 17:18 - 2012-04-25 14:29 - 00000000 ____D C:\Program Files (x86)\mIRC
2012-06-23 21:54 - 2012-06-23 21:23 - 285377061 ____A C:\Users\hahaer\Downloads\[UTW]_Fate_Zero_-_25_[h264-720p][DEBA6F45].mkv
2012-06-23 14:55 - 2012-04-06 17:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 14:55 - 2011-08-25 20:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-23 14:09 - 2011-12-07 16:06 - 00000000 ____D C:\Users\hahaer\Documents\My Games
2012-06-23 13:58 - 2012-06-23 13:58 - 00000000 ____D C:\Program Files (x86)\SQUARE ENIX
2012-06-23 13:25 - 2012-01-16 14:09 - 00000000 ____D C:\Nexon
2012-06-22 22:33 - 2012-06-22 22:21 - 665951450 ____A C:\Users\hahaer\Downloads\[UTW]_Accel_World_-_11_[h264-720p][7D3851F8].mkv
2012-06-22 21:16 - 2011-12-29 18:47 - 00000000 ____D C:\Users\hahaer\Downloads\Touhou lossy music collection
2012-06-21 14:44 - 2012-06-21 14:44 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-20 13:16 - 2012-06-15 15:13 - 00000000 ____D C:\KAG
2012-06-20 07:28 - 2012-06-21 14:45 - 04145600 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2012-06-18 15:42 - 2012-06-18 15:42 - 00001338 ____A C:\Users\hahaer\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-06-18 15:30 - 2012-06-18 15:30 - 00000000 ____D C:\Users\hahaer\Documents\SEGA
2012-06-18 15:30 - 2012-06-18 15:30 - 00000000 ____D C:\Program Files (x86)\SEGA
2012-06-18 12:28 - 2012-06-18 12:28 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\SEGA
2012-06-18 11:46 - 2012-04-25 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 00:05 - 2011-08-25 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-17 17:11 - 2012-06-17 17:09 - 244323531 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 09 [9CA138C8].mkv
2012-06-17 13:49 - 2012-06-17 13:44 - 307888933 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_09_[00362F12].mkv
2012-06-17 13:35 - 2012-06-17 13:31 - 296879705 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_08_[B8117C3F].mkv
2012-06-17 12:00 - 2012-06-17 12:00 - 05252792 ____A C:\Users\hahaer\Desktop\new 2.txt
2012-06-17 11:52 - 2012-06-17 11:48 - 263534997 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_07_[929816ED].mkv
2012-06-17 11:46 - 2012-06-17 11:42 - 301250177 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_06_[3BC4F498].mkv
2012-06-17 11:17 - 2012-06-17 11:12 - 313210610 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_10_[939FF9C9].mkv
2012-06-17 02:26 - 2011-10-22 18:12 - 00000000 ____D C:\Users\hahaer\Downloads\DTA
2012-06-15 16:01 - 2011-08-25 20:44 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Skype
2012-06-15 12:38 - 2012-06-15 12:37 - 00000000 ____D C:\Program Files\iTunes
2012-06-15 12:38 - 2012-06-15 12:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-15 12:37 - 2012-06-15 12:37 - 00000000 ____D C:\Program Files\iPod
2012-06-13 11:06 - 2009-07-13 20:45 - 02449208 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 02:16 - 2011-08-31 21:49 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 02:10 - 2011-09-02 23:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-10 20:57 - 2012-06-10 20:49 - 345603864 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 08 [3C5D980E].mkv
2012-06-09 22:47 - 2012-06-09 22:44 - 228396763 ____A C:\Users\hahaer\Downloads\[gg]_Jormungand_-_05v2_[105A7A12].mkv
2012-06-09 22:33 - 2012-06-09 22:28 - 289411955 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 04 [23E4EC17].mkv
2012-06-09 21:35 - 2012-06-09 21:33 - 297282597 ____A C:\Users\hahaer\Downloads\[SubDESU]_Yozakura_Quartet_Hoshi_no_Umi_-_03_[D2D6A779].mkv
2012-06-09 16:53 - 2012-06-09 16:53 - 00000000 ____D C:\Users\hahaer\AppData\Local\Macromedia
2012-06-06 22:11 - 2012-06-04 11:28 - 00000000 ____D C:\Users\hahaer\Desktop\Pending
2012-06-06 18:48 - 2012-06-06 18:48 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-06 18:48 - 2011-09-01 13:12 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-06 18:48 - 2011-09-01 13:12 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-06 18:47 - 2011-09-01 13:12 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-06 18:39 - 2012-06-06 18:39 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-06 18:39 - 2012-06-06 18:39 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-06 18:39 - 2012-06-06 18:39 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-06 18:39 - 2012-06-06 18:39 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-06 18:39 - 2012-06-06 18:39 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-06 18:38 - 2012-06-06 18:38 - 00000000 ____D C:\Program Files\Java
2012-06-05 23:53 - 2011-09-30 08:23 - 00002308 ____A C:\Users\hahaer\.Xauthority
2012-06-05 23:53 - 2011-09-30 08:14 - 00000000 ____D C:\Users\hahaer\.nx
2012-06-05 23:53 - 2011-08-25 20:28 - 00000000 ____D C:\users\hahaer
2012-06-03 23:04 - 2012-06-03 23:06 - 310342534 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 07 [7CA72A38].mkv
2012-06-02 14:19 - 2012-06-22 11:47 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 11:47 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 11:47 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-22 11:47 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 11:47 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 11:47 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 11:47 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 11:47 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-22 11:47 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 16:23 - 2011-10-07 18:54 - 00000000 ____D C:\FrozenSynapse
2012-05-30 16:22 - 2012-02-18 22:06 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2012-05-27 20:58 - 2012-05-27 20:52 - 251682715 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 06 [F6C90034].mkv
2012-05-25 21:26 - 2012-02-21 17:05 - 00000000 ____D C:\Windows\System32\appmgmt
2012-05-25 15:39 - 2012-05-25 15:39 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\offspringfling
2012-05-25 13:06 - 2011-08-25 20:34 - 00000000 ____D C:\Program Files\Defraggler
2012-05-25 08:56 - 2012-05-25 08:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-23 16:00 - 2012-05-23 16:00 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\LolClient2
2012-05-23 15:40 - 2012-05-23 15:08 - 00000000 ____D C:\Users\hahaer\Documents\PineappleSmashCrew
2012-05-23 15:08 - 2012-05-23 15:08 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Quest3D
2012-05-21 00:15 - 2012-05-21 00:10 - 237129784 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 05 [9773D745].mkv
2012-05-19 11:47 - 2012-05-19 11:47 - 00000000 ____D C:\Program Files (x86)\Offspring Fling
2012-05-19 11:46 - 2011-08-25 21:11 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\Adobe
2012-05-19 10:42 - 2012-05-19 10:42 - 00000274 ____A C:\Users\Public\Documents\neople_uninstaller0.bat
2012-05-19 00:20 - 2012-05-19 00:10 - 302223534 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 07 [5A95DBAF].mkv
2012-05-19 00:11 - 2012-05-18 23:57 - 274086271 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 06 [7D057758].mkv
2012-05-19 00:07 - 2012-05-18 23:46 - 334528296 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 03 [BDBFA66E].mkv
2012-05-19 00:05 - 2012-05-18 23:47 - 256383937 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 05 [F81E3D11].mkv
2012-05-19 00:03 - 2012-05-18 23:43 - 229637595 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 02 [08DD7C48].mkv
2012-05-18 23:53 - 2012-05-18 23:47 - 245544250 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 04 [108B653A].mkv
2012-05-18 08:56 - 2012-01-31 20:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-18 08:56 - 2012-01-31 20:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 20:01 - 2012-06-12 23:36 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-12 23:36 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-12 23:36 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-12 23:36 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-12 23:36 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 00:04 - 2012-05-13 23:34 - 371279358 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 04 [AA61A624].mkv
2012-05-12 01:26 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 00:38 - 2012-05-06 22:24 - 235079370 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 03 [CED1D963].mkv
2012-05-04 03:06 - 2012-06-12 23:36 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 23:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 23:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 15:22 - 2012-04-10 18:31 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-05-02 15:22 - 2012-04-10 18:31 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-05-01 01:17 - 2012-05-01 01:06 - 314570792 ____A C:\Users\hahaer\Downloads\[Commie] Hyouka - 02v2 [82AF6EF7].mkv
2012-04-29 01:48 - 2012-04-25 23:01 - 318616605 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 03 [D0DFF808].mkv
2012-04-27 21:32 - 2012-06-12 23:35 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-12 23:35 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 23:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 23:36 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 23:36 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 20:44 - 2012-04-25 20:27 - 358673533 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 02 [7AE9CF95].mkv
2012-04-25 20:18 - 2012-04-25 20:05 - 317827251 ____A C:\Users\hahaer\Downloads\[Underwater-rori] Haiyore! Nyarlko-san - 01 [2F4D073C].mkv
2012-04-25 19:01 - 2012-04-25 19:01 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-21 02:05 - 2012-04-21 02:03 - 00000000 ____D C:\Users\hahaer\AppData\Local\Insanely Twisted Shadow Planet
2012-04-20 23:56 - 2012-04-20 23:49 - 486731659 ____A C:\Users\hahaer\Downloads\[gg]_EUREKA_SEVEN_AO_-_01_[946DCCD6].mkv
2012-04-20 23:50 - 2012-04-20 23:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Game Studios
2012-04-20 17:52 - 2012-04-20 17:52 - 00000000 ____D C:\Users\hahaer\Documents\Diablo III
2012-04-20 17:52 - 2012-04-20 17:52 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-19 21:42 - 2012-06-12 23:37 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-12 23:36 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-12 23:36 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-12 23:36 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-12 23:36 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-12 23:36 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-12 23:36 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-12 23:36 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:39 - 2012-04-19 21:39 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-19 21:00 - 2012-06-12 23:36 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-12 23:36 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-12 23:36 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-12 23:36 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-12 23:36 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-12 23:36 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-12 23:36 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-12 23:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-12 23:36 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-12 23:36 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-17 00:27 - 2012-04-17 00:02 - 308787064 ____A C:\Users\hahaer\Downloads\[Underwater-Mahjong] Saki Achiga-hen - Episode of Side-A - 01 (720p) [B7CCC6DF].mkv
2012-04-17 00:09 - 2012-04-16 23:56 - 306605179 ____A C:\Users\hahaer\Downloads\[Underwater-Mahjong] Saki Achiga-hen - Episode of Side-A - 02 (720p) [649CC122].mkv
2012-04-17 00:05 - 2012-01-15 22:01 - 00000132 ____A C:\Users\hahaer\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-04-16 01:12 - 2012-04-16 01:12 - 00000000 ____D C:\Users\hahaer\AppData\Local\Chromium
2012-04-12 19:35 - 2012-04-12 19:23 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\NeopleLauncherDFO
2012-04-10 18:31 - 2011-08-25 21:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-08 18:27 - 2011-08-25 20:34 - 00000000 ____D C:\Program Files (x86)\foobar2000
2012-04-08 17:20 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-04-05 21:33 - 2012-04-05 21:28 - 276981496 ____A C:\Users\hahaer\Downloads\[Commie] Sankarea - 01 [261B2905].mkv
2012-04-04 17:47 - 2012-06-06 18:48 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 17:47 - 2012-06-06 18:48 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 17:47 - 2011-09-01 13:12 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-04 14:56 - 2012-06-26 12:54 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 17:05 - 2011-09-07 21:22 - 00190560 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-03-31 22:24 - 2012-03-31 21:55 - 803456066 ____A C:\Users\hahaer\Downloads\[Commie] Hayate no Gotoku! Heaven is a Place on Earth [BD 720p AAC] [402B8673].mkv
2012-03-31 11:52 - 2011-08-25 20:42 - 00111208 ____A C:\Users\hahaer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-30 22:53 - 2012-03-30 22:39 - 00000000 ____D C:\FALCOM
2012-03-30 22:51 - 2012-03-30 22:39 - 00000000 ____D C:\Users\hahaer\AppData\Roaming\FALCOM
2012-03-30 03:35 - 2012-05-11 18:17 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}\L
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}\U

ZeroAccess:
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}\@
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}\L
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 4060.8 MB
Available physical RAM: 3398.22 MB
Total Pagefile: 4058.95 MB
Available Pagefile: 3389.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:26.68 GB) NTFS
3 Drive f: () (Removable) (Total:3.78 GB) (Free:0.56 GB) NTFS
4 Drive g: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3875 MB 0 B
Disk 2 Online 963 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3871 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 3871 MB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 963 MB 0 B

======================================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-06-21 18:15

======================= End Of Log ==========================

 

[Broni]

Very good

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[hahaer]

Here is the Search.txt as follows:

Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 2012-06-26 18:18:05
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\SysWOW64\services.exe
[2012-06-25 21:09] - [2012-06-25 21:08] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[hahaer]

Here is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
Ran by SYSTEM at 2012-06-26 18:41:54 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f} moved successfully.
C:\Users\hahaer\AppData\Local\{8901515f-711c-e931-238d-a29e2e62ce2f} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

[hahaer]

Combofix stalled and failed to create a log file after rebooting, however it successfully ran. At this point, I'm wondering if I should rerun combofix, or shall I follow an alternative?

 

[Broni]

Check for C:\ComboFix.txt
If it's not there re-run Combofix.

 

[hahaer]

There was a ComboFix.txt in C:\Combofix\ , maybe this is what you were looking for? I'll go ahead and rerun combofix.

ComboFix 12-06-26.02 - hahaer 06/26/2012 18:52:00.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.2630 [GMT -7:00]
Running from: C:\Users\hahaer\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\apppatch\AppLoc.exe
C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}\@
C:\Windows\Installer\{8901515f-711c-e931-238d-a29e2e62ce2f}\U\800000cb.@
C:\Windows\security\Database\tmp.edb


((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))


2012-06-27 02:00:21 . 2012-06-27 02:00:21 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-26 11:19:35 . 2012-06-26 11:19:35 -------- d-----w- C:\Users\hahaer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-26 05:09:20 . 2012-06-26 05:08:11 328704 ----a-w- C:\Windows\SysWow64\services.exe
2012-06-26 03:31:22 . 2012-06-26 03:31:22 -------- d-----w- C:\Users\hahaer\AppData\Local\ESET
2012-06-23 21:58:49 . 2012-06-23 21:58:49 -------- d-----w- C:\Program Files (x86)\SQUARE ENIX
2012-06-22 19:50:59 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DAD2CAA-0940-4785-A8F9-7FDB2BD5A775}\mpengine.dll
2012-06-22 19:47:39 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-22 19:47:39 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-22 19:47:39 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-22 19:47:39 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-22 19:47:23 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-22 19:47:23 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-22 19:47:23 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-22 19:47:10 . 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-22 19:47:10 . 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-21 22:45:03 . 2012-06-20 15:28:03 4145600 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-06-21 22:44:22 . 2012-06-21 22:44:22 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-06-18 23:30:42 . 2012-06-18 23:30:42 -------- d-----w- C:\Program Files (x86)\SEGA
2012-06-18 20:28:11 . 2012-06-18 20:28:11 -------- d-----w- C:\Users\hahaer\AppData\Roaming\SEGA
2012-06-15 23:13:03 . 2012-06-20 21:16:42 -------- d-----w- C:\KAG
2012-06-15 20:37:04 . 2012-06-15 20:38:11 -------- d-----w- C:\Program Files\iTunes
2012-06-15 20:37:04 . 2012-06-15 20:38:11 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-15 20:37:04 . 2012-06-15 20:37:04 -------- d-----w- C:\Program Files\iPod
2012-06-13 07:35:57 . 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-06-13 07:35:56 . 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-06-10 00:53:17 . 2012-06-10 00:53:17 -------- d-----w- C:\Users\hahaer\AppData\Local\Macromedia
2012-06-07 02:50:29 . 2012-06-07 02:50:29 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2012-06-07 02:48:44 . 2012-06-07 02:48:44 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-07 02:48:17 . 2012-04-05 01:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-07 02:39:40 . 2012-06-07 02:39:00 955848 ----a-w- C:\Windows\system32\npDeployJava1.dll
2012-06-07 02:39:40 . 2012-06-07 02:39:00 839112 ----a-w- C:\Windows\system32\deployJava1.dll
2012-06-07 02:38:57 . 2012-06-07 02:38:57 -------- d-----w- C:\Program Files\Java
2012-06-07 02:29:51 . 2012-06-18 08:05:27 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 02:29:51 . 2012-06-18 08:05:27 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-27 02:01:48 . 2011-10-05 23:53:43 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-06-23 22:55:15 . 2012-04-07 01:33:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 22:55:15 . 2011-08-26 04:56:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 03:56:30 . 2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 . 2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-05 01:47:02 . 2011-09-01 21:12:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 . 2012-05-12 02:17:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 00:49:58 336384]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 02:36:46 30040]
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 00:46:10 1159168]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 03:06:18 59280]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 21:37:14 517096]
"AdobeCS5.5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 15:08:56 1523360]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 03:56:22 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 02:33:22 421776]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 22:56:38 462408]

C:\Users\hahaer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe [2010-3-3 141488]
Dropbox.lnk - C:\Users\hahaer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe [2011-8-25 380928]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2011-9-18 102912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 22:55:15 250056]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys [2010-04-20 00:04:44 12032]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys [2010-03-23 23:37:34 12032]
R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [2011-08-01 23:59:06 52584]
R3 EagleX64;EagleX64;C:\Windows\system32\drivers\EagleX64.sys [x]
R3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);C:\Windows\system32\Drivers\MlCyMon.sys [2011-06-29 16:52:46 403312]
R3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);C:\Windows\system32\Drivers\MlCyMonBus.sys [2011-06-29 16:52:48 29808]
R3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);C:\Windows\system32\Drivers\MlCyMonFW.sys [2011-06-29 16:52:48 33904]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 08:05:27 113120]
R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [2011-08-01 23:59:06 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 21:37:14 517096]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 11:47:20 3027840]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 19:01:50 52736]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-26 04:42:23 1255736]
R4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-07-28 21:35:34 204288]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-26 06:09:28 270912]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 22:04:06 141264]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-02-15 16:01:48 19968]
S2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 22:04:06 170640]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 23:41:42 810144]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 20:47:38 125296]
S2 Firefox Service;Firefox Service;C:\Users\hahaer\AppData\Roaming\Mozilla\Firefox\Profiles\pjy1v7h8.default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 00:07:10 83456]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 22:56:40 654408]
S2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;C:\Windows\SysWOW64\MlCyMonS.exe [2011-06-26 23:55:48 64512]
S2 SW2SVC;SecureW2 Service;C:\Program Files (x86)\SecureW2\sw2_service.exe [2010-11-05 18:29:32 119176]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-28 22:23:16 9980416]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 20:54:10 309248]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-04-04 22:56:40 24904]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys [2011-11-11 02:32:02 115272]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 20:35:28 5434368]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 14:34:52 539240]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 15:53:01 35112]
S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys [2010-10-01 07:16:34 13312]


Contents of the 'Scheduled Tasks' folder

2012-06-27 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:33:33 . 2012-06-23 22:55:15]

2012-06-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751065396-3435581585-1394504295-1001Core.job
- C:\Users\hahaer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 00:17:53 . 2012-01-24 00:17:51]

2012-06-27 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751065396-3435581585-1394504295-1001UA.job
- C:\Users\hahaer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 00:17:53 . 2012-01-24 00:17:51]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\hahaer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-25 18:44:44 8067616]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 23:41:26 2918656]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 23:59:06 2417032]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 01:42:18 499608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

 

[Broni]

Go ahead and re-run it.
The above is only a partial log.

 

[hahaer]

Is it customary for Combofix to take upwards to 2 hours to finish?

 

[Broni]

It may.

 

[hahaer]

After numerous attempts to produce a log, in safe mode and not, with rkill or not, Combofix eternally says that it is preparing a log file after several hours. Antivirus isn't saying anything and Malwarebytes says nothing after scans. My services.exe seems restored, so it seems the threat is over.

 

[Broni]

Any current issues?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[hahaer]

OTL freezes up when the status bar states that it is scanning Firefox settings. No browsers or other significant programs are open. orz

 

[Broni]

Run the scan from safe mode.