Mugi

Hi, I apologize for the late reply, work has been a bit hectic recently. hxxps://b.catgirlsare.sexy/MkUJ.png Feel free to use that link as a means of checking the block. As you can see, it just says it's blocked due to riskware and there's nothing in the developer console from Chrome. Please let me know if you need anything else. Thanks!

This now occurs only when visiting a page that is not the home page of the website, this includes images, webms, mp4s, etc. Please look.

We cleaned this up in the past, you can see it here: and we're not being blocked by the Premium version of MBAM. Please take a look.

Hi Dashke, Obviously I'm very disappointed to hear that users have been using my site to host files maliciously, the user in question has been punished accordingly and all of their uploads have been removed, we will be setting up an anti-virus to run on the server that will be scanning all 30GB of files every single day to ensure that we can catch the malware now and in the future before it can harm anyone else, and we will be tightening up on our upload rules as a result. I hope that in the future you won't be finding malware on our site anymore and we can be removed from the blacklist. Jake

Hi, I'm Jake from hxxp://www.catgirlsare.sexy, recently MBAM has started flagging my file host (containing around 1,600 other users) as "riskware", what exactly have we done to be considered riskware? This is obviously very important to me, as the owner (and host) of this website, if there is anything we can do to avoid being flagged, please let me know. This also goes for malware reports, we take any reports of malware very seriously and would be glad to take down any offending or malicious files. Thanks for any help.

Your physical memory usage is far from high, it's quite low actually I have 8GB DDR3 @ 669mhz and my physical memory lingers anywhere between 38% to 40% usually.

Which image? My Signature? Sure, I could remove it.

Oh dear, I should've made myself more clear, I do apologize.

Okay, please open task manager and click on the Memory tab then have it list from the highest down, I'd just like to see what is eating up all your RAM.

Always happy to be of help! I was going to post it in the malware section, but most of that stuff is samples and mine was no more than a link. I remember the link exactly because I did a google search again and got the exact same result for the exact same search, safe surfing!

How much "junk" do you have running? I know some laptops you get from places like best buy have junk plastered on them for ad purposes and other stupid things and it makes them quite clogged up. Considered a fresh reinstall yet?

You've got a fairly good CPU and amount of RAM, try keeping anything that's not being used closed E.G. Firefox, Steam, Skype, Yahoo, MSN, anything that you see eating up a lot of RAM you should go ahead and close to keep your PC running smoothly.

Well, I got infected by ZeroAccess when I was browsing google for a fix to my soundcard bug where my soundcard randomly stops playing sound and requires me to log off and log back on. I found a site with someone posting the exact same thing as me, I clicked it hoping for a reply. What I didn't get was a reply, what I did get was infected by ZeroAccess, the site that I'd gone to was very old and seemingly outdated and with ZeroAccess just now throwing out an appearance it seems it must've been hijacked, the site was http://www.ihav.net (feel free to edit my post and remove that if you deem fit.)

Let me ask you, may I have your full specs? As well as do you keep programs that you are not using running?

You too, take care of yourself! Mods, feel free to lock this thread now!

Thanks for the help MrCharlie, I'd donate to you but I'm quite broke right now! Do you accept gratitude from a 2nd year high schooler as a donation?

Seems to be pretty good, nothing unusual happening anymore not that there was much from the start other than ZoneAlarm and Avast! going nuts about it connecting to the internet, seems to have been toasted. Thanks!

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jake :: JAKE-PC [administrator] 7/30/2012 10:33:08 AM mbam-log-2012-07-30 (10-33-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 199435 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jake [Admin rights] Mode: Scan -- Date: 07/30/2012 10:30:06 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST315003 41AS SATA Disk Device +++++ --- User --- [MBR] 5803beb5b57a1e0640dbce950ddc21e1 [bSP] a69242f73d572ad8e0f93af1985c5cda : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430695 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jake [Admin rights] Mode: Remove -- Date: 07/30/2012 10:19:13 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> NOT SELECTED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED [HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> REMOVED [ZeroAccess][FOLDER] U : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> REMOVED [ZeroAccess][FOLDER] L : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> REMOVED [ZeroAccess][FILE] @ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> REMOVED [Del.Parent][FILE] 00000004.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\00000004.@ --> REMOVED [Del.Parent][FILE] 000000cb.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\000000cb.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 80000064.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000064.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> REMOVED [Del.Parent][FILE] 00000004.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L\00000004.@ --> REMOVED [ZeroAccess][FOLDER] L : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> REMOVED ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST315003 41AS SATA Disk Device +++++ --- User --- [MBR] 5803beb5b57a1e0640dbce950ddc21e1 [bSP] a69242f73d572ad8e0f93af1985c5cda : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430695 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

The registry keys are no longer appearing

Here's the log from ComboFix. ComboFix 12-07-30.01 - Jake 07/30/2012 8:56.1.6 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.5301 [GMT -7:00] Running from: c:\users\Jake\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1049328536 c:\programdata\1071462648 c:\programdata\1100453104 c:\programdata\1416091096 c:\programdata\1423299904 c:\programdata\1439640296 c:\programdata\150538824 c:\programdata\1674503584 c:\programdata\1750229800 c:\programdata\2007857088 c:\programdata\2013857328 c:\programdata\2075215336 c:\programdata\2294935064 c:\programdata\2337409904 c:\programdata\2409023008 c:\programdata\2591855232 c:\programdata\2832576568 c:\programdata\2833106928 c:\programdata\2945740288 c:\programdata\2983350544 c:\programdata\3134729072 c:\programdata\315938136 c:\programdata\3279682208 c:\programdata\3322803440 c:\programdata\3415614408 c:\programdata\3420621328 c:\programdata\3518799800 c:\programdata\3556148592 c:\programdata\3594091064 c:\programdata\3663386168 c:\programdata\3771992848 c:\programdata\3834173464 c:\programdata\3924327912 c:\programdata\3964628648 c:\programdata\4018372208 c:\programdata\4184667248 c:\programdata\4214289392 c:\programdata\423347920 c:\programdata\4241437696 c:\programdata\433129112 c:\programdata\472542592 c:\programdata\544034144 c:\programdata\57711568 c:\programdata\627053344 c:\programdata\688815448 c:\programdata\84420680 c:\users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0ECAF8DC-DB31-4545-9115-D60B5E29D7A1}.xps c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\SysWow64\tmp46A0.tmp c:\windows\SysWow64\tmp46DF.tmp . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 ))))))))))))))))))))))))))))))) . . 2012-07-30 16:43 . 2012-07-30 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-30 15:47 . 2012-07-30 15:47 -------- d-----w- C:\FRST 2012-07-30 06:56 . 2012-07-30 06:56 -------- d-----w- c:\program files (x86)\Screaming Bee 2012-07-30 06:48 . 2012-07-30 06:49 -------- d-----w- c:\users\Jake\AppData\Roaming\Nico Mak Computing 2012-07-30 06:48 . 2011-11-10 17:33 18760 ----a-w- c:\windows\system32\roboot64.exe 2012-07-30 06:43 . 2012-07-30 06:43 -------- d-----w- C:\AV_LOGS 2012-07-30 06:38 . 2012-07-30 06:38 -------- d-----w- c:\users\Jake\AppData\Roaming\Avnex 2012-07-30 06:37 . 2008-12-26 19:56 21504 ----a-w- c:\windows\system32\drivers\vcsvad.sys 2012-07-30 06:37 . 2012-07-30 06:47 -------- d-----w- c:\program files (x86)\AV Vcs 7.0 DIAMOND 2012-07-30 02:03 . 2012-07-30 02:03 -------- d-----w- c:\users\Jake\AppData\Roaming\Gyazo 2012-07-30 02:03 . 2012-07-30 02:03 -------- d-----w- c:\program files (x86)\Gyazo 2012-07-28 15:53 . 2012-07-28 15:55 -------- d-----w- C:\srcds_css 2012-07-27 12:17 . 2012-07-27 12:17 -------- d-----w- c:\program files (x86)\SplitMediaLabs 2012-07-27 07:17 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71AFBCE6-5224-4057-9161-CAE12920C093}\mpengine.dll 2012-07-25 15:03 . 2012-07-25 15:03 0 ----a-w- c:\windows\SysWow64\sho7B8C.tmp 2012-07-24 14:23 . 2012-07-24 14:23 -------- d-----w- c:\users\Jake\Autodesk 2012-07-24 06:03 . 2012-07-24 06:03 -------- d-----w- c:\users\Jake\Softimage 2012-07-24 05:56 . 2012-07-24 08:32 -------- d-----w- C:\Decompiled Models 2012-07-24 05:47 . 2012-07-24 05:47 -------- d-----w- c:\program files\Common Files\Softimage 2012-07-24 05:47 . 2012-07-24 14:33 -------- d-----w- C:\Softimage 2012-07-24 05:46 . 2012-07-24 14:22 -------- d-----w- c:\program files (x86)\Common Files\Softimage 2012-07-24 05:44 . 2007-08-15 01:12 45056 ------w- c:\windows\SysWow64\XSIChooser.exe 2012-07-24 05:43 . 2012-07-24 05:43 -------- d-----w- c:\program files\Blender Foundation 2012-07-24 05:41 . 2012-07-24 05:43 -------- d-----w- C:\XSI6 2012-07-24 05:41 . 2012-07-24 05:41 -------- d-----w- c:\program files (x86)\XSI6 2012-07-24 05:40 . 2012-07-24 05:40 -------- d-----w- c:\users\Jake\AppData\Roaming\InstallShield 2012-07-24 05:37 . 2012-07-24 05:37 -------- d-----w- c:\program files\StudioCompiler 2012-07-23 09:30 . 2012-07-23 11:26 -------- d-----w- c:\users\Jake\AppData\Local\SingularityViewer 2012-07-23 09:30 . 2012-07-23 09:31 -------- d-----w- c:\users\Jake\AppData\Roaming\SecondLife 2012-07-23 09:25 . 2012-07-23 09:26 -------- d-----w- c:\program files (x86)\Singularity 2012-07-22 02:22 . 2012-07-21 08:55 -------- d-----w- c:\program files (x86)\osu! 2012-07-22 02:22 . 2012-07-22 02:22 -------- d-----w- c:\users\Jake\AppData\Roaming\Downloaded Installations 2012-07-14 19:30 . 2012-07-14 19:30 -------- d-----w- c:\programdata\ATI 2012-07-14 19:29 . 2012-07-14 19:29 -------- d-----w- c:\program files (x86)\AMD AVT 2012-07-14 19:29 . 2012-07-14 19:29 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-13 22:02 . 2012-07-13 22:02 -------- d-----w- c:\users\Jake\AppData\Local\Oblivion 2012-07-13 02:48 . 2012-07-13 02:48 -------- d-----w- c:\programdata\TamoSoft 2012-07-13 02:47 . 2012-07-13 02:51 -------- d-----w- c:\program files (x86)\CommView 2012-07-12 20:43 . 2012-07-12 20:43 -------- d-----w- c:\users\Jake\temp 2012-07-12 18:20 . 2012-06-18 20:34 19032 ------w- c:\windows\system32\pwdrvio.sys 2012-07-12 18:20 . 2012-06-18 20:34 2966720 ----a-w- c:\windows\system32\pwNative.exe 2012-07-12 18:20 . 2012-06-18 20:34 12384 ------w- c:\windows\system32\pwdspio.sys 2012-07-12 18:20 . 2012-07-12 18:20 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 7.5 2012-07-12 18:18 . 2012-07-12 18:18 -------- d-----w- c:\program files (x86)\Xiph.Org 2012-07-12 18:18 . 2012-07-12 18:18 -------- d-----w- c:\program files (x86)\Ta0 Software 2012-07-12 03:35 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:11 . 2012-07-11 04:11 -------- d-----w- c:\users\Jake\AppData\Roaming\QFX Software 2012-07-11 04:11 . 2012-07-11 04:11 -------- d-----w- c:\programdata\QFX Software 2012-07-11 04:10 . 2012-07-11 04:10 -------- d-----w- c:\program files (x86)\KeyScrambler 2012-07-11 04:10 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2012-07-11 03:43 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\system32\explorer.exe 2012-07-06 19:34 . 2012-07-06 19:34 -------- d-----w- c:\users\Jake\AppData\Local\4A Games 2012-07-06 17:21 . 2012-07-06 17:21 -------- d-----w- c:\users\Jake\AppData\Local\My Games 2012-07-06 17:11 . 2012-07-06 18:39 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V 2012-07-04 11:30 . 2012-07-04 11:30 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2 2012-07-01 07:03 . 2010-12-07 21:12 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys 2012-07-01 07:03 . 2010-12-07 21:12 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys 2012-07-01 07:03 . 2010-12-07 21:12 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys 2012-07-01 07:03 . 2010-12-07 21:12 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys 2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\program files (x86)\LG Electronics 2012-07-01 01:36 . 2012-07-01 01:36 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys 2012-07-01 01:36 . 2012-07-01 01:36 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-26 08:55 . 2012-05-06 00:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-26 08:55 . 2012-01-07 03:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 19:10 . 2012-03-25 05:48 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-12 19:10 . 2012-03-24 09:49 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-12 19:06 . 2012-03-24 09:49 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-12 03:32 . 2012-01-18 07:01 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 20:46 . 2012-01-18 05:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 16:21 . 2012-02-24 22:01 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-07-03 16:21 . 2012-02-24 22:00 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21 . 2012-02-24 22:00 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-07-03 16:21 . 2012-02-24 22:00 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-07-03 16:21 . 2012-01-18 06:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-01-18 06:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-01-18 06:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2012-01-18 06:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2012-01-18 06:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-01-18 06:50 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-01-18 06:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-07-03 16:21 . 2012-01-18 06:24 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-11 20:50 . 2012-06-11 20:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 20:50 . 2012-06-11 20:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 20:50 . 2012-06-11 20:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 20:50 . 2012-06-11 20:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2011-11-10 03:16 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-11-10 03:15 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2011-11-10 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-11-10 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2011-11-10 02:40 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2011-11-10 02:33 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2011-11-10 02:29 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2011-11-10 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2011-11-10 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2011-11-10 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2011-11-10 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-02 22:19 . 2012-06-22 09:04 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 09:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 09:04 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 09:04 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 09:04 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-22 09:04 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 09:04 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 09:04 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-22 09:04 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-05-31 19:25 . 2012-01-07 03:39 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-21 07:41 . 2012-03-24 09:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-05-18 04:01 . 2012-05-18 04:01 889219 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe 2012-05-15 04:01 . 2012-06-13 02:52 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:59 . 2012-06-13 02:52 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:03 . 2012-06-13 02:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-11 11:26 . 2012-03-26 05:31 2250024 ----a-w- c:\windows\SysWow64\Pbsvc.exe 2012-05-10 23:35 . 2012-05-10 23:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll 2012-05-10 23:35 . 2012-05-10 23:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll 2012-05-04 11:06 . 2012-06-13 02:52 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 02:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 02:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 22:29 . 2012-05-01 22:29 0 ----a-w- c:\windows\SysWow64\pro98CB.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-05-28 1242448] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Spotify Web Helper"="c:\users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-30 1193176] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "GPU TweakIt Server Execute"="c:\program files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe" [2011-05-03 1384064] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-12 1349632] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-19 241789] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-20 73360] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] . c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304] R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304] R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2011-02-21 31336] R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2011-02-21 157288] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-01-07 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-07 79360] R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 21608] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120] R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-16 32872] S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-05-24 171688] S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-03-16 33672] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-03-16 827520] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-10 2673064] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 e1qexpress;Intel® PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [2011-06-21 336048] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-02-02 66728] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-10-15 674304] S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys [2010-04-29 45160] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288] S3 USBUAA;USB Audio Class 2.0 Device Driver;c:\windows\system32\DRIVERS\USBUAA.SYS [2011-01-24 97024] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 08:55] . 2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job - c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 10:46] . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job - c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 10:46] . 2012-07-30 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job - c:\users\Jake\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-24 05:19] . 2012-07-30 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job - c:\users\Jake\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-24 05:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152] "Cm6620Sound"="c:\program files\ROG Thunderbolt Audio\CPL\ROG ThunderBolt Audio.exe" [2011-02-24 311296] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-03-16 1126528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\dnk3buf3.default\ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-GX_Hook - c:\program files\ROG Thunderbolt Audio\CPL\HsMgr.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe AddRemove-Libra_is1 - c:\program files (x86)\Libra\unins000.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-Sandbox - c:\program files (x86)\Steam\steamapps\common\Battlefield 2\mods\sandbox\uninstall_sandbox.exe AddRemove-{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1 - c:\program files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3825957713-1901933741-4195240163-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92424D96-8710-044E-768D-AC50BFF36B82}*] "ialekogmnimibogleo"=hex:6a,61,65,64,70,6c,64,62,6d,70,6b,64,68,6f,6b,6f,67,6f, 66,70,00,00 "hajeaohnmlidkail"=hex:6a,61,70,63,69,6c,65,61,64,70,69,61,6c,69,65,67,6d,6a, 61,66,00,00 "iapacdaeeccgogddaf"=hex:63,61,61,64,61,6a,00,00 . [HKEY_USERS\S-1-5-21-3825957713-1901933741-4195240163-1000\Software\SecuROM\License information*] "datasecu"=hex:0c,57,e7,e9,b7,73,a3,76,c2,e5,7d,8b,c4,0d,bc,5e,f9,47,29,38,bb, 47,d1,1d,a0,ac,53,4e,a5,e1,67,36,00,f2,d4,70,2a,f3,14,f9,bf,71,55,37,3d,9e,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\DAODx.exe c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\xampp\mysql\bin\mysqld.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe . ************************************************************************** . Completion time: 2012-07-30 09:54:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-30 16:54 . Pre-Run: 1,065,325,658,112 bytes free Post-Run: 1,068,293,672,960 bytes free . - - End Of File - - 3052EB4B5698A51DF3946A9F2A9AF046

I apologize for the late response, been a little busy today with work and parents, here's the FRST log! Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by Jake at 30-07-2012 08:47:35 Running from C:\Users\Jake\Desktop Service Pack 1 (X64) OS Language: English(US) Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ============ One Month Created Files and Folders ============== 2012-07-30 07:43 - 2012-07-30 07:43 - 01438391 ____A (Farbar) C:\Users\Jake\Desktop\FRST64.exe 2012-07-30 07:36 - 2012-07-30 07:36 - 00003339 ____A C:\Users\Jake\Desktop\RKreport[1].txt 2012-07-30 07:35 - 2012-07-30 07:36 - 00000000 ____D C:\Users\Jake\Desktop\RK_Quarantine 2012-07-30 07:18 - 2012-07-30 07:19 - 01552384 ____A C:\Users\Jake\Desktop\RogueKiller.exe 2012-07-30 05:00 - 2012-07-30 05:00 - 00146694 ____A C:\Users\Jake\Desktop\OTL.Txt 2012-07-30 04:53 - 2012-07-30 04:53 - 00881494 ____A C:\Users\Jake\Desktop\SecurityCheck.exe 2012-07-30 04:53 - 2012-07-30 04:53 - 00596480 ____A (OldTimer Tools) C:\Users\Jake\Desktop\OTL.exe 2012-07-30 04:47 - 2012-07-30 04:47 - 00044465 ____A C:\Users\Jake\Desktop\DDS.txt 2012-07-30 04:47 - 2012-07-30 04:47 - 00021226 ____A C:\Users\Jake\Desktop\Attach.txt 2012-07-30 04:43 - 2012-07-30 04:43 - 00607260 ____R (Swearware) C:\Users\Jake\Desktop\dds.com 2012-07-29 23:56 - 2012-07-29 23:56 - 00000000 ____D C:\Program Files (x86)\Screaming Bee 2012-07-29 23:55 - 2012-07-29 23:56 - 05221800 ____A C:\Users\Jake\Downloads\MorphVOXPro4_Install-1.exe 2012-07-29 23:48 - 2012-07-29 23:49 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Nico Mak Computing 2012-07-29 23:48 - 2012-07-29 23:48 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk 2012-07-29 23:48 - 2011-11-10 10:33 - 00018760 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot64.exe 2012-07-29 23:38 - 2012-07-29 23:38 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Avnex 2012-07-29 23:37 - 2012-07-29 23:47 - 00000000 ____D C:\Program Files (x86)\AV Vcs 7.0 DIAMOND 2012-07-29 23:37 - 2008-12-26 12:56 - 00021504 ____A (Avnex) C:\Windows\System32\Drivers\vcsvad.sys 2012-07-29 19:03 - 2012-07-29 19:03 - 01552078 ____A (Toshiyuki Masui ) C:\Users\Jake\Downloads\Gyazo-1.0.exe 2012-07-29 19:03 - 2012-07-29 19:03 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Gyazo 2012-07-29 19:03 - 2012-07-29 19:03 - 00000000 ____D C:\Program Files (x86)\Gyazo 2012-07-29 18:34 - 2012-07-29 18:34 - 00000000 ____D C:\Users\Jake\AppData\Local\{15E2F146-90F0-4C9C-95D6-1900F5E5BF8F} 2012-07-29 18:22 - 2012-07-29 18:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{B9CB18BA-9434-4899-A61A-48F5232903CE} 2012-07-29 18:20 - 2012-07-29 18:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{6A0F40FE-78BA-41E2-BDA2-081C55AB1985} 2012-07-29 18:16 - 2012-07-29 18:16 - 463412638 ____A C:\Windows\MEMORY.DMP 2012-07-29 18:16 - 2012-07-29 18:16 - 00275680 ____A C:\Windows\Minidump\072912-29343-01.dmp 2012-07-29 18:16 - 2012-07-29 18:16 - 00000000 ____D C:\Windows\Minidump 2012-07-28 08:53 - 2012-07-28 08:55 - 00000000 ____D C:\srcds_css 2012-07-28 08:53 - 2012-07-28 08:53 - 00703533 ____A C:\Users\Jake\Downloads\hldsupdatetool.exe 2012-07-27 05:17 - 2012-07-27 05:17 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs 2012-07-27 00:11 - 2012-07-27 00:12 - 00000000 ____D C:\Users\Jake\AppData\Local\{8C5558BD-1217-47EC-8348-B4FC7B181222} 2012-07-27 00:11 - 2012-07-27 00:11 - 00000000 ____D C:\Users\Jake\AppData\Local\{B53E15A2-5606-4E17-A74B-2222D584AA1A} 2012-07-25 17:15 - 2012-07-25 17:15 - 00000000 ____D C:\Users\Jake\AppData\Local\{5221ECD6-70AC-4189-8533-4C96BEB1BF92} 2012-07-25 17:14 - 2012-07-25 17:15 - 00000000 ____D C:\Users\Jake\AppData\Local\{109EBE23-8930-4CA4-9942-17FB586F0DC8} 2012-07-25 08:03 - 2012-07-25 08:03 - 00000000 ____A C:\Windows\SysWOW64\sho7B8C.tmp 2012-07-24 07:23 - 2012-07-24 07:23 - 00000000 ____D C:\Users\Jake\Autodesk 2012-07-24 07:21 - 2009-07-08 13:31 - 02361541 ____A C:\Users\Jake\Desktop\ValveSource.6.02.xsiaddon 2012-07-24 07:13 - 2012-07-24 07:18 - 466912227 ____A (Softimage ) C:\Users\Jake\Downloads\setup_XSIDEMO_Mod Tool_7_5_203_win32.exe 2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\Jake\Softimage 2012-07-23 22:56 - 2012-07-24 01:32 - 00000000 ____D C:\Decompiled Models 2012-07-23 22:54 - 2012-07-23 22:55 - 00000000 ____D C:\Users\Jake\Documents\Source SDK Models 2012-07-23 22:47 - 2012-07-24 07:33 - 00000000 ____D C:\Softimage 2012-07-23 22:47 - 2012-07-23 22:47 - 00000000 ____D C:\Program Files\Common Files\Softimage 2012-07-23 22:44 - 2007-08-14 18:12 - 00045056 ____N C:\Windows\SysWOW64\XSIChooser.exe 2012-07-23 22:43 - 2012-07-23 22:43 - 00000000 ____D C:\Program Files\Blender Foundation 2012-07-23 22:43 - 2009-06-10 14:00 - 00017463 ____A C:\Windows\System32\Drivers\etc\SERVICES_XSI_6 Mod Tool_7-23-2012_22-43-49.backup 2012-07-23 22:41 - 2012-07-23 22:43 - 00000000 ____D C:\XSI6 2012-07-23 22:41 - 2012-07-23 22:42 - 33231558 ____A C:\Users\Jake\Downloads\blender-2.63a-release-windows64.exe 2012-07-23 22:41 - 2012-07-23 22:41 - 00000000 ____D C:\Program Files (x86)\XSI6 2012-07-23 22:40 - 2012-07-23 22:40 - 00000000 ____D C:\Users\Jake\AppData\Roaming\InstallShield 2012-07-23 22:37 - 2012-07-23 22:37 - 01429503 ____A C:\Users\Jake\Downloads\StudioCompilerSetup.V0.4A.exe 2012-07-23 22:37 - 2012-07-23 22:37 - 00000000 ____D C:\Program Files\StudioCompiler 2012-07-23 22:35 - 2012-07-23 22:40 - 452859502 ____A (Softimage ) C:\Users\Jake\Downloads\SOFTIMAGE_XSI_6_ModTool.exe 2012-07-23 22:35 - 2012-07-23 22:35 - 00561878 ____A (Ryan Gregg ) C:\Users\Jake\Downloads\gcfscape182.exe 2012-07-23 02:30 - 2012-07-23 04:26 - 00000000 ____D C:\Users\Jake\AppData\Local\SingularityViewer 2012-07-23 02:30 - 2012-07-23 02:31 - 00000000 ____D C:\Users\Jake\AppData\Roaming\SecondLife 2012-07-23 02:25 - 2012-07-23 02:26 - 00000000 ____D C:\Program Files (x86)\Singularity 2012-07-23 02:25 - 2012-07-23 02:25 - 24985451 ____A C:\Users\Jake\Downloads\Singularity_1-7-0-2621_Setup.exe 2012-07-22 18:07 - 2012-07-22 18:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{DBDD9AC0-9198-46B1-9E23-2FB13656B9FD} 2012-07-22 18:06 - 2012-07-22 18:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{4D44C76F-5237-4F1B-8EF2-B1C7D1ABAE74} 2012-07-21 19:22 - 2012-07-21 19:22 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Downloaded Installations 2012-07-21 19:22 - 2012-07-21 01:55 - 00000000 ____D C:\Program Files (x86)\osu! 2012-07-21 19:21 - 2012-07-21 19:22 - 24610144 ____A (peppy) C:\Users\Jake\Downloads\osu!install.exe 2012-07-21 16:20 - 2012-07-21 16:20 - 00000000 ____D C:\Users\Jake\AppData\Local\{6C9420D7-0894-4E63-9A59-2A4D0A8F91F8} 2012-07-21 16:20 - 2012-07-21 16:20 - 00000000 ____D C:\Users\Jake\AppData\Local\{169F9A77-D2EE-4BBD-B327-83899DDDBD5D} 2012-07-21 14:59 - 2012-07-21 14:59 - 00000000 ____D C:\Users\Jake\AppData\Local\{6124433F-593F-4EDA-8B83-C60789FC2E55} 2012-07-21 14:58 - 2012-07-21 14:59 - 00000000 ____D C:\Users\Jake\AppData\Local\{DF885A2D-8130-4769-8A60-9278568BE80D} 2012-07-20 22:20 - 2012-07-20 22:20 - 00000000 ____D C:\Users\Jake\Desktop\basewars 2012-07-20 15:07 - 2012-07-20 15:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{A7FE924A-30D6-40DE-B38C-3600F7857282} 2012-07-19 14:08 - 2012-07-19 14:08 - 00000000 ____D C:\Users\Jake\AppData\Local\{4C86C355-6F79-416E-9835-71DF5F093C2F} 2012-07-19 14:07 - 2012-07-19 14:08 - 00000000 ____D C:\Users\Jake\AppData\Local\{8224FEA0-23DE-44B6-9BAE-974BAD46EC68} 2012-07-18 19:21 - 2012-07-18 19:54 - 00000000 ____D C:\Users\Jake\Desktop\reichbot 2012-07-18 17:30 - 2012-07-18 17:30 - 00000000 ____D C:\Users\Jake\AppData\Local\{9A84C62B-9A0A-4CED-A34C-64546C42D723} 2012-07-18 17:29 - 2012-07-18 17:30 - 00000000 ____D C:\Users\Jake\AppData\Local\{2DE247D8-D16B-4A99-BBF9-AEF85DB8E267} 2012-07-18 13:28 - 2012-07-18 13:28 - 00000000 ____D C:\Users\Jake\AppData\Local\{EB0E8DF2-A3C9-4350-BA48-48C0B7DD4171} 2012-07-18 13:28 - 2012-07-18 13:28 - 00000000 ____D C:\Users\Jake\AppData\Local\{5DB41283-DFB5-4EA5-86C4-AA75AD931B53} 2012-07-17 14:03 - 2012-07-17 14:03 - 00000000 ____D C:\Users\Jake\AppData\Local\{DFC91A96-136D-45F3-803E-8CF57F28A854} 2012-07-17 14:03 - 2012-07-17 14:03 - 00000000 ____D C:\Users\Jake\AppData\Local\{390FF505-96DD-4B44-993C-53ABB063F4B6} 2012-07-17 00:02 - 2012-07-17 00:02 - 01282568 ____A (Avira Operations GmbH & Co. KG) C:\Users\Jake\Downloads\AviraDNSRepairEN.exe 2012-07-16 15:25 - 2012-07-16 15:25 - 00000000 ____D C:\Users\Jake\AppData\Local\{F5CC4687-3CAA-4B95-84CB-8CD8B13D0A93} 2012-07-16 15:25 - 2012-07-16 15:25 - 00000000 ____D C:\Users\Jake\AppData\Local\{29876460-1A67-4F59-B949-0F1D67F772D1} 2012-07-15 16:37 - 2012-07-15 16:37 - 00000000 ____D C:\Users\Jake\AppData\Local\{ED171093-46CD-4AC5-890D-A65D0DAB8DD3} 2012-07-15 13:37 - 2012-07-15 13:37 - 00000000 ____D C:\Users\Jake\AppData\Local\{D77CAAA4-CAE8-4B13-AFC2-098266D40AD2} 2012-07-14 12:30 - 2012-07-14 12:30 - 00000000 ____D C:\Users\All Users\ATI 2012-07-14 12:29 - 2012-07-14 12:29 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2012-07-14 12:29 - 2012-07-14 12:29 - 00000000 ____D C:\Program Files (x86)\AMD APP 2012-07-14 12:15 - 2012-07-14 12:16 - 00000000 ____D C:\Users\Jake\AppData\Local\{167DB4D3-FFEE-49E8-952B-5D3FACAC2333} 2012-07-14 12:15 - 2012-07-14 12:15 - 00000000 ____D C:\Users\Jake\AppData\Local\{A206A152-F748-49FB-BC13-272CBB36E247} 2012-07-13 15:10 - 2012-07-14 16:42 - 00000023 ____A C:\Windows\BlendSettings.ini 2012-07-13 15:02 - 2012-07-13 15:02 - 00000000 ____D C:\Users\Jake\AppData\Local\Oblivion 2012-07-13 14:02 - 2012-07-13 14:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{9DD37776-51BF-4B75-8669-22970B86F8F3} 2012-07-13 14:02 - 2012-07-13 14:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{4DF57284-19D7-4BDD-9E27-069F08A1110F} 2012-07-12 19:48 - 2012-07-12 19:48 - 00000000 ____D C:\Users\Jake\Documents\CommView 2012-07-12 19:48 - 2012-07-12 19:48 - 00000000 ____D C:\Users\All Users\TamoSoft 2012-07-12 19:47 - 2012-07-12 19:51 - 00000000 ____D C:\Program Files (x86)\CommView 2012-07-12 11:53 - 2012-07-12 11:53 - 03878112 ____A C:\Users\Jake\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe 2012-07-12 11:30 - 2012-07-12 11:30 - 00000000 ____D C:\Windows\pss 2012-07-12 11:20 - 2012-07-12 11:20 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.5 2012-07-12 11:20 - 2012-06-18 13:34 - 02966720 ____A C:\Windows\System32\pwNative.exe 2012-07-12 11:20 - 2012-06-18 13:34 - 00019032 ____N C:\Windows\System32\pwdrvio.sys 2012-07-12 11:20 - 2012-06-18 13:34 - 00012384 ____N C:\Windows\System32\pwdspio.sys 2012-07-12 11:19 - 2012-07-12 11:19 - 11724064 ____A (MiniTool Solution Ltd. ) C:\Users\Jake\Downloads\pwhe75.exe 2012-07-12 11:18 - 2012-07-12 11:18 - 00000000 ____D C:\Program Files (x86)\Xiph.Org 2012-07-12 11:18 - 2012-07-12 11:18 - 00000000 ____D C:\Program Files (x86)\Ta0 Software 2012-07-12 11:17 - 2012-07-12 11:17 - 03415322 ____A C:\Users\Jake\Downloads\Steamp3Setup_1.0.96.exe 2012-07-12 11:02 - 2012-07-12 11:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{AAC2F57F-E5EA-4C4F-B0C4-D1DEB3C6BFC1} 2012-07-12 11:02 - 2012-07-12 11:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{44E0ACBA-CE4B-4B51-8EA1-18368089BBC3} 2012-07-11 20:35 - 2012-06-11 20:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 17:07 - 2012-06-08 22:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 17:07 - 2012-06-08 21:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 17:07 - 2012-06-05 23:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 17:07 - 2012-06-05 23:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 17:07 - 2012-06-05 23:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 17:07 - 2012-06-05 22:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 17:07 - 2012-06-05 22:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 17:07 - 2012-06-05 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 17:07 - 2012-06-01 22:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 17:07 - 2012-06-01 22:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 17:07 - 2012-06-01 22:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 17:07 - 2012-06-01 22:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 17:07 - 2012-06-01 22:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 17:07 - 2012-06-01 21:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 17:07 - 2012-06-01 21:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 17:07 - 2012-06-01 21:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 17:07 - 2012-06-01 21:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 17:07 - 2010-06-25 20:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 17:07 - 2010-06-25 20:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-11 16:55 - 2012-07-11 16:55 - 00000000 ____D C:\Users\Jake\AppData\Local\{4159D3ED-4596-4A25-BB63-EE1CDA9DBED0} 2012-07-11 16:54 - 2012-07-11 16:55 - 00000000 ____D C:\Users\Jake\AppData\Local\{FBE64093-A59A-4552-8ECF-0B38709D1AAD} 2012-07-10 21:23 - 2012-07-10 21:23 - 00000000 ____D C:\Users\Jake\AppData\Local\{CCC02259-012F-4740-8348-AC951C10BD61} 2012-07-10 21:22 - 2012-07-10 21:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{90C5A115-0EF9-4DE6-AB33-49E583185F8F} 2012-07-10 21:11 - 2012-07-10 21:11 - 00000000 ____D C:\Users\Jake\AppData\Roaming\QFX Software 2012-07-10 21:11 - 2012-07-10 21:11 - 00000000 ____D C:\Users\All Users\QFX Software 2012-07-10 21:10 - 2012-07-10 21:10 - 00000000 ____D C:\Program Files (x86)\KeyScrambler 2012-07-10 21:10 - 2011-12-14 17:46 - 00222904 ____A (QFX Software Corporation) C:\Windows\System32\Drivers\keyscrambler.sys 2012-07-10 21:09 - 2012-07-10 21:09 - 01328096 ____A C:\Users\Jake\Downloads\KeyScrambler_Setup.exe 2012-07-10 20:43 - 2011-02-24 22:30 - 02616320 ____A (Microsoft Corporation) C:\Windows\System32\explorer.exe 2012-07-10 16:40 - 2012-07-10 16:40 - 00000000 ____D C:\Users\Jake\AppData\Local\{4C6DF4D7-766A-43B6-B0E6-EECB527A5A80} 2012-07-10 16:36 - 2012-07-10 16:40 - 00000000 ____D C:\Users\Jake\AppData\Local\{4B99D7C4-37AF-44D7-B914-67CA83F83682} 2012-07-10 12:14 - 2012-07-10 12:14 - 00000000 ____D C:\Users\Jake\AppData\Local\{EC85FCB7-800D-4376-B0D8-4913E3A6C255} 2012-07-10 00:35 - 2012-07-10 00:35 - 00000000 ____D C:\Users\Jake\AppData\Local\{F79F155A-3F8D-45C3-A8CE-85D2CFD2B1B3} 2012-07-09 03:45 - 2012-07-09 03:45 - 00000000 ____D C:\Users\Jake\AppData\Local\{9BB8086E-8884-4210-861E-A0B188B52996} 2012-07-09 03:44 - 2012-07-09 03:45 - 00000000 ____D C:\Users\Jake\AppData\Local\{8F569553-5D9C-4934-8BA2-4114959A8DC5} 2012-07-09 00:59 - 2012-07-09 00:59 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk 2012-07-08 02:02 - 2012-07-08 02:02 - 01121818 ____A C:\Users\Jake\Documents\stuff.psd 2012-07-07 23:12 - 2012-07-07 23:12 - 26586887 ____A (Wireshark development team) C:\Users\Jake\Downloads\Wireshark-win64-1.8.0.exe 2012-07-07 22:48 - 2012-07-07 22:48 - 02029704 ____A C:\Users\Jake\Downloads\join.me.exe 2012-07-07 20:41 - 2012-07-07 20:42 - 00000000 ____D C:\Users\Jake\AppData\Local\{0F44F311-86D5-4D58-9563-7B6508400C52} 2012-07-07 20:41 - 2012-07-07 20:41 - 00000000 ____D C:\Users\Jake\AppData\Local\{62789D9F-D0FC-4F44-855E-9A85D9102B41} 2012-07-06 12:36 - 2012-07-06 12:36 - 00000000 ____D C:\Users\Jake\Documents\4A Games 2012-07-06 12:34 - 2012-07-06 12:34 - 00000000 ____D C:\Users\Jake\AppData\Local\4A Games 2012-07-06 10:54 - 2012-07-29 23:49 - 00000000 ____D C:\Users\Jake\Downloads\Metro2033 2012-07-06 10:21 - 2012-07-06 10:21 - 00000000 ____D C:\Users\Jake\AppData\Local\My Games 2012-07-06 10:11 - 2012-07-06 11:39 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V 2012-07-06 09:13 - 2012-07-06 09:13 - 00000000 ____D C:\Users\Jake\Downloads\Civ5 2012-07-05 23:21 - 2012-07-05 23:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{C544EAF0-D3C5-4CC9-AD39-443A8F1CAF7A} 2012-07-05 23:21 - 2012-07-05 23:21 - 00000000 ____D C:\Users\Jake\AppData\Local\{CF7AC9A3-9886-413F-838C-6019C8F2FBDF} 2012-07-05 06:21 - 2012-07-05 06:22 - 00000000 ____D C:\Users\Jake\Desktop\Audiosurf 2012-07-05 02:49 - 2012-07-05 06:21 - 00000000 ____D C:\Users\Jake\Downloads\Audiosurf 2012-07-04 21:44 - 2012-07-04 21:44 - 00000000 ____D C:\Users\Jake\AppData\Local\{FF8AB0BD-4CA8-426A-B249-5ACCF0458ADF} 2012-07-04 21:43 - 2012-07-04 21:44 - 00000000 ____D C:\Users\Jake\AppData\Local\{68809A42-C788-409A-A66D-A0B82DC343CB} 2012-07-04 04:30 - 2012-07-04 04:30 - 00000000 ____D C:\Users\Jake\Documents\My Cheat Tables 2012-07-04 04:30 - 2012-07-04 04:30 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2 2012-07-04 04:28 - 2012-07-04 04:28 - 07275072 ____A (Dark Byte ) C:\Users\Jake\Downloads\CheatEngine62.exe 2012-07-03 17:22 - 2012-07-03 17:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{E60B90A2-A7AB-43B0-8566-740F1009520B} 2012-07-03 17:21 - 2012-07-03 17:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{5E67E9E1-C56A-4521-9B5A-71D1A29967F0} 2012-07-03 09:53 - 2012-07-03 09:53 - 00000000 ____D C:\Users\Jake\AppData\Local\{1DCE1934-15AA-4905-A44C-58D16BA4942B} 2012-07-02 21:51 - 2012-07-09 00:59 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk 2012-07-02 21:33 - 2012-07-06 16:09 - 00000000 ____D C:\Users\Jake\Desktop\SCDS-Lite 2012-07-02 17:07 - 2012-07-02 17:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{1C9944AA-09F5-4D8F-991E-3FC66CA08171} 2012-07-02 17:06 - 2012-07-02 17:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{2FE16230-4C01-4E65-A31C-2F7C8FEEFC9F} 2012-07-02 04:36 - 2012-07-02 04:36 - 00000000 ____D C:\Users\Jake\AppData\Local\{FCDD2055-20E2-474C-A151-74D9DC98024F} 2012-07-02 04:36 - 2012-07-02 04:36 - 00000000 ____D C:\Users\Jake\AppData\Local\{72985C87-F34C-4D84-99E0-DD9CDD363F82} 2012-07-01 19:43 - 2012-07-01 19:43 - 00000000 ____D C:\Users\Jake\AppData\Local\{CCDBD5D4-4CEC-45AE-B1D4-B0201E63D263} 2012-07-01 00:03 - 2012-07-01 00:03 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2012-07-01 00:03 - 2010-12-07 14:12 - 00034304 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgandmodem64.sys 2012-07-01 00:03 - 2010-12-07 14:12 - 00027648 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lganddiag64.sys 2012-07-01 00:03 - 2010-12-07 14:12 - 00027136 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgandgps64.sys 2012-07-01 00:03 - 2010-12-07 14:12 - 00019456 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgandbus64.sys 2012-07-01 00:02 - 2012-07-01 00:02 - 10749912 ____A (Acresso Software Inc. ) C:\Users\Jake\Downloads\LGUnitedMobileDriver_S498MA22_WHQL_ML_Ver_2.2.exe 2012-06-30 18:36 - 2012-06-30 18:36 - 00235936 ____A (Tagès SA) C:\Users\Jake\Downloads\TagesSetup_x64.exe 2012-06-30 18:36 - 2012-06-30 18:36 - 00088480 ____A C:\Windows\System32\Drivers\atksgt.sys 2012-06-30 18:36 - 2012-06-30 18:36 - 00046400 ____A C:\Windows\System32\Drivers\lirsgt.sys 2012-06-30 18:19 - 2012-06-30 18:20 - 00000000 ____D C:\Users\Jake\Documents\stalker-cs 2012-06-30 18:12 - 2012-06-30 18:12 - 00000778 ____A C:\Windows\DXError.log 2012-06-30 16:48 - 2012-06-30 16:48 - 00000000 ____D C:\Users\Jake\AppData\Local\{F2BB0D2C-CD21-4B82-99F6-151A643082AE} 2012-06-30 16:48 - 2012-06-30 16:48 - 00000000 ____D C:\Users\Jake\AppData\Local\{EAAFDC22-6C83-4434-A777-A8BABDD37C74} ============ 3 Months Modified Files ======================== 2012-07-30 08:42 - 2009-07-13 21:45 - 00014288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-30 08:42 - 2009-07-13 21:45 - 00014288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-30 08:36 - 2012-01-06 20:02 - 00020252 ____A C:\Users\All Users\Gpu.log 2012-07-30 08:33 - 2009-07-13 21:51 - 00043329 ____A C:\Windows\setupact.log 2012-07-30 08:32 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-30 07:44 - 2009-07-13 22:13 - 00886966 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-30 07:43 - 2012-07-30 07:43 - 01438391 ____A (Farbar) C:\Users\Jake\Desktop\FRST64.exe 2012-07-30 07:41 - 2012-01-06 19:40 - 01876835 ____A C:\Windows\WindowsUpdate.log 2012-07-30 07:36 - 2012-07-30 07:36 - 00003339 ____A C:\Users\Jake\Desktop\RKreport[1].txt 2012-07-30 07:31 - 2012-03-19 03:46 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job 2012-07-30 07:24 - 2012-03-23 22:19 - 00000924 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job 2012-07-30 07:19 - 2012-07-30 07:18 - 01552384 ____A C:\Users\Jake\Desktop\RogueKiller.exe 2012-07-30 06:55 - 2012-05-05 17:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-30 05:00 - 2012-07-30 05:00 - 00146694 ____A C:\Users\Jake\Desktop\OTL.Txt 2012-07-30 04:53 - 2012-07-30 04:53 - 00881494 ____A C:\Users\Jake\Desktop\SecurityCheck.exe 2012-07-30 04:53 - 2012-07-30 04:53 - 00596480 ____A (OldTimer Tools) C:\Users\Jake\Desktop\OTL.exe 2012-07-30 04:47 - 2012-07-30 04:47 - 00044465 ____A C:\Users\Jake\Desktop\DDS.txt 2012-07-30 04:47 - 2012-07-30 04:47 - 00021226 ____A C:\Users\Jake\Desktop\Attach.txt 2012-07-30 04:43 - 2012-07-30 04:43 - 00607260 ____R (Swearware) C:\Users\Jake\Desktop\dds.com 2012-07-30 04:36 - 2012-01-06 20:41 - 00026900 ____A C:\Windows\PFRO.log 2012-07-29 23:56 - 2012-07-29 23:55 - 05221800 ____A C:\Users\Jake\Downloads\MorphVOXPro4_Install-1.exe 2012-07-29 23:48 - 2012-07-29 23:48 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk 2012-07-29 22:24 - 2012-03-23 22:19 - 00000872 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job 2012-07-29 22:14 - 2012-01-10 22:54 - 00570265 ____A C:\Windows\DirectX.log 2012-07-29 19:03 - 2012-07-29 19:03 - 01552078 ____A (Toshiyuki Masui ) C:\Users\Jake\Downloads\Gyazo-1.0.exe 2012-07-29 18:16 - 2012-07-29 18:16 - 463412638 ____A C:\Windows\MEMORY.DMP 2012-07-29 18:16 - 2012-07-29 18:16 - 00275680 ____A C:\Windows\Minidump\072912-29343-01.dmp 2012-07-29 18:16 - 2012-01-17 23:26 - 00415916 ____A C:\Windows\System32\Drivers\vsconfig.xml 2012-07-28 17:54 - 2012-02-04 16:16 - 00002002 ___AH C:\Users\Jake\Documents\Default.rdp 2012-07-28 17:31 - 2012-03-19 03:46 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job 2012-07-28 08:53 - 2012-07-28 08:53 - 00703533 ____A C:\Users\Jake\Downloads\hldsupdatetool.exe 2012-07-26 01:55 - 2012-05-05 17:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-26 01:55 - 2012-01-06 20:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-25 08:03 - 2012-07-25 08:03 - 00000000 ____A C:\Windows\SysWOW64\sho7B8C.tmp 2012-07-24 07:18 - 2012-07-24 07:13 - 466912227 ____A (Softimage ) C:\Users\Jake\Downloads\setup_XSIDEMO_Mod Tool_7_5_203_win32.exe 2012-07-23 23:58 - 2012-06-24 20:49 - 00001560 ____A C:\Windows\Sandboxie.ini 2012-07-23 22:43 - 2009-07-13 19:34 - 00017510 ____A C:\Windows\System32\Drivers\etc\services 2012-07-23 22:42 - 2012-07-23 22:41 - 33231558 ____A C:\Users\Jake\Downloads\blender-2.63a-release-windows64.exe 2012-07-23 22:40 - 2012-07-23 22:35 - 452859502 ____A (Softimage ) C:\Users\Jake\Downloads\SOFTIMAGE_XSI_6_ModTool.exe 2012-07-23 22:37 - 2012-07-23 22:37 - 01429503 ____A C:\Users\Jake\Downloads\StudioCompilerSetup.V0.4A.exe 2012-07-23 22:35 - 2012-07-23 22:35 - 00561878 ____A (Ryan Gregg ) C:\Users\Jake\Downloads\gcfscape182.exe 2012-07-23 02:25 - 2012-07-23 02:25 - 24985451 ____A C:\Users\Jake\Downloads\Singularity_1-7-0-2621_Setup.exe 2012-07-21 19:22 - 2012-07-21 19:21 - 24610144 ____A (peppy) C:\Users\Jake\Downloads\osu!install.exe 2012-07-18 22:57 - 2012-03-14 18:41 - 00032772 ____A C:\Users\Jake\Desktop\gmcl_imakeSEsqueal.dll 2012-07-17 00:02 - 2012-07-17 00:02 - 01282568 ____A (Avira Operations GmbH & Co. KG) C:\Users\Jake\Downloads\AviraDNSRepairEN.exe 2012-07-14 16:42 - 2012-07-13 15:10 - 00000023 ____A C:\Windows\BlendSettings.ini 2012-07-12 12:10 - 2012-03-24 22:48 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-07-12 12:10 - 2012-03-24 02:49 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-07-12 12:06 - 2012-03-24 02:49 - 00282864 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-07-12 11:53 - 2012-07-12 11:53 - 03878112 ____A C:\Users\Jake\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe 2012-07-12 11:19 - 2012-07-12 11:19 - 11724064 ____A (MiniTool Solution Ltd. ) C:\Users\Jake\Downloads\pwhe75.exe 2012-07-12 11:17 - 2012-07-12 11:17 - 03415322 ____A C:\Users\Jake\Downloads\Steamp3Setup_1.0.96.exe 2012-07-12 10:58 - 2009-07-13 21:45 - 04828472 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 20:32 - 2012-01-18 00:01 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-10 21:09 - 2012-07-10 21:09 - 01328096 ____A C:\Users\Jake\Downloads\KeyScrambler_Setup.exe 2012-07-09 00:59 - 2012-07-09 00:59 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk 2012-07-09 00:59 - 2012-07-02 21:51 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk 2012-07-08 04:47 - 2012-01-06 20:42 - 00059976 ____A C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-08 02:21 - 2012-04-15 11:08 - 00000132 ____A C:\Users\Jake\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-07-08 02:02 - 2012-07-08 02:02 - 01121818 ____A C:\Users\Jake\Documents\stuff.psd 2012-07-07 23:12 - 2012-07-07 23:12 - 26586887 ____A (Wireshark development team) C:\Users\Jake\Downloads\Wireshark-win64-1.8.0.exe 2012-07-07 22:48 - 2012-07-07 22:48 - 02029704 ____A C:\Users\Jake\Downloads\join.me.exe 2012-07-05 23:37 - 2012-02-21 23:13 - 00010752 ____A C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-07-05 23:21 - 2012-01-17 23:24 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-07-04 04:28 - 2012-07-04 04:28 - 07275072 ____A (Dark Byte ) C:\Users\Jake\Downloads\CheatEngine62.exe 2012-07-03 13:46 - 2012-01-17 22:58 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-03 09:21 - 2012-02-24 15:01 - 00142128 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys 2012-07-03 09:21 - 2012-02-24 15:00 - 00266776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys 2012-07-03 09:21 - 2012-02-24 15:00 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-03 09:21 - 2012-02-24 15:00 - 00019600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys 2012-07-03 09:21 - 2012-01-17 23:51 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-07-03 09:21 - 2012-01-17 23:51 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-07-03 09:21 - 2012-01-17 23:51 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-07-03 09:21 - 2012-01-17 23:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-07-03 09:21 - 2012-01-17 23:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-07-03 09:21 - 2012-01-17 23:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-07-03 09:21 - 2012-01-17 23:50 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-07-03 09:21 - 2012-01-17 23:24 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-07-01 00:02 - 2012-07-01 00:02 - 10749912 ____A (Acresso Software Inc. ) C:\Users\Jake\Downloads\LGUnitedMobileDriver_S498MA22_WHQL_ML_Ver_2.2.exe 2012-06-30 18:36 - 2012-06-30 18:36 - 00235936 ____A (Tagès SA) C:\Users\Jake\Downloads\TagesSetup_x64.exe 2012-06-30 18:36 - 2012-06-30 18:36 - 00088480 ____A C:\Windows\System32\Drivers\atksgt.sys 2012-06-30 18:36 - 2012-06-30 18:36 - 00046400 ____A C:\Windows\System32\Drivers\lirsgt.sys 2012-06-30 18:12 - 2012-06-30 18:12 - 00000778 ____A C:\Windows\DXError.log 2012-06-27 17:05 - 2012-06-27 17:05 - 00003491 ____A C:\Users\Jake\Desktop\Criminal DoX.txt 2012-06-26 18:02 - 2012-06-26 18:02 - 00889840 ____A C:\Users\Jake\Desktop\Avox-Gaming Metro2033.rar 2012-06-24 20:49 - 2012-06-24 20:49 - 02402064 ____A (SANDBOXIE L.T.D) C:\Users\Jake\Downloads\SandboxieInstall.exe 2012-06-23 18:43 - 2012-06-23 18:43 - 00000020 ____A C:\Users\Jake\Downloads\start.bat.txt 2012-06-22 04:40 - 2012-06-22 04:40 - 10295128 ____A (DevAge, Vestris Inc. & Contributors) C:\Users\Jake\Downloads\Setup.exe 2012-06-20 21:17 - 2012-06-20 21:17 - 00000012 ____A C:\Users\Jake\Desktop\CS GO account.txt 2012-06-18 13:34 - 2012-07-12 11:20 - 02966720 ____A C:\Windows\System32\pwNative.exe 2012-06-18 13:34 - 2012-07-12 11:20 - 00019032 ____N C:\Windows\System32\pwdrvio.sys 2012-06-18 13:34 - 2012-07-12 11:20 - 00012384 ____N C:\Windows\System32\pwdspio.sys 2012-06-16 02:37 - 2012-06-16 02:38 - 00130566 ____A C:\Users\Jake\Desktop\gmcl_midol.dll 2012-06-15 06:44 - 2012-06-15 06:44 - 00002601 ____A C:\Users\Jake\Downloads\Revoltgaming_HL2RP_MySQL.sql 2012-06-11 20:08 - 2012-07-11 20:35 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-11 13:50 - 2012-06-11 13:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll 2012-06-11 13:50 - 2012-06-11 13:50 - 00187392 ____A C:\Windows\System32\clinfo.exe 2012-06-11 13:50 - 2012-06-11 13:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll 2012-06-11 13:50 - 2012-06-11 13:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2012-06-11 13:50 - 2012-06-11 13:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll 2012-06-11 13:50 - 2012-06-11 13:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2012-06-11 13:49 - 2012-06-11 13:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2012-06-11 11:59 - 2012-06-11 11:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys 2012-06-11 11:35 - 2012-06-11 11:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll 2012-06-11 11:29 - 2012-06-11 11:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll 2012-06-11 11:00 - 2012-06-11 11:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2012-06-11 10:26 - 2012-06-11 10:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb 2012-06-11 10:26 - 2012-06-11 10:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb 2012-06-11 10:25 - 2012-06-11 10:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe 2012-06-11 10:24 - 2011-11-09 20:16 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2012-06-11 10:23 - 2011-11-09 20:15 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll 2012-06-11 10:20 - 2012-06-11 10:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll 2012-06-11 10:19 - 2012-06-11 10:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe 2012-06-11 10:19 - 2012-06-11 10:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe 2012-06-11 10:17 - 2012-06-11 10:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll 2012-06-11 10:17 - 2012-06-11 10:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll 2012-06-11 10:17 - 2012-06-11 10:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll 2012-06-11 10:17 - 2012-06-11 10:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll 2012-06-11 10:16 - 2011-11-09 20:06 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2012-06-11 10:01 - 2011-11-09 19:51 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll 2012-06-11 09:51 - 2011-11-09 19:40 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap 2012-06-11 09:45 - 2012-06-11 09:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll 2012-06-11 09:45 - 2012-06-11 09:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll 2012-06-11 09:45 - 2012-06-11 09:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2012-06-11 09:45 - 2012-06-11 09:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll 2012-06-11 09:45 - 2012-06-11 09:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2012-06-11 09:45 - 2011-11-09 19:33 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2012-06-11 09:43 - 2011-11-09 19:29 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2012-06-11 09:41 - 2012-06-11 09:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap 2012-06-11 09:40 - 2012-06-11 09:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2012-06-11 09:36 - 2011-11-09 19:24 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll 2012-06-11 09:27 - 2012-06-11 09:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys 2012-06-11 09:26 - 2012-06-11 09:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll 2012-06-11 09:25 - 2011-11-09 19:11 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll 2012-06-11 09:25 - 2011-11-09 19:11 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll 2012-06-11 09:25 - 2011-11-09 19:11 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2012-06-11 09:24 - 2012-06-11 09:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll 2012-06-11 09:24 - 2011-11-09 19:11 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2012-06-11 09:23 - 2012-06-11 09:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2012-06-11 09:23 - 2012-06-11 09:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2012-06-11 09:23 - 2012-06-11 09:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll 2012-06-11 09:23 - 2012-06-11 09:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll 2012-06-11 05:41 - 2012-06-11 05:41 - 12522891 ____A (The [s.o.E] team ) C:\Users\Jake\Downloads\lea-installer-1-3-56.exe 2012-06-09 22:11 - 2012-06-09 22:11 - 10983288 ____A (Oleg N. Scherbakov) C:\Users\Jake\Downloads\Six Updater v2.9.6pre16 setup.exe 2012-06-08 22:43 - 2012-07-11 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 21:41 - 2012-07-11 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-08 03:51 - 2012-06-08 03:38 - 1280748357 ____A (Igor Pavlov) C:\Users\Jake\Downloads\ec_complete_content.exe 2012-06-05 23:06 - 2012-07-11 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 23:06 - 2012-07-11 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 23:02 - 2012-07-11 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 22:05 - 2012-07-11 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 22:05 - 2012-07-11 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 22:03 - 2012-07-11 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 21:12 - 2012-06-05 21:12 - 00002138 ____A C:\Users\Jake\Downloads\DayZbeta.cmd 2012-06-02 16:51 - 2012-06-02 16:51 - 04586776 ____A (Check Point Software Technologies LTD) C:\Users\Jake\Downloads\zaSetupWeb_101_101_000_en.exe 2012-06-02 15:19 - 2012-06-22 02:04 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 15:19 - 2012-06-22 02:04 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 15:19 - 2012-06-22 02:04 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 15:19 - 2012-06-22 02:04 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 15:19 - 2012-06-22 02:04 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 15:19 - 2012-06-22 02:04 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 15:15 - 2012-06-22 02:04 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 15:15 - 2012-06-22 02:04 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 15:15 - 2012-06-22 02:04 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 22:50 - 2012-07-11 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 22:48 - 2012-07-11 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 22:48 - 2012-07-11 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 22:45 - 2012-07-11 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 22:44 - 2012-07-11 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 21:40 - 2012-07-11 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 21:40 - 2012-07-11 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 21:39 - 2012-07-11 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 21:34 - 2012-07-11 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-06-01 11:43 - 2012-06-01 11:43 - 00164869 ____A C:\Users\Jake\Downloads\watch(2).htm 2012-05-31 12:25 - 2012-01-06 20:39 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-29 23:15 - 2012-05-29 23:15 - 02717432 ____A C:\Users\Jake\Downloads\vpn-client-2.1.7-release.exe 2012-05-28 01:08 - 2012-05-28 01:07 - 66445364 ____A C:\Users\Jake\Downloads\theater_nexmultiplex_1m.bsp 2012-05-26 22:29 - 2012-05-26 22:28 - 00091617 ____A C:\Users\Jake\Desktop\faphack_bot.txt 2012-05-26 18:24 - 2012-05-26 18:24 - 00055869 ____A C:\Users\Jake\Downloads\Videos.htm 2012-05-26 14:58 - 2012-05-26 22:28 - 00091786 ____A C:\Users\Jake\Desktop\FapHack.lua 2012-05-25 16:14 - 2012-05-25 16:14 - 02288128 ____A C:\Users\Jake\Downloads\LeagueofLegends.exe 2012-05-23 19:38 - 2012-05-23 19:38 - 00150240 ____A C:\Users\Jake\Downloads\watch.htm 2012-05-21 03:54 - 2012-05-21 03:53 - 13042799 ____A C:\Users\Jake\Downloads\ESEAClientInstall.exe 2012-05-21 00:41 - 2012-03-24 02:49 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2012-05-19 16:13 - 2012-05-19 16:13 - 01030872 ____A ( ) C:\Users\Jake\Downloads\LibraInstall.exe 2012-05-17 21:01 - 2012-05-17 21:01 - 00889219 ____A C:\Windows\OccupationCS_ Source Uninstaller.exe 2012-05-14 21:01 - 2012-06-12 19:52 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-14 20:59 - 2012-06-12 19:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-14 20:03 - 2012-06-12 19:52 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-14 20:00 - 2012-06-12 19:52 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-11 14:06 - 2012-05-11 02:23 - 00004388 ____A C:\Users\Jake\Desktop\epidemic.sql 2012-05-11 04:26 - 2012-03-25 22:31 - 02250024 ____A C:\Windows\SysWOW64\Pbsvc.exe 2012-05-10 16:35 - 2012-05-10 16:35 - 00043520 ____A C:\Windows\System32\kdbsdk64.dll 2012-05-10 16:35 - 2012-05-10 16:35 - 00029184 ____A C:\Windows\SysWOW64\kdbsdk32.dll 2012-05-09 20:43 - 2012-05-09 20:43 - 00002377 ____A C:\Users\Jake\Documents\MumbleAutomaticCertificateBackup.p12 2012-05-09 20:38 - 2012-05-09 20:36 - 17904640 ____A C:\Users\Jake\Downloads\mumble-1.2.3a.msi 2012-05-08 21:13 - 2012-05-08 21:13 - 00108249 ____A C:\Users\Jake\Documents\Untitled.wma 2012-05-05 20:19 - 2012-05-05 20:19 - 00000326 ____A C:\Users\Jake\Desktop\Ghost Recon Online (NCSA-Live).appref-ms 2012-05-04 04:06 - 2012-06-12 19:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 03:03 - 2012-06-12 19:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 03:03 - 2012-06-12 19:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-02 02:26 - 2012-05-07 19:46 - 02288128 ____A C:\Users\Jake\Documents\LeagueofLegends.exe ZeroAccess: C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1} C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U ZeroAccess: C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1} C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L\00000004.@ C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\00000004.@ C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\000000cb.@ C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000000.@ C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 31% Total physical RAM: 8152.29 MB Available physical RAM: 5564.43 MB Total Pagefile: 16302.76 MB Available Pagefile: 13379.45 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:1397.16 GB) (Free:992.34 GB) NTFS 3 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1397 GB 2048 KB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 1397 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components) ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 1397 GB Healthy Boot ================================================================================== ========================================================== Last Boot: 2012-07-28 20:33 ======================= End Of Log ==========================

Windows is not letting me use my USB keyboard or mouse when in recovery, any other way to do this?

RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jake [Admin rights] Mode: Scan -- Date: 07/30/2012 07:36:04 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 6 ¤¤¤ [sUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST315003 41AS SATA Disk Device +++++ --- User --- [MBR] 5803beb5b57a1e0640dbce950ddc21e1 [bSP] a69242f73d572ad8e0f93af1985c5cda : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430695 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt