1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer acting up frequently

Discussion in 'Virus & Other Malware Removal' started by Kourosh321, Jan 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Kourosh321

    Kourosh321 Thread Starter

    Joined:
    Sep 2, 2009
    Messages:
    9
    My computer seems to be having a number of issues. I'm led to believe that it has some type of malware or virus that i havent been able to find. Recently it has not been starting windows and would keep asking me to do a system restore or it would just blue screen and i would have to restart it. Another issue i kept noticing was that when i would leave for a little bit, i would come back to see that shock wave plugins have crashed but it made my computer freeze. I'm not exactly sure whats going on but i would like to refrain from reformatting the whole system.

    Some help would be greatly appreciated. Thank you!
    Heres the logs-

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:48:33 PM, on 1/14/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
    O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Kourosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11806 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Kourosh at 14:53:31 on 2013-01-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.5877 [GMT -8:00]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
    FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\ATT-SST\pcTrayApp.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kourosh\Downloads\HijackThis.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    uRun: [Google Update] "C:\Users\Kourosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
    mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: $talisma_url$
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{ED9BD151-2AC7-4D8B-8E41-908C4A0D5AEE} : DHCPNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
    x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2012-3-20 705552]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-7-29 21104]
    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 93160]
    R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
    R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2010-1-19 103944]
    R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-7-29 68136]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-12 682344]
    R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-11-12 361472]
    R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-11-12 441344]
    R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-11-12 342016]
    R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 67904]
    R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]
    R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2010-11-4 493384]
    R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-1-12 261056]
    R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2012-2-17 587024]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-12 24176]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-29 413800]
    R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2012-11-6 22016]
    R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-6 113664]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 bdsandbox;bdsandbox;C:\Windows\System32\drivers\bdsandbox.sys [2011-11-17 79952]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
    S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-7-29 30528]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-9-10 75384]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-30 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-14 21:28:41 -------- d-----w- C:\Users\Kourosh\AppData\Local\Razer
    2013-01-13 08:00:03 -------- d-----w- C:\Users\Kourosh\AppData\Roaming\Malwarebytes
    2013-01-13 07:59:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-13 07:59:33 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-13 07:59:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-13 07:59:07 -------- d-----w- C:\Users\Kourosh\AppData\Local\Programs
    2013-01-13 07:58:12 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
    2013-01-12 08:08:50 -------- d-----w- C:\Program Files (x86)\World of Warcraft
    2013-01-10 11:26:54 -------- d-sh--w- C:\found.001
    2013-01-09 19:45:38 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 19:45:38 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 18:44:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-09 18:44:52 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-12-21 11:00:27 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 11:00:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 11:00:26 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 11:00:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-18 05:32:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-18 05:32:14 -------- d-----w- C:\Program Files\iTunes
    2012-12-18 05:32:14 -------- d-----w- C:\Program Files\iPod
    2012-12-18 05:32:14 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2013-01-14 22:41:14 25640 ----a-w- C:\Windows\gdrv.sys
    2013-01-13 07:56:21 587024 ----a-w- C:\Windows\System32\drivers\avckf.sys
    2013-01-13 07:56:15 705552 ----a-w- C:\Windows\System32\drivers\avc3.sys
    2013-01-09 09:03:33 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 09:03:33 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-15 01:44:52 56320 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
    2012-11-15 01:44:52 148480 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
    2012-11-15 01:44:48 617472 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-08 19:33:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-08 19:33:26 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-08 19:33:26 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-07 07:49:46 22016 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
    2012-11-07 07:49:46 113664 ----a-w- C:\Windows\System32\drivers\rzudd.sys
    2012-11-07 07:47:02 182272 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    .
    ============= FINISH: 14:53:59.41 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/29/2012 9:50:33 AM
    System Uptime: 1/14/2013 2:40:09 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-990FXA-UD3
    Processor: AMD FX(tm)-4170 Quad-Core Processor | Socket M2 | 4200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 348.102 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP50: 12/21/2012 3:00:11 AM - Windows Update
    RP49: 12/29/2012 12:03:02 AM - Scheduled Checkpoint
    RP50: 1/1/2013 9:03:28 PM - Installed QuickTime
    RP51: 1/3/2013 3:00:15 AM - Windows Update
    RP52: 1/10/2013 3:00:12 AM - Windows Update
    RP53: 1/14/2013 1:20:29 PM - Windows Update
    RP54: 1/14/2013 1:28:23 PM - Installed Razer Synapse 2.0.
    .
    ==== Installed Programs ======================
    .
    @BIOS
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Troubleshoot & Resolve Tool
    AutoGreen B10.1021.1
    Best Buy pc app
    Bitdefender Total Security 2012
    Bonjour
    CCleaner
    CPUID HWMonitor 1.20
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Dolby Home Theater v4
    Easy Tune 6 B11.0427.1
    EasySaver B9.1214.1
    Etron USB3.0 Host Controller
    gamelauncher-ps2-live
    Google Chrome
    Google Earth
    Google Update Helper
    Guild Wars 2
    iTunes
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    League of Legends
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    NVIDIA 3D Vision Controller Driver 306.02
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    ON_OFF Charge B11.0110.1
    Pando Media Booster
    PlanetSide 2
    PlanetSide 2 Beta
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
    Skype¬ô 5.10
    Splashtop Connect for Firefox
    Splashtop Connect IE
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    WModem Driver Installer
    World of Warcraft
    Yontoo 1.10.02
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/14/2013 2:43:20 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/14/2013 2:43:20 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    1/14/2013 2:16:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff880030149e0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011413-22339-01.
    1/14/2013 1:24:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    1/14/2013 1:24:40 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2013 1:21:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    1/13/2013 7:50:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff8800303b9e0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011313-46753-01.
    1/13/2013 10:37:58 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    1/10/2013 4:18:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff880030299e0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011013-73897-01.
    1/10/2013 3:23:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
    1/10/2013 3:23:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    1/10/2013 3:19:18 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    1/10/2013 12:25:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    .
    ==== End Of File ===========================

    The last log was apparently blocked by bitdefender because the website contained a trojan? Anyways if you need it let me know and i guess ill go through with it so long as im told its okay.
     
  2. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hello (Kourosh321).

    My name is [Jimbo] and I will be helping you.

    Please give me some time to look over your computer's log(s).

    You may want to keep the link to this topic in your favourites. Alternatively, you can visit this website and check through your account.

    Please take note of the following guidelines in the meantime:

    • Please refrain from making any changes to your computer.
    • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    Regards Jimbo.
     
  3. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.
     
  4. Kourosh321

    Kourosh321 Thread Starter

    Joined:
    Sep 2, 2009
    Messages:
    9
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
    Ran by SYSTEM at 16-01-2013 18:23:48
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2275944 2011-08-09] (Realtek Semiconductor)
    HKLM\...\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" [1091200 2013-01-12] (Bitdefender)
    HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" [2727936 2012-06-07] (Alcatel-Lucent)
    HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [776064 2011-03-04] (Splashtop Inc.)
    HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Kourosh\...\Run: [Google Update] "C:\Users\Kourosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-29] (Google Inc.)
    HKU\Kourosh\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\Mcx1-KOUROSH-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Mcx1-KOUROSH-PC\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

    ==================== Services (Whitelisted) ===================

    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [234776 2012-09-05] (McAfee, Inc.)
    2 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [441344 2012-07-06] (Alcatel-Lucent)
    3 SafeBox; "C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe" [75384 2012-09-10] (Bitdefender)
    2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2011-10-14] (BitDefender)
    2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe" /service [67904 2012-09-10] (Bitdefender)
    2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe /service [1957912 2013-01-12] (Bitdefender)
    2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)

    ==================== Drivers (Whitelisted) =====================

    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    0 avc3; C:\Windows\System32\Drivers\avc3.sys [705552 2013-01-12] (BitDefender)
    3 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2013-01-12] (BitDefender)
    3 avckf; C:\Windows\System32\Drivers\avckf.sys [587024 2013-01-12] (BitDefender)
    1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-09-10] (BitDefender LLC)
    0 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [442088 2011-08-16] (BitDefender)
    1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
    3 bdsandbox; C:\Windows\System32\Drivers\bdsandbox.sys [79952 2011-11-17] (BitDefender SRL)
    1 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [103944 2010-01-19] (BitDefender)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-07-29] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
    3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
    3 rzendpt; C:\Windows\System32\Drivers\rzendpt.sys [22016 2012-11-06] (Razer USA Ltd)
    0 trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2011-10-27] (BitDefender S.R.L.)
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-16 18:23 - 2013-01-16 18:23 - 00000000 ____D C:\FRST
    2013-01-16 18:15 - 2013-01-16 18:15 - 01464233 ____A (Farbar) C:\Users\Kourosh\Downloads\FRST64.exe
    2013-01-16 09:57 - 2013-01-16 09:59 - 00000000 ____D C:\Users\Kourosh\Desktop\stuff
    2013-01-15 15:16 - 2013-01-15 15:16 - 00000253 ____A C:\Users\Kourosh\Desktop\WoW.mfil
    2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\WTF
    2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\Data
    2013-01-15 13:15 - 2013-01-15 13:15 - 00509440 ____A (Tech Support Guy System) C:\Users\Kourosh\Downloads\SysInfo.exe
    2013-01-15 01:53 - 2013-01-15 23:07 - 00000000 ____D C:\Users\Kourosh\AppData\Local\HonorbuddyMeshes
    2013-01-15 01:46 - 2013-01-16 12:36 - 00000000 ____D C:\Users\Kourosh\Documents\bot
    2013-01-15 01:44 - 2013-01-15 01:45 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525 (1).zip
    2013-01-15 01:36 - 2013-01-15 01:36 - 00000000 ____D C:\Users\Kourosh\Desktop\Honorbuddy 2.5.6701.525
    2013-01-15 01:30 - 2013-01-15 01:31 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525.zip
    2013-01-14 15:06 - 2013-01-14 15:06 - 00012098 ____A C:\Users\Kourosh\Desktop\hijackthis2
    2013-01-14 14:54 - 2013-01-14 14:54 - 00009037 ____A C:\Users\Kourosh\Desktop\attach.txt
    2013-01-14 14:54 - 2013-01-14 14:53 - 00020243 ____A C:\Users\Kourosh\Desktop\dds.txt
    2013-01-14 14:49 - 2013-01-14 14:49 - 00688992 ____R (Swearware) C:\Users\Kourosh\Desktop\dds.scr
    2013-01-14 14:48 - 2013-01-14 14:48 - 00011808 ____A C:\Users\Kourosh\Desktop\hijackthis.log
    2013-01-14 14:46 - 2013-01-14 14:46 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kourosh\Downloads\HijackThis.exe
    2013-01-14 14:16 - 2013-01-14 14:16 - 00262192 ____A C:\Windows\Minidump\011413-22339-01.dmp
    2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
    2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
    2013-01-14 13:28 - 2013-01-14 13:34 - 00000000 ____D C:\Program Files (x86)\Razer
    2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\Kourosh\AppData\Local\Razer
    2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\All Users\Razer
    2013-01-14 13:22 - 2013-01-14 13:22 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-01-14 13:17 - 2013-01-14 13:18 - 12350176 ____A (Razer USA Ltd.) C:\Users\Kourosh\Downloads\Razer_Synapse2_v1.07.15.exe
    2013-01-13 19:49 - 2013-01-13 19:49 - 00262192 ____A C:\Windows\Minidump\011313-46753-01.dmp
    2013-01-13 19:45 - 2013-01-13 19:45 - 00007631 ____A C:\Users\Kourosh\AppData\Local\Resmon.ResmonCfg
    2013-01-13 00:00 - 2013-01-13 00:00 - 00000000 ____D C:\Users\Kourosh\AppData\Roaming\Malwarebytes
    2013-01-12 23:59 - 2013-01-12 23:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-12 23:59 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-01-12 23:58 - 2013-01-12 23:58 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Kourosh\Downloads\mbam-setup-1.70.0.1100.exe
    2013-01-12 23:58 - 2013-01-12 23:58 - 00261056 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
    2013-01-12 00:08 - 2013-01-16 06:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2013-01-12 00:08 - 2013-01-12 00:08 - 00001238 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2013-01-11 23:59 - 2013-01-12 00:07 - 123231216 ____A (Blizzard Entertainment) C:\Users\Kourosh\Downloads\World-of-Warcraft-Setup-enUS.exe
    2013-01-10 16:18 - 2013-01-10 16:18 - 00262192 ____A C:\Windows\Minidump\011013-73897-01.dmp
    2013-01-10 03:26 - 2013-01-10 03:26 - 00000000 __SHD C:\found.001
    2013-01-09 11:45 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-01-09 11:45 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-01-09 10:45 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
    2013-01-09 10:45 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
    2013-01-09 10:45 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2013-01-09 10:45 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2013-01-09 10:45 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
    2013-01-09 10:45 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
    2013-01-09 10:45 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
    2013-01-09 10:45 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
    2013-01-09 10:45 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
    2013-01-09 10:45 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
    2013-01-09 10:45 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
    2013-01-09 10:45 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
    2013-01-09 10:45 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
    2013-01-09 10:45 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
    2013-01-09 10:45 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
    2013-01-09 10:45 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
    2013-01-09 10:45 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
    2013-01-09 10:45 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2013-01-09 10:45 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2013-01-09 10:45 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-01-09 10:45 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-01-09 10:45 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-01-09 10:45 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-01-09 10:45 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-01-09 10:45 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-01-09 10:45 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-01-09 10:45 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-01-09 10:45 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-01-09 10:45 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-01-09 10:45 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-01-09 10:45 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-01-09 10:45 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-01-09 10:45 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 10:45 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
    2013-01-09 10:45 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
    2013-01-09 10:45 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
    2013-01-09 10:45 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2013-01-09 10:45 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-01-09 10:45 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-01-09 10:45 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-01-09 10:45 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-01-09 10:45 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-01-09 10:45 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-01-09 10:44 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-01-09 10:44 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-01-07 19:52 - 2013-01-07 19:52 - 00103866 ____A C:\Users\Kourosh\Downloads\Math Worksheet 2.htm
    2013-01-07 19:52 - 2013-01-07 19:52 - 00101938 ____A C:\Users\Kourosh\Downloads\Math Worksheet 1.htm
    2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 2_files
    2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 1_files
    2013-01-02 19:25 - 2013-01-02 19:26 - 00000000 ____D C:\Users\Kourosh\Desktop\Gramatik_Discography_(2008-2010)
    2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Thievery Corporation - It Takes A Thief [The Very Best Of Thievery Corporation] (2010) mp3 320 vtwin88cube
    2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\St Germain - Tourist (2000)
    2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Beats Antique - Collide
    2013-01-02 19:24 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\RJD2
    2013-01-02 19:23 - 2013-01-02 19:24 - 00000000 ____D C:\Users\Kourosh\Desktop\Madvillain - Madvillainy
    2013-01-01 21:04 - 2013-01-01 21:06 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller (1).exe
    2013-01-01 21:04 - 2013-01-01 21:04 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2013-01-01 21:03 - 2013-01-01 21:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2013-01-01 21:02 - 2013-01-01 21:03 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller.exe
    2012-12-21 12:34 - 2012-12-21 12:34 - 00262192 ____A C:\Windows\Minidump\122112-28454-01.dmp
    2012-12-21 03:00 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-21 03:00 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-21 03:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-21 03:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iTunes
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iPod
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-12-17 19:45 - 2012-12-17 19:45 - 00652072 ____A (ADK Apps) C:\Users\Kourosh\Downloads\mplayer_Setup.exe
    2012-12-17 13:32 - 2012-12-17 13:32 - 00002487 ____A C:\Users\Kourosh\Desktop\PlanetSide 2.lnk
    2012-12-17 13:32 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2012-12-17 13:32 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2012-12-17 13:32 - 2010-06-02 04:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2012-12-17 13:32 - 2010-06-02 04:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2012-12-17 13:32 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2012-12-17 13:32 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2012-12-17 13:32 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2012-12-17 13:30 - 2012-12-17 13:31 - 19997264 ____A C:\Users\Kourosh\Downloads\PS2_setup.exe

    ==================== One Month Modified Files and Folders =======

    2013-01-16 18:16 - 2012-08-17 11:12 - 00000000 ____D C:\Users\Kourosh\AppData\Roaming\Skype
    2013-01-16 18:16 - 2012-07-30 00:28 - 01289904 ____A C:\Windows\WindowsUpdate.log
    2013-01-16 18:16 - 2011-12-29 14:35 - 00000236 ____A C:\service.log
    2013-01-16 18:16 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-16 18:16 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-16 18:15 - 2013-01-16 18:15 - 01464233 ____A (Farbar) C:\Users\Kourosh\Downloads\FRST64.exe
    2013-01-16 18:13 - 2012-08-04 22:00 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-16 18:13 - 2012-07-30 09:51 - 00000376 ____A C:\Users\Kourosh\AppData\Roamingprivacy.xml
    2013-01-16 18:13 - 2012-07-30 02:17 - 00021859 ____A C:\Windows\setupact.log
    2013-01-16 18:13 - 2012-07-29 09:17 - 00000000 ____D C:\Users\All Users\NVIDIA
    2013-01-16 18:13 - 2012-07-29 09:11 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2013-01-16 18:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-16 13:08 - 2012-07-29 09:24 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-143260403-2135311091-3804718348-1000UA.job
    2013-01-16 13:03 - 2012-07-29 09:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-16 12:36 - 2013-01-15 01:46 - 00000000 ____D C:\Users\Kourosh\Documents\bot
    2013-01-16 12:31 - 2012-08-04 22:00 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-16 09:59 - 2013-01-16 09:57 - 00000000 ____D C:\Users\Kourosh\Desktop\stuff
    2013-01-16 06:12 - 2013-01-12 00:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2013-01-16 03:08 - 2012-07-29 09:24 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-143260403-2135311091-3804718348-1000Core.job
    2013-01-16 01:30 - 2012-07-30 00:33 - 00000000 ____D C:\Users\Kourosh\AppData\Local\PMB Files
    2013-01-16 01:30 - 2012-07-30 00:33 - 00000000 ____D C:\Users\All Users\PMB Files
    2013-01-15 23:07 - 2013-01-15 01:53 - 00000000 ____D C:\Users\Kourosh\AppData\Local\HonorbuddyMeshes
    2013-01-15 15:16 - 2013-01-15 15:16 - 00000253 ____A C:\Users\Kourosh\Desktop\WoW.mfil
    2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\WTF
    2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\Data
    2013-01-15 13:15 - 2013-01-15 13:15 - 00509440 ____A (Tech Support Guy System) C:\Users\Kourosh\Downloads\SysInfo.exe
    2013-01-15 01:45 - 2013-01-15 01:44 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525 (1).zip
    2013-01-15 01:36 - 2013-01-15 01:36 - 00000000 ____D C:\Users\Kourosh\Desktop\Honorbuddy 2.5.6701.525
    2013-01-15 01:35 - 2012-07-29 09:23 - 00109280 ____A C:\Users\Kourosh\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-01-15 01:31 - 2013-01-15 01:30 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525.zip
    2013-01-14 15:06 - 2013-01-14 15:06 - 00012098 ____A C:\Users\Kourosh\Desktop\hijackthis2
    2013-01-14 14:54 - 2013-01-14 14:54 - 00009037 ____A C:\Users\Kourosh\Desktop\attach.txt
    2013-01-14 14:53 - 2013-01-14 14:54 - 00020243 ____A C:\Users\Kourosh\Desktop\dds.txt
    2013-01-14 14:49 - 2013-01-14 14:49 - 00688992 ____R (Swearware) C:\Users\Kourosh\Desktop\dds.scr
    2013-01-14 14:48 - 2013-01-14 14:48 - 00011808 ____A C:\Users\Kourosh\Desktop\hijackthis.log
    2013-01-14 14:47 - 2012-07-29 08:50 - 00000000 ____D C:\Users\Kourosh\AppData\Local\VirtualStore
    2013-01-14 14:46 - 2013-01-14 14:46 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kourosh\Downloads\HijackThis.exe
    2013-01-14 14:16 - 2013-01-14 14:16 - 00262192 ____A C:\Windows\Minidump\011413-22339-01.dmp
    2013-01-14 14:16 - 2012-10-10 04:39 - 00000000 ____D C:\Windows\Minidump
    2013-01-14 14:16 - 2012-10-10 04:38 - 208064228 ____A C:\Windows\MEMORY.DMP
    2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
    2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
    2013-01-14 13:35 - 2012-08-12 17:47 - 00057220 ____A C:\Windows\DPINST.LOG
    2013-01-14 13:34 - 2013-01-14 13:28 - 00000000 ____D C:\Program Files (x86)\Razer
    2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\Kourosh\AppData\Local\Razer
    2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\All Users\Razer
    2013-01-14 13:22 - 2013-01-14 13:22 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-01-14 13:22 - 2009-07-13 21:13 - 00771962 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-14 13:18 - 2013-01-14 13:17 - 12350176 ____A (Razer USA Ltd.) C:\Users\Kourosh\Downloads\Razer_Synapse2_v1.07.15.exe
    2013-01-13 19:49 - 2013-01-13 19:49 - 00262192 ____A C:\Windows\Minidump\011313-46753-01.dmp
    2013-01-13 19:49 - 2012-08-11 02:18 - 00006770 ____A C:\Windows\PFRO.log
    2013-01-13 19:45 - 2013-01-13 19:45 - 00007631 ____A C:\Users\Kourosh\AppData\Local\Resmon.ResmonCfg
    2013-01-13 00:00 - 2013-01-13 00:00 - 00000000 ____D C:\Users\Kourosh\AppData\Roaming\Malwarebytes
    2013-01-12 23:59 - 2013-01-12 23:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-12 23:58 - 2013-01-12 23:58 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Kourosh\Downloads\mbam-setup-1.70.0.1100.exe
    2013-01-12 23:58 - 2013-01-12 23:58 - 00261056 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
    2013-01-12 23:56 - 2012-03-20 19:22 - 00705552 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
    2013-01-12 23:56 - 2012-02-17 15:45 - 00587024 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
    2013-01-12 00:08 - 2013-01-12 00:08 - 00001238 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2013-01-12 00:07 - 2013-01-11 23:59 - 123231216 ____A (Blizzard Entertainment) C:\Users\Kourosh\Downloads\World-of-Warcraft-Setup-enUS.exe
    2013-01-10 17:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-01-10 16:18 - 2013-01-10 16:18 - 00262192 ____A C:\Windows\Minidump\011013-73897-01.dmp
    2013-01-10 16:18 - 2009-07-13 20:45 - 00416688 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-10 03:26 - 2013-01-10 03:26 - 00000000 __SHD C:\found.001
    2013-01-10 03:07 - 2012-09-14 22:55 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2013-01-10 03:02 - 2012-07-30 09:39 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-01-09 01:03 - 2012-07-29 09:22 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-09 01:03 - 2012-07-29 09:22 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-07 19:52 - 2013-01-07 19:52 - 00103866 ____A C:\Users\Kourosh\Downloads\Math Worksheet 2.htm
    2013-01-07 19:52 - 2013-01-07 19:52 - 00101938 ____A C:\Users\Kourosh\Downloads\Math Worksheet 1.htm
    2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 2_files
    2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 1_files
    2013-01-02 19:26 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Gramatik_Discography_(2008-2010)
    2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Thievery Corporation - It Takes A Thief [The Very Best Of Thievery Corporation] (2010) mp3 320 vtwin88cube
    2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\St Germain - Tourist (2000)
    2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Beats Antique - Collide
    2013-01-02 19:25 - 2013-01-02 19:24 - 00000000 ____D C:\Users\Kourosh\Desktop\RJD2
    2013-01-02 19:24 - 2013-01-02 19:23 - 00000000 ____D C:\Users\Kourosh\Desktop\Madvillain - Madvillainy
    2013-01-01 21:06 - 2013-01-01 21:04 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller (1).exe
    2013-01-01 21:04 - 2013-01-01 21:04 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2013-01-01 21:04 - 2013-01-01 21:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2013-01-01 21:03 - 2013-01-01 21:02 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller.exe
    2012-12-24 12:48 - 2012-09-03 22:40 - 00000426 ____A C:\Windows\BRWMARK.INI
    2012-12-21 12:34 - 2012-12-21 12:34 - 00262192 ____A C:\Windows\Minidump\122112-28454-01.dmp
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iTunes
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iPod
    2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-12-17 21:32 - 2012-11-23 09:12 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-12-17 19:45 - 2012-12-17 19:45 - 00652072 ____A (ADK Apps) C:\Users\Kourosh\Downloads\mplayer_Setup.exe
    2012-12-17 13:32 - 2012-12-17 13:32 - 00002487 ____A C:\Users\Kourosh\Desktop\PlanetSide 2.lnk
    2012-12-17 13:31 - 2012-12-17 13:30 - 19997264 ____A C:\Users\Kourosh\Downloads\PS2_setup.exe


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-12-21 03:00:16
    Restore point made on: 2012-12-29 00:03:10
    Restore point made on: 2013-01-01 21:03:35
    Restore point made on: 2013-01-03 03:00:27
    Restore point made on: 2013-01-10 03:00:26
    Restore point made on: 2013-01-14 13:20:44
    Restore point made on: 2013-01-14 13:28:28

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 8189.24 MB
    Available physical RAM: 7359.95 MB
    Total Pagefile: 8187.44 MB
    Available Pagefile: 7351.79 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:343.64 GB) NTFS
    2 Drive e: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    3 Drive f: (Elements) (Fixed) (Total:298.09 GB) (Free:188.71 GB) NTFS
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 298 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F Elements NTFS Partition 298 GB Healthy

    =========================================================

    Last Boot: 2013-01-14 01:06

    ==================== End Of Log =============================
     
  5. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
  6. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Do you still require assistance?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085223

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice