Computer acting up frequently

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kourosh321

Thread Starter
Joined
Sep 2, 2009
Messages
9
My computer seems to be having a number of issues. I'm led to believe that it has some type of malware or virus that i havent been able to find. Recently it has not been starting windows and would keep asking me to do a system restore or it would just blue screen and i would have to restart it. Another issue i kept noticing was that when i would leave for a little bit, i would come back to see that shock wave plugins have crashed but it made my computer freeze. I'm not exactly sure whats going on but i would like to refrain from reformatting the whole system.

Some help would be greatly appreciated. Thank you!
Heres the logs-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:33 PM, on 1/14/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kourosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11806 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Kourosh at 14:53:31 on 2013-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.5877 [GMT -8:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kourosh\Downloads\HijackThis.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe,
BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
uRun: [Google Update] "C:\Users\Kourosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: $talisma_url$
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{ED9BD151-2AC7-4D8B-8E41-908C4A0D5AEE} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2012-3-20 705552]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-7-29 21104]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2010-1-19 103944]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-7-29 68136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-12 682344]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-11-12 361472]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-11-12 441344]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-11-12 342016]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 67904]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2010-11-4 493384]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-1-12 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2012-2-17 587024]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-12 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-29 413800]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2012-11-6 22016]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-6 113664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 bdsandbox;bdsandbox;C:\Windows\System32\drivers\bdsandbox.sys [2011-11-17 79952]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-7-29 30528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-9-10 75384]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-30 1255736]
.
=============== Created Last 30 ================
.
2013-01-14 21:28:41 -------- d-----w- C:\Users\Kourosh\AppData\Local\Razer
2013-01-13 08:00:03 -------- d-----w- C:\Users\Kourosh\AppData\Roaming\Malwarebytes
2013-01-13 07:59:36 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-13 07:59:33 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-13 07:59:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-13 07:59:07 -------- d-----w- C:\Users\Kourosh\AppData\Local\Programs
2013-01-13 07:58:12 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-01-12 08:08:50 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2013-01-10 11:26:54 -------- d-sh--w- C:\found.001
2013-01-09 19:45:38 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 19:45:38 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 18:44:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 18:44:52 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-02 05:04:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-21 11:00:27 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 11:00:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 11:00:26 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 11:00:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 05:32:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 05:32:14 -------- d-----w- C:\Program Files\iTunes
2012-12-18 05:32:14 -------- d-----w- C:\Program Files\iPod
2012-12-18 05:32:14 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2013-01-14 22:41:14 25640 ----a-w- C:\Windows\gdrv.sys
2013-01-13 07:56:21 587024 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-01-13 07:56:15 705552 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-01-09 09:03:33 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 09:03:33 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-15 01:44:52 56320 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2012-11-15 01:44:52 148480 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-11-15 01:44:48 617472 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 19:33:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-08 19:33:26 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-08 19:33:26 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-07 07:49:46 22016 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2012-11-07 07:49:46 113664 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2012-11-07 07:47:02 182272 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 14:53:59.41 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/29/2012 9:50:33 AM
System Uptime: 1/14/2013 2:40:09 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-990FXA-UD3
Processor: AMD FX(tm)-4170 Quad-Core Processor | Socket M2 | 4200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 348.102 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 12/21/2012 3:00:11 AM - Windows Update
RP49: 12/29/2012 12:03:02 AM - Scheduled Checkpoint
RP50: 1/1/2013 9:03:28 PM - Installed QuickTime
RP51: 1/3/2013 3:00:15 AM - Windows Update
RP52: 1/10/2013 3:00:12 AM - Windows Update
RP53: 1/14/2013 1:20:29 PM - Windows Update
RP54: 1/14/2013 1:28:23 PM - Installed Razer Synapse 2.0.
.
==== Installed Programs ======================
.
@BIOS
Adobe AIR
Adobe Flash Player 11 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
AutoGreen B10.1021.1
Best Buy pc app
Bitdefender Total Security 2012
Bonjour
CCleaner
CPUID HWMonitor 1.20
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dolby Home Theater v4
Easy Tune 6 B11.0427.1
EasySaver B9.1214.1
Etron USB3.0 Host Controller
gamelauncher-ps2-live
Google Chrome
Google Earth
Google Update Helper
Guild Wars 2
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
League of Legends
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NVIDIA 3D Vision Controller Driver 306.02
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
ON_OFF Charge B11.0110.1
Pando Media Booster
PlanetSide 2
PlanetSide 2 Beta
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 5.10
Splashtop Connect for Firefox
Splashtop Connect IE
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
WModem Driver Installer
World of Warcraft
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
1/14/2013 2:43:20 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/14/2013 2:43:20 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
1/14/2013 2:16:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff880030149e0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011413-22339-01.
1/14/2013 1:24:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
1/14/2013 1:24:40 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2013 1:21:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
1/13/2013 7:50:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff8800303b9e0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011313-46753-01.
1/13/2013 10:37:58 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/10/2013 4:18:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff880030299e0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011013-73897-01.
1/10/2013 3:23:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
1/10/2013 3:23:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
1/10/2013 3:19:18 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
1/10/2013 12:25:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================

The last log was apparently blocked by bitdefender because the website contained a trojan? Anyways if you need it let me know and i guess ill go through with it so long as im told its okay.
 

jimbo100

Malware Trainee
Joined
Jul 1, 2011
Messages
185
Hello (Kourosh321).

My name is [Jimbo] and I will be helping you.

Please give me some time to look over your computer's log(s).

You may want to keep the link to this topic in your favourites. Alternatively, you can visit this website and check through your account.

Please take note of the following guidelines in the meantime:

  • Please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Regards Jimbo.
 

jimbo100

Malware Trainee
Joined
Jul 1, 2011
Messages
185
Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.
 

Kourosh321

Thread Starter
Joined
Sep 2, 2009
Messages
9
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 16-01-2013 18:23:48
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2275944 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" [1091200 2013-01-12] (Bitdefender)
HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" [2727936 2012-06-07] (Alcatel-Lucent)
HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [776064 2011-03-04] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Kourosh\...\Run: [Google Update] "C:\Users\Kourosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-29] (Google Inc.)
HKU\Kourosh\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Mcx1-KOUROSH-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Mcx1-KOUROSH-PC\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ===================

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [234776 2012-09-05] (McAfee, Inc.)
2 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [441344 2012-07-06] (Alcatel-Lucent)
3 SafeBox; "C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe" [75384 2012-09-10] (Bitdefender)
2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2011-10-14] (BitDefender)
2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe" /service [67904 2012-09-10] (Bitdefender)
2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe /service [1957912 2013-01-12] (Bitdefender)
2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)

==================== Drivers (Whitelisted) =====================

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
0 avc3; C:\Windows\System32\Drivers\avc3.sys [705552 2013-01-12] (BitDefender)
3 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2013-01-12] (BitDefender)
3 avckf; C:\Windows\System32\Drivers\avckf.sys [587024 2013-01-12] (BitDefender)
1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-09-10] (BitDefender LLC)
0 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [442088 2011-08-16] (BitDefender)
1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
3 bdsandbox; C:\Windows\System32\Drivers\bdsandbox.sys [79952 2011-11-17] (BitDefender SRL)
1 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [103944 2010-01-19] (BitDefender)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-07-29] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
3 rzendpt; C:\Windows\System32\Drivers\rzendpt.sys [22016 2012-11-06] (Razer USA Ltd)
0 trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2011-10-27] (BitDefender S.R.L.)
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-16 18:23 - 2013-01-16 18:23 - 00000000 ____D C:\FRST
2013-01-16 18:15 - 2013-01-16 18:15 - 01464233 ____A (Farbar) C:\Users\Kourosh\Downloads\FRST64.exe
2013-01-16 09:57 - 2013-01-16 09:59 - 00000000 ____D C:\Users\Kourosh\Desktop\stuff
2013-01-15 15:16 - 2013-01-15 15:16 - 00000253 ____A C:\Users\Kourosh\Desktop\WoW.mfil
2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\WTF
2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\Data
2013-01-15 13:15 - 2013-01-15 13:15 - 00509440 ____A (Tech Support Guy System) C:\Users\Kourosh\Downloads\SysInfo.exe
2013-01-15 01:53 - 2013-01-15 23:07 - 00000000 ____D C:\Users\Kourosh\AppData\Local\HonorbuddyMeshes
2013-01-15 01:46 - 2013-01-16 12:36 - 00000000 ____D C:\Users\Kourosh\Documents\bot
2013-01-15 01:44 - 2013-01-15 01:45 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525 (1).zip
2013-01-15 01:36 - 2013-01-15 01:36 - 00000000 ____D C:\Users\Kourosh\Desktop\Honorbuddy 2.5.6701.525
2013-01-15 01:30 - 2013-01-15 01:31 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525.zip
2013-01-14 15:06 - 2013-01-14 15:06 - 00012098 ____A C:\Users\Kourosh\Desktop\hijackthis2
2013-01-14 14:54 - 2013-01-14 14:54 - 00009037 ____A C:\Users\Kourosh\Desktop\attach.txt
2013-01-14 14:54 - 2013-01-14 14:53 - 00020243 ____A C:\Users\Kourosh\Desktop\dds.txt
2013-01-14 14:49 - 2013-01-14 14:49 - 00688992 ____R (Swearware) C:\Users\Kourosh\Desktop\dds.scr
2013-01-14 14:48 - 2013-01-14 14:48 - 00011808 ____A C:\Users\Kourosh\Desktop\hijackthis.log
2013-01-14 14:46 - 2013-01-14 14:46 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kourosh\Downloads\HijackThis.exe
2013-01-14 14:16 - 2013-01-14 14:16 - 00262192 ____A C:\Windows\Minidump\011413-22339-01.dmp
2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2013-01-14 13:28 - 2013-01-14 13:34 - 00000000 ____D C:\Program Files (x86)\Razer
2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\Kourosh\AppData\Local\Razer
2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\All Users\Razer
2013-01-14 13:22 - 2013-01-14 13:22 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-14 13:17 - 2013-01-14 13:18 - 12350176 ____A (Razer USA Ltd.) C:\Users\Kourosh\Downloads\Razer_Synapse2_v1.07.15.exe
2013-01-13 19:49 - 2013-01-13 19:49 - 00262192 ____A C:\Windows\Minidump\011313-46753-01.dmp
2013-01-13 19:45 - 2013-01-13 19:45 - 00007631 ____A C:\Users\Kourosh\AppData\Local\Resmon.ResmonCfg
2013-01-13 00:00 - 2013-01-13 00:00 - 00000000 ____D C:\Users\Kourosh\AppData\Roaming\Malwarebytes
2013-01-12 23:59 - 2013-01-12 23:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-12 23:59 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-12 23:58 - 2013-01-12 23:58 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Kourosh\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-12 23:58 - 2013-01-12 23:58 - 00261056 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2013-01-12 00:08 - 2013-01-16 06:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-01-12 00:08 - 2013-01-12 00:08 - 00001238 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-01-11 23:59 - 2013-01-12 00:07 - 123231216 ____A (Blizzard Entertainment) C:\Users\Kourosh\Downloads\World-of-Warcraft-Setup-enUS.exe
2013-01-10 16:18 - 2013-01-10 16:18 - 00262192 ____A C:\Windows\Minidump\011013-73897-01.dmp
2013-01-10 03:26 - 2013-01-10 03:26 - 00000000 __SHD C:\found.001
2013-01-09 11:45 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 11:45 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 10:45 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 10:45 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 10:45 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 10:45 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 10:45 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 10:45 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 10:45 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 10:45 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 10:45 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 10:45 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 10:45 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 10:45 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 10:45 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 10:45 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 10:45 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 10:45 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 10:45 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 10:45 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 10:45 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 10:45 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 10:45 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 10:45 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 10:45 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 10:45 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 10:45 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 10:45 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 10:45 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 10:45 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 10:45 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 10:45 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 10:45 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 10:45 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 10:45 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 10:45 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 10:45 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 10:45 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 10:45 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 10:45 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 10:45 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 10:45 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 10:45 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 10:45 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 10:45 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 10:44 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 10:44 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-07 19:52 - 2013-01-07 19:52 - 00103866 ____A C:\Users\Kourosh\Downloads\Math Worksheet 2.htm
2013-01-07 19:52 - 2013-01-07 19:52 - 00101938 ____A C:\Users\Kourosh\Downloads\Math Worksheet 1.htm
2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 2_files
2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 1_files
2013-01-02 19:25 - 2013-01-02 19:26 - 00000000 ____D C:\Users\Kourosh\Desktop\Gramatik_Discography_(2008-2010)
2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Thievery Corporation - It Takes A Thief [The Very Best Of Thievery Corporation] (2010) mp3 320 vtwin88cube
2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\St Germain - Tourist (2000)
2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Beats Antique - Collide
2013-01-02 19:24 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\RJD2
2013-01-02 19:23 - 2013-01-02 19:24 - 00000000 ____D C:\Users\Kourosh\Desktop\Madvillain - Madvillainy
2013-01-01 21:04 - 2013-01-01 21:06 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller (1).exe
2013-01-01 21:04 - 2013-01-01 21:04 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-01-01 21:03 - 2013-01-01 21:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-01-01 21:02 - 2013-01-01 21:03 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller.exe
2012-12-21 12:34 - 2012-12-21 12:34 - 00262192 ____A C:\Windows\Minidump\122112-28454-01.dmp
2012-12-21 03:00 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 03:00 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 03:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 03:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iTunes
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iPod
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-17 19:45 - 2012-12-17 19:45 - 00652072 ____A (ADK Apps) C:\Users\Kourosh\Downloads\mplayer_Setup.exe
2012-12-17 13:32 - 2012-12-17 13:32 - 00002487 ____A C:\Users\Kourosh\Desktop\PlanetSide 2.lnk
2012-12-17 13:32 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-12-17 13:32 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-12-17 13:32 - 2010-06-02 04:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-12-17 13:32 - 2010-06-02 04:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-12-17 13:32 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-12-17 13:32 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-12-17 13:32 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-12-17 13:30 - 2012-12-17 13:31 - 19997264 ____A C:\Users\Kourosh\Downloads\PS2_setup.exe

==================== One Month Modified Files and Folders =======

2013-01-16 18:16 - 2012-08-17 11:12 - 00000000 ____D C:\Users\Kourosh\AppData\Roaming\Skype
2013-01-16 18:16 - 2012-07-30 00:28 - 01289904 ____A C:\Windows\WindowsUpdate.log
2013-01-16 18:16 - 2011-12-29 14:35 - 00000236 ____A C:\service.log
2013-01-16 18:16 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-16 18:16 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-16 18:15 - 2013-01-16 18:15 - 01464233 ____A (Farbar) C:\Users\Kourosh\Downloads\FRST64.exe
2013-01-16 18:13 - 2012-08-04 22:00 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-16 18:13 - 2012-07-30 09:51 - 00000376 ____A C:\Users\Kourosh\AppData\Roamingprivacy.xml
2013-01-16 18:13 - 2012-07-30 02:17 - 00021859 ____A C:\Windows\setupact.log
2013-01-16 18:13 - 2012-07-29 09:17 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-16 18:13 - 2012-07-29 09:11 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-01-16 18:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-16 13:08 - 2012-07-29 09:24 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-143260403-2135311091-3804718348-1000UA.job
2013-01-16 13:03 - 2012-07-29 09:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-16 12:36 - 2013-01-15 01:46 - 00000000 ____D C:\Users\Kourosh\Documents\bot
2013-01-16 12:31 - 2012-08-04 22:00 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-16 09:59 - 2013-01-16 09:57 - 00000000 ____D C:\Users\Kourosh\Desktop\stuff
2013-01-16 06:12 - 2013-01-12 00:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-01-16 03:08 - 2012-07-29 09:24 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-143260403-2135311091-3804718348-1000Core.job
2013-01-16 01:30 - 2012-07-30 00:33 - 00000000 ____D C:\Users\Kourosh\AppData\Local\PMB Files
2013-01-16 01:30 - 2012-07-30 00:33 - 00000000 ____D C:\Users\All Users\PMB Files
2013-01-15 23:07 - 2013-01-15 01:53 - 00000000 ____D C:\Users\Kourosh\AppData\Local\HonorbuddyMeshes
2013-01-15 15:16 - 2013-01-15 15:16 - 00000253 ____A C:\Users\Kourosh\Desktop\WoW.mfil
2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\WTF
2013-01-15 15:16 - 2013-01-15 15:16 - 00000000 ____D C:\Users\Kourosh\Desktop\Data
2013-01-15 13:15 - 2013-01-15 13:15 - 00509440 ____A (Tech Support Guy System) C:\Users\Kourosh\Downloads\SysInfo.exe
2013-01-15 01:45 - 2013-01-15 01:44 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525 (1).zip
2013-01-15 01:36 - 2013-01-15 01:36 - 00000000 ____D C:\Users\Kourosh\Desktop\Honorbuddy 2.5.6701.525
2013-01-15 01:35 - 2012-07-29 09:23 - 00109280 ____A C:\Users\Kourosh\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-15 01:31 - 2013-01-15 01:30 - 07802754 ____A C:\Users\Kourosh\Downloads\Honorbuddy 2.5.6701.525.zip
2013-01-14 15:06 - 2013-01-14 15:06 - 00012098 ____A C:\Users\Kourosh\Desktop\hijackthis2
2013-01-14 14:54 - 2013-01-14 14:54 - 00009037 ____A C:\Users\Kourosh\Desktop\attach.txt
2013-01-14 14:53 - 2013-01-14 14:54 - 00020243 ____A C:\Users\Kourosh\Desktop\dds.txt
2013-01-14 14:49 - 2013-01-14 14:49 - 00688992 ____R (Swearware) C:\Users\Kourosh\Desktop\dds.scr
2013-01-14 14:48 - 2013-01-14 14:48 - 00011808 ____A C:\Users\Kourosh\Desktop\hijackthis.log
2013-01-14 14:47 - 2012-07-29 08:50 - 00000000 ____D C:\Users\Kourosh\AppData\Local\VirtualStore
2013-01-14 14:46 - 2013-01-14 14:46 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kourosh\Downloads\HijackThis.exe
2013-01-14 14:16 - 2013-01-14 14:16 - 00262192 ____A C:\Windows\Minidump\011413-22339-01.dmp
2013-01-14 14:16 - 2012-10-10 04:39 - 00000000 ____D C:\Windows\Minidump
2013-01-14 14:16 - 2012-10-10 04:38 - 208064228 ____A C:\Windows\MEMORY.DMP
2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2013-01-14 13:35 - 2013-01-14 13:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2013-01-14 13:35 - 2012-08-12 17:47 - 00057220 ____A C:\Windows\DPINST.LOG
2013-01-14 13:34 - 2013-01-14 13:28 - 00000000 ____D C:\Program Files (x86)\Razer
2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\Kourosh\AppData\Local\Razer
2013-01-14 13:28 - 2013-01-14 13:28 - 00000000 ____D C:\Users\All Users\Razer
2013-01-14 13:22 - 2013-01-14 13:22 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-14 13:22 - 2009-07-13 21:13 - 00771962 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-14 13:18 - 2013-01-14 13:17 - 12350176 ____A (Razer USA Ltd.) C:\Users\Kourosh\Downloads\Razer_Synapse2_v1.07.15.exe
2013-01-13 19:49 - 2013-01-13 19:49 - 00262192 ____A C:\Windows\Minidump\011313-46753-01.dmp
2013-01-13 19:49 - 2012-08-11 02:18 - 00006770 ____A C:\Windows\PFRO.log
2013-01-13 19:45 - 2013-01-13 19:45 - 00007631 ____A C:\Users\Kourosh\AppData\Local\Resmon.ResmonCfg
2013-01-13 00:00 - 2013-01-13 00:00 - 00000000 ____D C:\Users\Kourosh\AppData\Roaming\Malwarebytes
2013-01-12 23:59 - 2013-01-12 23:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-12 23:59 - 2013-01-12 23:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-12 23:58 - 2013-01-12 23:58 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Kourosh\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-12 23:58 - 2013-01-12 23:58 - 00261056 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2013-01-12 23:56 - 2012-03-20 19:22 - 00705552 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2013-01-12 23:56 - 2012-02-17 15:45 - 00587024 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2013-01-12 00:08 - 2013-01-12 00:08 - 00001238 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-01-12 00:07 - 2013-01-11 23:59 - 123231216 ____A (Blizzard Entertainment) C:\Users\Kourosh\Downloads\World-of-Warcraft-Setup-enUS.exe
2013-01-10 17:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-10 16:18 - 2013-01-10 16:18 - 00262192 ____A C:\Windows\Minidump\011013-73897-01.dmp
2013-01-10 16:18 - 2009-07-13 20:45 - 00416688 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-10 03:26 - 2013-01-10 03:26 - 00000000 __SHD C:\found.001
2013-01-10 03:07 - 2012-09-14 22:55 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-10 03:02 - 2012-07-30 09:39 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 01:03 - 2012-07-29 09:22 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 01:03 - 2012-07-29 09:22 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-07 19:52 - 2013-01-07 19:52 - 00103866 ____A C:\Users\Kourosh\Downloads\Math Worksheet 2.htm
2013-01-07 19:52 - 2013-01-07 19:52 - 00101938 ____A C:\Users\Kourosh\Downloads\Math Worksheet 1.htm
2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 2_files
2013-01-07 19:52 - 2013-01-07 19:52 - 00000000 ____D C:\Users\Kourosh\Downloads\Math Worksheet 1_files
2013-01-02 19:26 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Gramatik_Discography_(2008-2010)
2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Thievery Corporation - It Takes A Thief [The Very Best Of Thievery Corporation] (2010) mp3 320 vtwin88cube
2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\St Germain - Tourist (2000)
2013-01-02 19:25 - 2013-01-02 19:25 - 00000000 ____D C:\Users\Kourosh\Desktop\Beats Antique - Collide
2013-01-02 19:25 - 2013-01-02 19:24 - 00000000 ____D C:\Users\Kourosh\Desktop\RJD2
2013-01-02 19:24 - 2013-01-02 19:23 - 00000000 ____D C:\Users\Kourosh\Desktop\Madvillain - Madvillainy
2013-01-01 21:06 - 2013-01-01 21:04 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller (1).exe
2013-01-01 21:04 - 2013-01-01 21:04 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-01-01 21:04 - 2013-01-01 21:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-01-01 21:03 - 2013-01-01 21:02 - 39401336 ____A (Apple Inc.) C:\Users\Kourosh\Downloads\QuickTimeInstaller.exe
2012-12-24 12:48 - 2012-09-03 22:40 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-12-21 12:34 - 2012-12-21 12:34 - 00262192 ____A C:\Windows\Minidump\122112-28454-01.dmp
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iTunes
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files\iPod
2012-12-17 21:32 - 2012-12-17 21:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-17 21:32 - 2012-11-23 09:12 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-17 19:45 - 2012-12-17 19:45 - 00652072 ____A (ADK Apps) C:\Users\Kourosh\Downloads\mplayer_Setup.exe
2012-12-17 13:32 - 2012-12-17 13:32 - 00002487 ____A C:\Users\Kourosh\Desktop\PlanetSide 2.lnk
2012-12-17 13:31 - 2012-12-17 13:30 - 19997264 ____A C:\Users\Kourosh\Downloads\PS2_setup.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-21 03:00:16
Restore point made on: 2012-12-29 00:03:10
Restore point made on: 2013-01-01 21:03:35
Restore point made on: 2013-01-03 03:00:27
Restore point made on: 2013-01-10 03:00:26
Restore point made on: 2013-01-14 13:20:44
Restore point made on: 2013-01-14 13:28:28

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8189.24 MB
Available physical RAM: 7359.95 MB
Total Pagefile: 8187.44 MB
Available Pagefile: 7351.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:343.64 GB) NTFS
2 Drive e: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
3 Drive f: (Elements) (Fixed) (Total:298.09 GB) (Free:188.71 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Elements NTFS Partition 298 GB Healthy

=========================================================

Last Boot: 2013-01-14 01:06

==================== End Of Log =============================
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top