I have encountered the same problem many poeple are getting due to a botched removal of Live Security Platinum. I tried to do a quick and dirty removal without using instructions. I used malwarebytes to remove Live Security Platinum and then reinstalled MSE to get it working again. MSE found three viruses without a scan: Sirefef, Sirefef.W and Sirefef.Y.removed them and then found two more after reboot and now a pop up always occurs telling me a critical error occurred and my computer shuts down after 60 seconds. Too short for successful system restore and all modes give me same error and restart. Would it be possible for you to provide me with a fixlist.txt for my system? I have the logs required
.
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 15:04:37
Running from N:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2093128 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4271688 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-25] (Logitech, Inc.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Administrator\...\Run: [Steam] "Z:\Program Files (x86)\Steam\steam.exe" -silent [x]
HKU\Administrator\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] [x]
HKU\Administrator\...\Run: [igndlm.exe] Z:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork [x]
HKU\Administrator\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\shalafi\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.31
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ======
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-27] ()
2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 DAUpdaterSvc; C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]
========================== Drivers (Whitelisted) =============
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-13] (DT Soft Ltd)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-28] (Initio Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-06-13] (Duplex Secure Ltd.)
3 WaveATSC; C:\Windows\System32\Drivers\WaveATSC.sys [499584 2007-04-28] (Lumanate, Inc.)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-29 07:07 - 2012-07-29 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72355804D77ADF35
2012-07-29 07:03 - 2012-07-29 07:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A196D2EFFE1733A8
2012-07-29 06:53 - 2012-07-29 06:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.945172E846B5B583
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ___SD C:\32788R22FWJFW
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ____D C:\Windows\erdnt
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ____D C:\Qoobox
2012-07-29 06:52 - 2012-07-29 06:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\{F5547337-3B74-48DF-919F-126D1B1DCA25}
2012-07-29 06:52 - 2012-07-29 06:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0919A863-EE21-43B4-849A-C0857B5F30C5}
2012-07-29 06:52 - 2012-07-29 06:30 - 04721417 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-28 15:06 - 2012-07-28 15:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44867F13738C5841
2012-07-28 15:00 - 2012-07-28 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E08BBB66C628BFA
2012-07-28 14:58 - 2012-07-28 14:58 - 00001058 ____A C:\Users\Administrator\Desktop\AVATAR.txt
2012-07-28 14:51 - 2012-07-28 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470471182201D2C2
2012-07-28 14:43 - 2012-07-28 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A5392B37A51A05A
2012-07-28 14:22 - 2012-07-28 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B61A18C646B9B9C8
2012-07-28 14:15 - 2012-07-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AA4A9FF14A1F4DE
2012-07-28 14:03 - 2012-07-28 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.005B5C1391276AA1
2012-07-28 13:59 - 2012-07-28 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14E8BFD053279AE2
2012-07-28 13:54 - 2012-07-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F11B02179057CCB
2012-07-28 13:54 - 2012-07-28 13:54 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wadhclfa.sys
2012-07-28 13:42 - 2012-07-28 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48A34DB58512BCE8
2012-07-28 13:34 - 2012-07-28 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FE39B408180DA6B
2012-07-28 13:28 - 2012-07-28 13:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-28 13:28 - 2012-07-28 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-28 13:23 - 2012-07-28 13:23 - 12621696 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2012-07-28 13:00 - 2012-07-28 13:00 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 13:00 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 12:04 - 2012-07-28 12:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-28 12:01 - 2012-07-28 12:03 - 00000000 ____D C:\Users\All Users\7531CC962B17D97900440347F875EF60
2012-07-28 12:01 - 2012-07-28 12:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skyrim
2012-07-28 11:48 - 2012-07-28 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\{ADFA37F8-C64F-4112-B79E-44216ED375CE}
2012-07-28 11:48 - 2012-07-28 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A019623B-C610-4A5B-B7A8-EFC211FF5CF4}
2012-07-26 05:47 - 2012-07-26 05:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{DA9A1E41-05CA-40DF-8872-00D78A740CAF}
2012-07-26 05:46 - 2012-07-26 05:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A3F618C2-72CE-4AEE-91A8-1B8D27391162}
2012-07-25 16:38 - 2012-07-25 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\{46346312-BEF5-4F96-B123-9F2053BF0384}
2012-07-25 04:37 - 2012-07-25 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\{669DCAD3-3397-4049-A112-93D359C93ADF}
2012-07-25 04:37 - 2012-07-25 04:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0B0E936E-0B69-4726-9BDA-CBBF0971F58A}
2012-07-23 10:37 - 2012-07-23 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{19313D37-9C0D-4051-9C61-0ACD6F2340A0}
2012-07-23 10:36 - 2012-07-23 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0FB33F07-69A7-4581-8FE4-A50876D79F9C}
2012-07-18 06:31 - 2012-07-29 10:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 06:31 - 2012-07-18 06:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\{D8A82060-DB89-46FA-84B8-29C274D4AC99}
2012-07-18 06:31 - 2012-07-18 06:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\{37007E9A-C58A-4E0E-8896-42500F9EFCA2}
2012-07-14 05:14 - 2012-07-14 05:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3AABCB82-0EA1-4FE1-A006-4348EF10C49F}
2012-07-14 05:13 - 2012-07-14 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A7388844-520E-4CA7-8C42-AEED6C2F40A7}
2012-07-13 17:13 - 2012-07-13 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{720BB913-3B2D-48AD-8645-6897775B4677}
2012-07-13 17:13 - 2012-07-13 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{05DFBA4B-8030-4731-868D-4593341E03DE}
2012-07-13 05:13 - 2012-07-13 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{E2C5DCB0-CC4F-49C1-ACFA-CD3B7ED6ACA5}
2012-07-13 05:12 - 2012-07-13 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AD24AD47-A651-4361-9248-A72C1F6899D1}
2012-07-12 17:12 - 2012-07-12 17:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AC4DE5B1-4BA2-4DCC-9050-9D7CBA42BD97}
2012-07-12 17:12 - 2012-07-12 17:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3C0F1B49-634B-41F5-B6CF-D6643CD6D5AE}
2012-07-12 06:18 - 2012-07-12 06:18 - 00000716 ____A C:\Users\Administrator\Desktop\Dungeons & Dragons Online® Eberron Unlimited™.lnk
2012-07-12 05:14 - 2012-07-12 05:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2012-07-12 05:12 - 2012-07-12 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C970C4CE-76AC-494D-A9C2-D3068438F862}
2012-07-12 05:11 - 2012-07-12 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AC11CB3E-023C-4111-B09E-794B26F709FC}
2012-07-10 23:08 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 20:13 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:13 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:13 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:13 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:13 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:13 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:13 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:13 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:13 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:13 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 20:13 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 20:12 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 20:12 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 20:12 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:12 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:12 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:12 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:12 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:12 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 16:50 - 2012-07-10 16:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C192F10E-B35D-4BF6-B4F1-946CE2B81BE1}
2012-07-10 16:50 - 2012-07-10 16:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BC456839-A3A3-4588-9147-F4BECBD5788E}
2012-07-10 04:50 - 2012-07-10 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0AAE9C15-D10F-4864-B17E-5A189B903510}
2012-07-10 04:49 - 2012-07-10 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{6E447979-92B8-4361-BB09-F6DFE277859A}
2012-07-09 16:49 - 2012-07-09 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BB1701F9-DD21-4993-A200-CD70A81B452A}
2012-07-09 16:49 - 2012-07-09 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3257A2AC-B2F1-40A7-A5F2-02A584DC982B}
2012-07-09 04:49 - 2012-07-09 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{48370767-14AA-406E-B6E2-20798F3602B5}
2012-07-09 04:46 - 2012-07-09 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{982382CC-1947-4D11-8F73-8E42CB81DD50}
============ 3 Months Modified Files ========================
2012-07-29 10:47 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-29 10:45 - 2012-07-18 06:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 10:45 - 2010-11-16 14:43 - 00022462 ____A C:\Windows\setupact.log
2012-07-29 10:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 07:07 - 2012-07-29 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72355804D77ADF35
2012-07-29 07:07 - 2012-04-08 13:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-29 07:07 - 2011-05-17 17:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-29 07:03 - 2012-07-29 07:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A196D2EFFE1733A8
2012-07-29 06:53 - 2012-07-29 06:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.945172E846B5B583
2012-07-29 06:30 - 2012-07-29 06:52 - 04721417 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-28 15:06 - 2012-07-28 15:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44867F13738C5841
2012-07-28 15:00 - 2012-07-28 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E08BBB66C628BFA
2012-07-28 14:58 - 2012-07-28 14:58 - 00001058 ____A C:\Users\Administrator\Desktop\AVATAR.txt
2012-07-28 14:51 - 2012-07-28 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470471182201D2C2
2012-07-28 14:51 - 2010-01-08 00:48 - 01870624 ____A C:\Windows\WindowsUpdate.log
2012-07-28 14:43 - 2012-07-28 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A5392B37A51A05A
2012-07-28 14:22 - 2012-07-28 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B61A18C646B9B9C8
2012-07-28 14:15 - 2012-07-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AA4A9FF14A1F4DE
2012-07-28 14:03 - 2012-07-28 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.005B5C1391276AA1
2012-07-28 13:59 - 2012-07-28 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14E8BFD053279AE2
2012-07-28 13:54 - 2012-07-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F11B02179057CCB
2012-07-28 13:54 - 2012-07-28 13:54 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wadhclfa.sys
2012-07-28 13:42 - 2012-07-28 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48A34DB58512BCE8
2012-07-28 13:41 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-28 13:41 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-28 13:34 - 2012-07-28 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FE39B408180DA6B
2012-07-28 13:29 - 2011-01-28 19:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-28 13:29 - 2010-01-09 17:03 - 00763096 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-28 13:23 - 2012-07-28 13:23 - 12621696 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2012-07-28 13:20 - 2009-07-13 21:13 - 00747184 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-28 13:15 - 2010-01-08 06:04 - 00021214 ____A C:\Windows\PFRO.log
2012-07-28 13:00 - 2012-07-28 13:00 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 12:00 - 2010-01-08 06:20 - 00878841 ____A C:\Windows\DirectX.log
2012-07-12 06:18 - 2012-07-12 06:18 - 00000716 ____A C:\Users\Administrator\Desktop\Dungeons & Dragons Online® Eberron Unlimited™.lnk
2012-07-10 23:26 - 2009-07-13 20:45 - 03024824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:07 - 2009-07-13 18:34 - 00000512 ____A C:\Windows\win.ini
2012-07-10 23:03 - 2010-01-08 05:59 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-04 12:32 - 2010-04-16 16:06 - 00002000 ___AH C:\Users\Administrator\Documents\Default.rdp
2012-07-03 09:46 - 2012-07-28 13:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-22 10:55 - 2012-06-22 10:57 - 00399932 ____A C:\o-Demonoid.me-o_20th_Century_Romance.torrent
2012-06-13 09:17 - 2012-06-13 09:17 - 00001791 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 08:01 - 2012-06-13 08:01 - 00000222 ____A C:\Users\Administrator\Desktop\Sins of a Solar Empire Rebellion.url
2012-06-13 07:47 - 2012-06-13 07:47 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-06-13 07:42 - 2012-06-13 07:42 - 00001958 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-06-13 07:41 - 2010-01-08 19:58 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-06-11 19:08 - 2012-07-10 23:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 20:13 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 20:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 20:13 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 20:13 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 20:12 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 20:13 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 20:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 20:12 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 21:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 21:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 21:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 21:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 21:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 20:13 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 20:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 20:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 20:13 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 20:13 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 20:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 20:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 20:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 20:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-01-08 05:46 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-22 04:40 - 2012-05-22 04:40 - 00001853 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 06:09 - 2012-05-19 06:08 - 00011776 __ASH C:\Thumbs.db
2012-05-17 11:10 - 2012-05-17 11:10 - 01076328 ____A C:\Scan0012-2.psd
2012-05-17 11:07 - 2012-05-17 11:05 - 01075464 ____A C:\Scan0012-1.psd
2012-05-12 09:00 - 2012-05-12 09:00 - 00001359 ____A C:\Users\Public\Desktop\EASEUS Partition Recovery 5.0.1.lnk
2012-05-12 08:59 - 2012-05-12 08:59 - 08785352 ____A (EASEUS ) C:\Users\Administrator\Downloads\partition_recovery.exe
2012-05-12 08:59 - 2012-05-12 08:59 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_partition_recovery_exe.exe
2012-05-12 06:34 - 2012-05-12 06:33 - 28461576 ____A (R-Tools Technology Inc.) C:\Users\Administrator\Downloads\rs64_en_5 (1).exe
2012-05-11 19:10 - 2012-05-11 19:03 - 05595920 ____A (EASEUS ) C:\Users\Administrator\Downloads\drw_free.exe
2012-05-11 19:09 - 2012-05-11 19:08 - 01743056 ____A (QueTek Consulting Corporation) C:\Users\Administrator\Downloads\32fsu40.exe
2012-05-11 18:56 - 2012-05-11 18:56 - 00002283 ____A C:\Users\Public\Desktop\Advanced Disk Recovery.lnk
2012-05-11 18:54 - 2012-05-11 18:55 - 04494872 ____A (Systweak Inc ) C:\Users\Administrator\Downloads\adrsetup.exe
2012-05-11 18:54 - 2012-05-11 18:54 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_adrsetup_exe.exe
2012-05-11 18:52 - 2012-05-11 18:50 - 28461576 ____A (R-Tools Technology Inc.) C:\Users\Administrator\Downloads\rs64_en_5.exe
2012-05-04 23:46 - 2012-05-04 23:46 - 00000652 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-04 23:34 - 2012-05-04 23:34 - 00215032 ____A C:\Users\Administrator\Downloads\Jack_Campbell_-_[The_Lost_Fleet_08_-_Beyond_the_Frontier_02].exe
2012-05-04 23:34 - 2012-05-04 23:34 - 00000915 ____A C:\Users\Administrator\Downloads\Jack_Campbell_[The_Lost_Fleet_08_Beyond_the_Frontier_02]_Invincible_(v5_0)_(ePub_MOBI)-(Demonoid.me).torrent
2012-05-04 03:06 - 2012-06-13 08:04 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 08:04 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 08:04 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 08:04 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 08:04 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 18:38 - 2012-05-01 18:38 - 00000263 ____A C:\Users\Administrator\Documents\wtx-500b3-3-01b.log
2012-05-01 18:03 - 2012-05-01 18:01 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2012-05-01 18:03 - 2012-05-01 18:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2012-05-01 18:01 - 2012-05-01 18:01 - 00001619 ____A C:\Windows\ST6UNST.000
2012-05-01 18:00 - 2012-05-01 18:00 - 05434782 ____A C:\Users\Administrator\Downloads\sfrm0100.exe
ZeroAccess:
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\L
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\00000001.@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\80000000.@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\800000cb.@
ZeroAccess:
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\@
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\L
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 6143.12 MB
Available physical RAM: 5350.51 MB
Total Pagefile: 6141.32 MB
Available Pagefile: 5350.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: (Windows7) (Fixed) (Total:350 GB) (Free:213.68 GB) NTFS
3 Drive d: (Vista) (Fixed) (Total:465.76 GB) (Free:354.18 GB) NTFS
4 Drive f: (Data2) (Fixed) (Total:1047.26 GB) (Free:288.34 GB) NTFS
6 Drive h: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
9 Drive k: (Data) (Fixed) (Total:698.63 GB) (Free:510.23 GB) NTFS
12 Drive n: () (Removable) (Total:0.48 GB) (Free:0.44 GB) FAT
13 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
14 Drive y: (XPPro) (Fixed) (Total:465.75 GB) (Free:240.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 698 GB 0 B *
Disk 2 Online 465 GB 0 B
Disk 3 Online 1397 GB 1024 KB
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Disk 8 Online 494 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Y XPPro NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 698 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 42
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Vista NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 350 GB 1024 KB
Partition 2 Primary 1047 GB 350 GB
==================================================================================
Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C Windows7 NTFS Partition 350 GB Healthy
==================================================================================
Disk: 3
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F Data2 NTFS Partition 1047 GB Healthy
==================================================================================
Partitions of Disk 8:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 493 MB 16 KB
==================================================================================
Disk: 8
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 N FAT Removable 493 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-18 07:56
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 15:06:30
Running from N:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-29 10:47] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
.
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 15:04:37
Running from N:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2093128 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4271688 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-25] (Logitech, Inc.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Administrator\...\Run: [Steam] "Z:\Program Files (x86)\Steam\steam.exe" -silent [x]
HKU\Administrator\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] [x]
HKU\Administrator\...\Run: [igndlm.exe] Z:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork [x]
HKU\Administrator\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\shalafi\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.31
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ======
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-27] ()
2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 DAUpdaterSvc; C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]
========================== Drivers (Whitelisted) =============
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-13] (DT Soft Ltd)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-28] (Initio Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-06-13] (Duplex Secure Ltd.)
3 WaveATSC; C:\Windows\System32\Drivers\WaveATSC.sys [499584 2007-04-28] (Lumanate, Inc.)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-29 07:07 - 2012-07-29 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72355804D77ADF35
2012-07-29 07:03 - 2012-07-29 07:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A196D2EFFE1733A8
2012-07-29 06:53 - 2012-07-29 06:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.945172E846B5B583
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ___SD C:\32788R22FWJFW
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ____D C:\Windows\erdnt
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ____D C:\Qoobox
2012-07-29 06:52 - 2012-07-29 06:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\{F5547337-3B74-48DF-919F-126D1B1DCA25}
2012-07-29 06:52 - 2012-07-29 06:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0919A863-EE21-43B4-849A-C0857B5F30C5}
2012-07-29 06:52 - 2012-07-29 06:30 - 04721417 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-28 15:06 - 2012-07-28 15:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44867F13738C5841
2012-07-28 15:00 - 2012-07-28 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E08BBB66C628BFA
2012-07-28 14:58 - 2012-07-28 14:58 - 00001058 ____A C:\Users\Administrator\Desktop\AVATAR.txt
2012-07-28 14:51 - 2012-07-28 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470471182201D2C2
2012-07-28 14:43 - 2012-07-28 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A5392B37A51A05A
2012-07-28 14:22 - 2012-07-28 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B61A18C646B9B9C8
2012-07-28 14:15 - 2012-07-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AA4A9FF14A1F4DE
2012-07-28 14:03 - 2012-07-28 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.005B5C1391276AA1
2012-07-28 13:59 - 2012-07-28 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14E8BFD053279AE2
2012-07-28 13:54 - 2012-07-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F11B02179057CCB
2012-07-28 13:54 - 2012-07-28 13:54 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wadhclfa.sys
2012-07-28 13:42 - 2012-07-28 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48A34DB58512BCE8
2012-07-28 13:34 - 2012-07-28 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FE39B408180DA6B
2012-07-28 13:28 - 2012-07-28 13:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-28 13:28 - 2012-07-28 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-28 13:23 - 2012-07-28 13:23 - 12621696 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2012-07-28 13:00 - 2012-07-28 13:00 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 13:00 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 12:04 - 2012-07-28 12:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-28 12:01 - 2012-07-28 12:03 - 00000000 ____D C:\Users\All Users\7531CC962B17D97900440347F875EF60
2012-07-28 12:01 - 2012-07-28 12:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skyrim
2012-07-28 11:48 - 2012-07-28 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\{ADFA37F8-C64F-4112-B79E-44216ED375CE}
2012-07-28 11:48 - 2012-07-28 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A019623B-C610-4A5B-B7A8-EFC211FF5CF4}
2012-07-26 05:47 - 2012-07-26 05:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{DA9A1E41-05CA-40DF-8872-00D78A740CAF}
2012-07-26 05:46 - 2012-07-26 05:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A3F618C2-72CE-4AEE-91A8-1B8D27391162}
2012-07-25 16:38 - 2012-07-25 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\{46346312-BEF5-4F96-B123-9F2053BF0384}
2012-07-25 04:37 - 2012-07-25 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\{669DCAD3-3397-4049-A112-93D359C93ADF}
2012-07-25 04:37 - 2012-07-25 04:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0B0E936E-0B69-4726-9BDA-CBBF0971F58A}
2012-07-23 10:37 - 2012-07-23 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{19313D37-9C0D-4051-9C61-0ACD6F2340A0}
2012-07-23 10:36 - 2012-07-23 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0FB33F07-69A7-4581-8FE4-A50876D79F9C}
2012-07-18 06:31 - 2012-07-29 10:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 06:31 - 2012-07-18 06:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\{D8A82060-DB89-46FA-84B8-29C274D4AC99}
2012-07-18 06:31 - 2012-07-18 06:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\{37007E9A-C58A-4E0E-8896-42500F9EFCA2}
2012-07-14 05:14 - 2012-07-14 05:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3AABCB82-0EA1-4FE1-A006-4348EF10C49F}
2012-07-14 05:13 - 2012-07-14 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A7388844-520E-4CA7-8C42-AEED6C2F40A7}
2012-07-13 17:13 - 2012-07-13 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{720BB913-3B2D-48AD-8645-6897775B4677}
2012-07-13 17:13 - 2012-07-13 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{05DFBA4B-8030-4731-868D-4593341E03DE}
2012-07-13 05:13 - 2012-07-13 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{E2C5DCB0-CC4F-49C1-ACFA-CD3B7ED6ACA5}
2012-07-13 05:12 - 2012-07-13 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AD24AD47-A651-4361-9248-A72C1F6899D1}
2012-07-12 17:12 - 2012-07-12 17:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AC4DE5B1-4BA2-4DCC-9050-9D7CBA42BD97}
2012-07-12 17:12 - 2012-07-12 17:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3C0F1B49-634B-41F5-B6CF-D6643CD6D5AE}
2012-07-12 06:18 - 2012-07-12 06:18 - 00000716 ____A C:\Users\Administrator\Desktop\Dungeons & Dragons Online® Eberron Unlimited™.lnk
2012-07-12 05:14 - 2012-07-12 05:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2012-07-12 05:12 - 2012-07-12 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C970C4CE-76AC-494D-A9C2-D3068438F862}
2012-07-12 05:11 - 2012-07-12 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AC11CB3E-023C-4111-B09E-794B26F709FC}
2012-07-10 23:08 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 20:13 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:13 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:13 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:13 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:13 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:13 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:13 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:13 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:13 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:13 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 20:13 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 20:12 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 20:12 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 20:12 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:12 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:12 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:12 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:12 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:12 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 16:50 - 2012-07-10 16:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C192F10E-B35D-4BF6-B4F1-946CE2B81BE1}
2012-07-10 16:50 - 2012-07-10 16:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BC456839-A3A3-4588-9147-F4BECBD5788E}
2012-07-10 04:50 - 2012-07-10 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0AAE9C15-D10F-4864-B17E-5A189B903510}
2012-07-10 04:49 - 2012-07-10 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{6E447979-92B8-4361-BB09-F6DFE277859A}
2012-07-09 16:49 - 2012-07-09 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BB1701F9-DD21-4993-A200-CD70A81B452A}
2012-07-09 16:49 - 2012-07-09 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3257A2AC-B2F1-40A7-A5F2-02A584DC982B}
2012-07-09 04:49 - 2012-07-09 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{48370767-14AA-406E-B6E2-20798F3602B5}
2012-07-09 04:46 - 2012-07-09 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{982382CC-1947-4D11-8F73-8E42CB81DD50}
============ 3 Months Modified Files ========================
2012-07-29 10:47 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-29 10:45 - 2012-07-18 06:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 10:45 - 2010-11-16 14:43 - 00022462 ____A C:\Windows\setupact.log
2012-07-29 10:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 07:07 - 2012-07-29 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72355804D77ADF35
2012-07-29 07:07 - 2012-04-08 13:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-29 07:07 - 2011-05-17 17:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-29 07:03 - 2012-07-29 07:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A196D2EFFE1733A8
2012-07-29 06:53 - 2012-07-29 06:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.945172E846B5B583
2012-07-29 06:30 - 2012-07-29 06:52 - 04721417 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-28 15:06 - 2012-07-28 15:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44867F13738C5841
2012-07-28 15:00 - 2012-07-28 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E08BBB66C628BFA
2012-07-28 14:58 - 2012-07-28 14:58 - 00001058 ____A C:\Users\Administrator\Desktop\AVATAR.txt
2012-07-28 14:51 - 2012-07-28 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470471182201D2C2
2012-07-28 14:51 - 2010-01-08 00:48 - 01870624 ____A C:\Windows\WindowsUpdate.log
2012-07-28 14:43 - 2012-07-28 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A5392B37A51A05A
2012-07-28 14:22 - 2012-07-28 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B61A18C646B9B9C8
2012-07-28 14:15 - 2012-07-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AA4A9FF14A1F4DE
2012-07-28 14:03 - 2012-07-28 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.005B5C1391276AA1
2012-07-28 13:59 - 2012-07-28 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14E8BFD053279AE2
2012-07-28 13:54 - 2012-07-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F11B02179057CCB
2012-07-28 13:54 - 2012-07-28 13:54 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wadhclfa.sys
2012-07-28 13:42 - 2012-07-28 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48A34DB58512BCE8
2012-07-28 13:41 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-28 13:41 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-28 13:34 - 2012-07-28 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FE39B408180DA6B
2012-07-28 13:29 - 2011-01-28 19:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-28 13:29 - 2010-01-09 17:03 - 00763096 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-28 13:23 - 2012-07-28 13:23 - 12621696 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2012-07-28 13:20 - 2009-07-13 21:13 - 00747184 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-28 13:15 - 2010-01-08 06:04 - 00021214 ____A C:\Windows\PFRO.log
2012-07-28 13:00 - 2012-07-28 13:00 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 12:00 - 2010-01-08 06:20 - 00878841 ____A C:\Windows\DirectX.log
2012-07-12 06:18 - 2012-07-12 06:18 - 00000716 ____A C:\Users\Administrator\Desktop\Dungeons & Dragons Online® Eberron Unlimited™.lnk
2012-07-10 23:26 - 2009-07-13 20:45 - 03024824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:07 - 2009-07-13 18:34 - 00000512 ____A C:\Windows\win.ini
2012-07-10 23:03 - 2010-01-08 05:59 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-04 12:32 - 2010-04-16 16:06 - 00002000 ___AH C:\Users\Administrator\Documents\Default.rdp
2012-07-03 09:46 - 2012-07-28 13:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-22 10:55 - 2012-06-22 10:57 - 00399932 ____A C:\o-Demonoid.me-o_20th_Century_Romance.torrent
2012-06-13 09:17 - 2012-06-13 09:17 - 00001791 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 08:01 - 2012-06-13 08:01 - 00000222 ____A C:\Users\Administrator\Desktop\Sins of a Solar Empire Rebellion.url
2012-06-13 07:47 - 2012-06-13 07:47 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-06-13 07:42 - 2012-06-13 07:42 - 00001958 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-06-13 07:41 - 2010-01-08 19:58 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-06-11 19:08 - 2012-07-10 23:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 20:13 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 20:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 20:13 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 20:13 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 20:12 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 20:13 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 20:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 20:12 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 21:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 21:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 21:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 21:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 21:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 20:13 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 20:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 20:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 20:13 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 20:13 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 20:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 20:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 20:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 20:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-01-08 05:46 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-22 04:40 - 2012-05-22 04:40 - 00001853 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 06:09 - 2012-05-19 06:08 - 00011776 __ASH C:\Thumbs.db
2012-05-17 11:10 - 2012-05-17 11:10 - 01076328 ____A C:\Scan0012-2.psd
2012-05-17 11:07 - 2012-05-17 11:05 - 01075464 ____A C:\Scan0012-1.psd
2012-05-12 09:00 - 2012-05-12 09:00 - 00001359 ____A C:\Users\Public\Desktop\EASEUS Partition Recovery 5.0.1.lnk
2012-05-12 08:59 - 2012-05-12 08:59 - 08785352 ____A (EASEUS ) C:\Users\Administrator\Downloads\partition_recovery.exe
2012-05-12 08:59 - 2012-05-12 08:59 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_partition_recovery_exe.exe
2012-05-12 06:34 - 2012-05-12 06:33 - 28461576 ____A (R-Tools Technology Inc.) C:\Users\Administrator\Downloads\rs64_en_5 (1).exe
2012-05-11 19:10 - 2012-05-11 19:03 - 05595920 ____A (EASEUS ) C:\Users\Administrator\Downloads\drw_free.exe
2012-05-11 19:09 - 2012-05-11 19:08 - 01743056 ____A (QueTek Consulting Corporation) C:\Users\Administrator\Downloads\32fsu40.exe
2012-05-11 18:56 - 2012-05-11 18:56 - 00002283 ____A C:\Users\Public\Desktop\Advanced Disk Recovery.lnk
2012-05-11 18:54 - 2012-05-11 18:55 - 04494872 ____A (Systweak Inc ) C:\Users\Administrator\Downloads\adrsetup.exe
2012-05-11 18:54 - 2012-05-11 18:54 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_adrsetup_exe.exe
2012-05-11 18:52 - 2012-05-11 18:50 - 28461576 ____A (R-Tools Technology Inc.) C:\Users\Administrator\Downloads\rs64_en_5.exe
2012-05-04 23:46 - 2012-05-04 23:46 - 00000652 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-04 23:34 - 2012-05-04 23:34 - 00215032 ____A C:\Users\Administrator\Downloads\Jack_Campbell_-_[The_Lost_Fleet_08_-_Beyond_the_Frontier_02].exe
2012-05-04 23:34 - 2012-05-04 23:34 - 00000915 ____A C:\Users\Administrator\Downloads\Jack_Campbell_[The_Lost_Fleet_08_Beyond_the_Frontier_02]_Invincible_(v5_0)_(ePub_MOBI)-(Demonoid.me).torrent
2012-05-04 03:06 - 2012-06-13 08:04 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 08:04 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 08:04 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 08:04 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 08:04 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 18:38 - 2012-05-01 18:38 - 00000263 ____A C:\Users\Administrator\Documents\wtx-500b3-3-01b.log
2012-05-01 18:03 - 2012-05-01 18:01 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2012-05-01 18:03 - 2012-05-01 18:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2012-05-01 18:01 - 2012-05-01 18:01 - 00001619 ____A C:\Windows\ST6UNST.000
2012-05-01 18:00 - 2012-05-01 18:00 - 05434782 ____A C:\Users\Administrator\Downloads\sfrm0100.exe
ZeroAccess:
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\L
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\00000001.@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\80000000.@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\800000cb.@
ZeroAccess:
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\@
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\L
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 6143.12 MB
Available physical RAM: 5350.51 MB
Total Pagefile: 6141.32 MB
Available Pagefile: 5350.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: (Windows7) (Fixed) (Total:350 GB) (Free:213.68 GB) NTFS
3 Drive d: (Vista) (Fixed) (Total:465.76 GB) (Free:354.18 GB) NTFS
4 Drive f: (Data2) (Fixed) (Total:1047.26 GB) (Free:288.34 GB) NTFS
6 Drive h: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
9 Drive k: (Data) (Fixed) (Total:698.63 GB) (Free:510.23 GB) NTFS
12 Drive n: () (Removable) (Total:0.48 GB) (Free:0.44 GB) FAT
13 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
14 Drive y: (XPPro) (Fixed) (Total:465.75 GB) (Free:240.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 698 GB 0 B *
Disk 2 Online 465 GB 0 B
Disk 3 Online 1397 GB 1024 KB
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Disk 8 Online 494 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Y XPPro NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 698 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 42
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Vista NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 350 GB 1024 KB
Partition 2 Primary 1047 GB 350 GB
==================================================================================
Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C Windows7 NTFS Partition 350 GB Healthy
==================================================================================
Disk: 3
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F Data2 NTFS Partition 1047 GB Healthy
==================================================================================
Partitions of Disk 8:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 493 MB 16 KB
==================================================================================
Disk: 8
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 N FAT Removable 493 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-18 07:56
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 15:06:30
Running from N:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-29 10:47] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======