Svchost.exe won't go away

Glavitar · March 1, 2013

after installing and running Malwarebytes it continues to find C:\Windows\svchost.exe, block it, and quarantine it up to 6 times a minute. nothing I have tried can find the source. hope you can help

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2

Run by Hellfire at 18:55:36 on 2013-02-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.3613 [GMT -8:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

D:\Steam\steam.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Users\Hellfire\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe

C:\Users\Hellfire\AppData\Local\Apps\2.0\Y27T3LBL.80L\B5J8MRKC.G0E\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\CurseClient.exe

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\java.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://us.blizzard.com/en-us/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

uRun: [steam] "D:\Steam\Steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Diagnostics] rundll32 "C:\Users\Hellfire\AppData\Local\Stronghold_LLC\Diagnostics\wcmqvjrqy.dll",DllRegisterServerW

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

StartupFolder: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Hellfire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hellfire\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Hellfire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MINECR~1.LNK - C:\Users\Hellfire\AppData\Roaming\.minecraft\Multiplayer\Server.bat

StartupFolder: C:\Users\Hellfire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PS3MED~1.LNK - C:\Program Files (x86)\PS3 Media Server\PMS.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{7076D7A2-2FFA-4CD9-ABA6-6FD5AD8A59B4} : DHCPNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

AppInit_DLLs= c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Hellfire\AppData\Roaming\Mozilla\Firefox\Profiles\g1ijgwmp.default\

FF - prefs.js: browser.startup.homepage - hxxp://us.blizzard.com/en-us/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-01-31 09:43; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn

FF - ExtSQL: 2013-01-31 17:08; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn

FF - ExtSQL: 2013-01-31 22:19; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Hellfire\AppData\Roaming\Mozilla\Firefox\Profiles\g1ijgwmp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403000.024\symds64.sys [2013-2-26 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403000.024\symefa64.sys [2013-2-26 1139800]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-26 39768]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-13 1388120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403000.024\ccsetx64.sys [2013-2-26 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSviA64.sys [2013-2-28 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403000.024\ironx64.sys [2013-2-26 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys [2013-2-26 432800]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-11-5 65536]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-27 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-27 682344]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe [2013-2-26 144520]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-26 968880]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-5 138912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-27 24176]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-5 239616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-5 1255736]

.

=============== Created Last 30 ================

.

2013-02-28 22:14:21 -------- d-----w- C:\Program Files (x86)\Seagate

2013-02-28 22:13:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-02-28 00:46:20 -------- d-----w- C:\Users\Hellfire\AppData\Local\Avg2013

2013-02-28 00:46:19 -------- d-----w- C:\Users\Hellfire\AppData\Local\MFAData

2013-02-28 00:46:19 -------- d-----w- C:\ProgramData\MFAData

2013-02-27 19:56:28 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\Malwarebytes

2013-02-27 19:56:15 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-27 19:56:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-27 19:56:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-27 11:21:23 -------- d-----w- C:\Users\Hellfire\AppData\Local\AVG Secure Search

2013-02-27 03:02:26 -------- d-----w- C:\Users\Hellfire\AppData\Local\AVG SafeGuard toolbar

2013-02-27 03:01:56 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-02-27 03:01:53 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2013-02-27 03:01:32 -------- d--h--w- C:\ProgramData\Common Files

2013-02-27 03:01:29 127384 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2013-02-27 03:01:29 -------- d-----w- C:\Program Files (x86)\PowerISO

2013-02-27 01:33:49 796248 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\srtsp64.sys

2013-02-27 01:33:49 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\symds64.sys

2013-02-27 01:33:49 432800 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys

2013-02-27 01:33:49 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\srtspx64.sys

2013-02-27 01:33:49 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\symelam.sys

2013-02-27 01:33:49 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\ironx64.sys

2013-02-27 01:33:49 168096 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\ccsetx64.sys

2013-02-27 01:33:49 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\symefa64.sys

2013-02-27 01:33:39 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403000.024

2013-02-26 22:50:13 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3C07.tmp

2013-02-26 22:50:13 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3C06.tmp

2013-02-15 06:14:41 -------- d-----w- C:\Program Files (x86)\The Promised Land

2013-02-15 05:20:52 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\EPubMetadataEditor

2013-02-15 05:13:25 -------- d-----w- C:\Users\Hellfire\AppData\Local\Programs

2013-02-14 21:41:40 -------- d-----w- C:\ProgramData\Big Fish Games

2013-02-14 21:18:07 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\Boolat Games

2013-02-14 20:54:17 -------- d-----w- C:\Windows\The Promised Land

2013-02-13 11:01:31 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 11:01:31 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:28:27 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 09:28:27 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 09:28:26 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 09:28:23 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 09:28:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 09:28:21 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 09:28:21 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 09:28:21 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 09:28:21 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 09:28:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 09:28:19 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 09:28:19 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-11 04:53:27 -------- d-----w- C:\ProgramData\Belkin

2013-02-10 06:49:09 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\Lonely Troops

2013-02-10 06:41:04 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade

2013-02-05 08:13:28 -------- d-----w- C:\Users\Hellfire\AppData\Local\TERA

2013-02-03 23:28:00 43680 ----a-r- C:\Windows\System32\drivers\SymIMV.sys

2013-02-02 11:18:49 -------- d-----r- C:\Program Files (x86)\Skype

2013-02-01 06:28:57 -------- d-----w- C:\Users\Hellfire\dwhelper

2013-02-01 01:22:52 -------- d-----w- C:\Users\Hellfire\AppData\Local\Macromedia

2013-02-01 01:17:54 -------- d-----w- C:\Users\Hellfire\AppData\Local\Mozilla

2013-02-01 01:17:42 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-02-01 00:41:32 -------- d-----w- C:\Windows\SysWow64\Adobe

2013-02-01 00:25:50 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-01 00:25:50 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-21 22:18:30 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-12-21 22:18:30 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-12-21 21:30:08 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-19 23:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe

2012-12-19 23:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-12-19 23:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-12-19 23:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-12-19 23:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-12-19 23:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll

2012-12-19 23:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-12-19 23:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-12-19 23:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll

2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll

2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll

2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe

2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll

.

============= FINISH: 18:56:24.49 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/5/2012 9:02:24 PM

System Uptime: 2/28/2013 5:37:01 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 1366 | 1596/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 49 GiB total, 10.996 GiB free.

D: is FIXED (NTFS) - 195 GiB total, 39.928 GiB free.

E: is FIXED (NTFS) - 454 GiB total, 84.93 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP119: 2/28/2013 3:01:26 AM - Scheduled Checkpoint

RP120: 2/28/2013 2:13:59 PM - Installed SeaTools for Windows

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.6

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Assassin's Creed ® III

Belkin Setup and Router Monitor

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDisplayEx 1.8

Combined Community Codec Pack 2011-11-11

Curse Client

Diablo III

Dragon Nest

Dropbox

Far Cry 2

Far Cry 3

Freelancer

Gigabyte Raid Cinfigurer

Gnumeric Spreadsheet 1.10.16-20110616

Java 7 Update 9

Java 7 Update 9 (64-bit)

Java Auto Updater

Legend of Grimrock

Malwarebytes Anti-Malware version 1.70.0.1100

Mass Effect

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Game Studios Common Redistributables Pack 1

Microsoft Office Excel Viewer

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XML Parser

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 18.0.2 (x86 en-US)

Mozilla Maintenance Service

NEC Electronics USB 3.0 Host Controller Driver

Norton Internet Security

Path of Exile

PowerISO

PS3 Media Server

PunkBuster Services

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype™ 6.1

Star Trek Online

Steam

Strike Suit Zero

Supreme Commander 2

swMSM

TERA

Terraria

The Promised Land

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Uplay

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.4

Warhammer 40000 - Space Marine

WinRAR 4.20 (64-bit)

World of Warcraft

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

2/28/2013 5:26:06 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/28/2013 5:26:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/28/2013 5:26:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/28/2013 12:42:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

2/28/2013 11:08:53 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fef800a, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ea9e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022813-30576-01.

2/27/2013 7:16:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

2/27/2013 7:16:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

2/27/2013 7:15:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/27/2013 7:15:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

2/27/2013 5:02:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e5926b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022713-47970-01.

2/27/2013 1:31:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

2/27/2013 1:31:13 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

2/26/2013 3:02:56 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

2/26/2013 3:02:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

2/26/2013 3:02:44 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/26/2013 3:01:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

2/26/2013 3:01:50 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

2/26/2013 3:01:34 PM, Error: SRTSP [4] - Error loading virus definitions.

2/26/2013 2:58:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/26/2013 2:57:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/26/2013 2:55:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/26/2013 2:55:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/26/2013 2:55:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eb926b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022613-30685-01.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr SRTSP SRTSPX SymIM SymIRON SymNetS tdx Wanarpv6 WfpLwf

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 1:38:27 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Haven\Hellfire SID (S-1-5-21-1126144918-1096871225-3139060307-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/25/2013 4:56:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MUNCHKINS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7076D7A2-2FFA-4CD9-ABA6-6FD5AD8A59B4}. The master browser is stopping or an election is being forced.

2/22/2013 7:20:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KATZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7076D7A2-2FFA-4CD9-ABA6-6FD5AD8A59B4}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

CatByte · March 1, 2013

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Glavitar · March 1, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013

Ran by SYSTEM at 28-02-2013 22:24:24

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)

HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-09-25] (NEC Electronics Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1885088 2012-02-23] (Affinegy, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [337432 2013-01-27] (Power Software Ltd)

HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]

HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]

HKU\Hellfire\...\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [x]

HKU\Hellfire\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [6595928 2012-05-25] (Yahoo! Inc.)

HKU\Hellfire\...\Run: [steam] "D:\Steam\Steam.exe" -silent [x]

HKU\Hellfire\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)

HKU\Hellfire\...\Run: [Diagnostics] rundll32 "C:\Users\Hellfire\AppData\Local\Stronghold_LLC\Diagnostics\wcmqvjrqy.dll",DllRegisterServerW [638976 2013-02-18] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft Server.lnk

ShortcutTarget: Minecraft Server.lnk -> C:\Users\Hellfire\AppData\Roaming\.minecraft\Multiplayer\Server.bat ()

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PS3 Media Server.lnk

ShortcutTarget: PS3 Media Server.lnk -> C:\Program Files (x86)\PS3 Media Server\PMS.exe (PS3 Media Server)

==================== Services (Whitelisted) ===================

2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [563104 2012-02-23] (Affinegy, Inc.)

2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-05] ()

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll" /prefetch:1 [551728 2013-02-06] (Symantec Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-03] ()

2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-26] ()

==================== Drivers (Whitelisted) =====================

1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-26] (AVG Technologies)

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSvia64.sys [513184 2012-11-03] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.017\ENG64.SYS [126192 2013-02-26] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.017\EX64.SYS [2087664 2013-02-26] (Symantec Corporation)

1 SRTSP; C:\Windows\System32\Drivers\NISx64\1403000.024\SRTSP64.SYS [796248 2013-01-28] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS [36952 2013-01-28] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1403000.024\SYMDS64.SYS [493656 2013-01-21] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1403000.024\SYMEFA64.SYS [1139800 2013-01-30] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-11-05] (Symantec Corporation)

1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2012-09-06] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [224416 2012-11-15] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS [432800 2013-01-30] (Symantec Corporation)

3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-28 22:23 - 2013-02-28 22:23 - 00000000 ____D C:\FRST

2013-02-28 18:56 - 2013-02-28 18:56 - 00024746 ____A C:\Users\Hellfire\Desktop\dds.txt

2013-02-28 18:56 - 2013-02-28 18:56 - 00014722 ____A C:\Users\Hellfire\Desktop\attach.txt

2013-02-28 18:55 - 2013-02-28 18:55 - 00688992 ____R (Swearware) C:\Users\Hellfire\Desktop\dds.scr

2013-02-28 17:54 - 2013-02-28 18:36 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part05.rar

2013-02-28 14:16 - 2013-02-28 14:52 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part04.rar

2013-02-28 14:14 - 2013-02-28 14:14 - 00000000 ____D C:\Program Files (x86)\Seagate

2013-02-28 11:08 - 2013-02-28 11:08 - 00274336 ____A C:\Windows\Minidump\022813-30576-01.dmp

2013-02-28 08:11 - 2013-02-28 08:47 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part03.rar

2013-02-28 00:48 - 2013-02-28 00:49 - 22697902 ____A C:\Users\Hellfire\Desktop\_Scream and Shout_ MLP FIM PMV.mp4

2013-02-27 22:51 - 2013-02-27 23:27 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part02.rar

2013-02-27 19:15 - 2013-02-28 22:11 - 00001188 ____A C:\Windows\setupact.log

2013-02-27 19:15 - 2013-02-27 19:15 - 00000000 ____A C:\Windows\setuperr.log

2013-02-27 17:42 - 2013-02-27 18:21 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part01.rar

2013-02-27 17:02 - 2013-02-28 11:08 - 00000000 ____D C:\Windows\Minidump

2013-02-27 16:46 - 2013-02-27 17:24 - 00000000 ____D C:\ProgramData\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Avg2013

2013-02-27 11:56 - 2013-02-27 11:56 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-27 11:56 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-02-27 03:21 - 2013-02-27 03:21 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG Secure Search

2013-02-27 03:00 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-02-27 03:00 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-02-27 03:00 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-02-27 03:00 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-02-27 03:00 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-02-27 03:00 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-02-27 03:00 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-02-27 03:00 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-02-27 03:00 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-02-27 03:00 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-02-27 03:00 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-02-27 03:00 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-02-27 03:00 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-02-27 03:00 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-02-27 03:00 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-02-27 03:00 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-02-27 03:00 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-02-27 03:00 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-02-27 03:00 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-02-27 03:00 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-02-27 03:00 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-02-27 03:00 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-02-27 03:00 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-02-27 03:00 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-02-27 03:00 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-02-27 03:00 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-02-27 03:00 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-02-27 03:00 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-02-27 03:00 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-02-27 03:00 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-02-27 03:00 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-02-27 03:00 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-02-27 03:00 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-02-27 03:00 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-02-26 19:24 - 2013-02-26 19:24 - 00000830 ____A C:\Users\Public\Desktop\SSZ.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00001011 ____A C:\Users\Public\Desktop\PowerISO.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG SafeGuard toolbar

2013-02-26 19:01 - 2013-02-26 19:02 - 00000000 ____D C:\Program Files (x86)\PowerISO

2013-02-26 19:01 - 2013-02-26 19:01 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-02-26 19:01 - 2013-01-27 05:35 - 00127384 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys

2013-02-20 19:10 - 2013-02-20 19:11 - 35112960 ____A C:\Users\Hellfire\Desktop\Amo-Chan_Sunshine.avi

2013-02-20 19:10 - 2013-02-20 19:10 - 30316766 ____A C:\Users\Hellfire\Desktop\Blessed Days In The Cherry Blossoms [Radical_Yue].mp4

2013-02-20 16:13 - 2013-02-20 16:14 - 16677171 ____A C:\Users\Hellfire\Desktop\RWBY _White_ Trailer.mp4

2013-02-20 16:06 - 2013-02-20 16:06 - 17620779 ____A C:\Users\Hellfire\Desktop\RWBY _Red_ Trailer.mp4

2013-02-20 12:59 - 2013-02-20 12:59 - 13475287 ____A C:\Users\Hellfire\Desktop\[PMV] To the sky.mp4

2013-02-17 09:04 - 2013-02-17 09:09 - 00007748 ____A C:\Users\Hellfire\Desktop\GameFAQs Dynasty Warriors 7 (PS3) Dim Sum Location Guide by divini.txt

2013-02-14 22:14 - 2013-02-14 22:14 - 00002019 ____A C:\Users\Hellfire\Desktop\The Promised Land .lnk

2013-02-14 22:14 - 2013-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\The Promised Land

2013-02-14 21:20 - 2013-02-14 21:20 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\EPubMetadataEditor

2013-02-14 21:13 - 2013-02-14 21:13 - 00000840 ____A C:\Users\Hellfire\.recently-used.xbel

2013-02-14 13:41 - 2013-02-14 13:45 - 00000000 ____D C:\ProgramData\Big Fish Games

2013-02-14 13:18 - 2013-02-14 13:18 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Boolat Games

2013-02-14 12:54 - 2013-02-14 12:54 - 00000000 ____D C:\Windows\The Promised Land

2013-02-14 12:51 - 2013-02-14 12:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-02-13 09:30 - 2013-02-13 09:32 - 145802744 ____A (Symantec Corporation) C:\Users\Public\NIS-TW-30-20-1-0-24-EN-US.exe

2013-02-13 03:06 - 2013-02-13 03:06 - 00000118 ____A C:\Windows\System32\MRT.INI

2013-02-13 03:00 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-13 03:00 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-13 03:00 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-13 03:00 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-13 03:00 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-13 03:00 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-13 03:00 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-13 03:00 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-13 03:00 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-13 03:00 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-13 03:00 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-13 03:00 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-13 03:00 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-13 03:00 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-13 03:00 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-13 03:00 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-13 03:00 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-13 03:00 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-02-13 03:00 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-13 03:00 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-02-13 03:00 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-13 03:00 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-13 03:00 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-13 03:00 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-13 03:00 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-02-13 03:00 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-02-13 03:00 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-02-13 03:00 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-13 03:00 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-13 03:00 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-13 03:00 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-13 03:00 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-13 01:28 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-13 01:28 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-13 01:28 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-13 01:28 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-13 01:28 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-13 01:28 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-13 01:28 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-13 01:28 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-13 01:28 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-13 01:28 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-13 01:28 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-13 01:28 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2013-02-11 23:24 - 2012-08-19 17:35 - 00000000 ____D C:\Users\Hellfire\Desktop\FightingIsMagic

2013-02-11 23:23 - 2013-02-11 23:23 - 00000651 ____A C:\Users\Public\Desktop\Diablo III.lnk

2013-02-10 20:53 - 2013-02-10 20:53 - 00000000 ____D C:\ProgramData\Belkin

2013-02-10 20:47 - 2013-02-10 20:48 - 00000000 ____D C:\Users\Hellfire\Desktop\MCEdit-0.1.6.win-amd64

2013-02-09 22:49 - 2013-02-09 22:49 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Lonely Troops

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\PlayFirst

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\ProgramData\PlayFirst

2013-02-09 22:41 - 2013-02-09 22:41 - 00000000 ____D C:\Program Files (x86)\ReflexiveArcade

2013-02-09 22:40 - 2013-02-07 21:51 - 99145558 ____A C:\Users\Public\World Mosaics 3 - Fairy Tales - Full PreCracked - Foxy Games.exe

2013-02-07 09:38 - 2013-02-07 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-02-05 00:13 - 2013-02-05 00:14 - 00000000 ____D C:\Users\Hellfire\AppData\Local\TERA

2013-02-05 00:13 - 2013-02-05 00:13 - 00000419 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk

2013-02-04 00:59 - 2013-02-04 00:59 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-02-04 00:59 - 2013-02-04 00:59 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-02-04 00:59 - 2013-02-04 00:59 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-02-04 00:59 - 2013-02-04 00:59 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-02-04 00:59 - 2013-02-04 00:59 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-02-04 00:59 - 2013-02-04 00:59 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-02-04 00:59 - 2013-02-04 00:59 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-02-03 15:28 - 2012-09-06 18:05 - 00043680 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys

2013-02-02 03:18 - 2013-02-02 03:18 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-01-31 23:09 - 2013-01-31 23:10 - 14798794 ____A C:\Users\Hellfire\Desktop\Let_s Go and Meet the Bronies.mp4

2013-01-31 22:28 - 2013-01-31 22:40 - 00000000 ____D C:\Users\Hellfire\dwhelper

2013-01-31 17:53 - 2012-11-09 00:46 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE

2013-01-31 17:22 - 2013-01-31 17:22 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Macromedia

2013-01-31 17:17 - 2013-02-09 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-31 17:17 - 2013-01-31 17:18 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Mozilla

2013-01-31 17:17 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Mozilla

2013-01-31 17:17 - 2013-01-31 17:17 - 00000000 ____D C:\ProgramData\Mozilla

2013-01-31 16:41 - 2013-01-31 16:41 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-01-31 16:25 - 2013-02-28 21:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-01-31 16:25 - 2013-02-26 16:24 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-01-31 16:25 - 2013-02-26 16:24 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

2013-02-28 22:23 - 2013-02-28 22:23 - 00000000 ____D C:\FRST

2013-02-28 22:18 - 2012-11-05 21:02 - 01303025 ____A C:\Windows\WindowsUpdate.log

2013-02-28 22:14 - 2012-11-05 21:47 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Skype

2013-02-28 22:14 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-02-28 22:11 - 2013-02-27 19:15 - 00001188 ____A C:\Windows\setupact.log

2013-02-28 21:24 - 2013-01-31 16:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-02-28 19:39 - 2012-11-06 08:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Deployment

2013-02-28 18:56 - 2013-02-28 18:56 - 00024746 ____A C:\Users\Hellfire\Desktop\dds.txt

2013-02-28 18:56 - 2013-02-28 18:56 - 00014722 ____A C:\Users\Hellfire\Desktop\attach.txt

2013-02-28 18:55 - 2013-02-28 18:55 - 00688992 ____R (Swearware) C:\Users\Hellfire\Desktop\dds.scr

2013-02-28 18:54 - 2012-11-05 21:33 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\BitTorrent

2013-02-28 18:36 - 2013-02-28 17:54 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part05.rar

2013-02-28 17:44 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-02-28 17:44 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-02-28 17:38 - 2013-01-22 07:31 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Dropbox

2013-02-28 17:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-02-28 14:52 - 2013-02-28 14:16 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part04.rar

2013-02-28 14:14 - 2013-02-28 14:14 - 00000000 ____D C:\Program Files (x86)\Seagate

2013-02-28 11:19 - 2012-11-05 22:10 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\.minecraft

2013-02-28 11:08 - 2013-02-28 11:08 - 00274336 ____A C:\Windows\Minidump\022813-30576-01.dmp

2013-02-28 11:08 - 2013-02-27 17:02 - 00000000 ____D C:\Windows\Minidump

2013-02-28 09:42 - 2012-11-05 23:41 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\vlc

2013-02-28 08:47 - 2013-02-28 08:11 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part03.rar

2013-02-28 00:49 - 2013-02-28 00:48 - 22697902 ____A C:\Users\Hellfire\Desktop\_Scream and Shout_ MLP FIM PMV.mp4

2013-02-27 23:27 - 2013-02-27 22:51 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part02.rar

2013-02-27 19:15 - 2013-02-27 19:15 - 00000000 ____A C:\Windows\setuperr.log

2013-02-27 19:09 - 2012-11-06 00:00 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Media Player Classic

2013-02-27 19:09 - 2012-11-05 20:53 - 00000000 ____D C:\Windows\Panther

2013-02-27 18:21 - 2013-02-27 17:42 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part01.rar

2013-02-27 17:24 - 2013-02-27 16:46 - 00000000 ____D C:\ProgramData\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Avg2013

2013-02-27 13:27 - 2012-12-20 21:06 - 00000000 ____D C:\Users\Hellfire\AppData\Local\SwvUpdater

2013-02-27 11:56 - 2013-02-27 11:56 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-27 06:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-02-27 03:21 - 2013-02-27 03:21 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG Secure Search

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-02-26 19:24 - 2013-02-26 19:24 - 00000830 ____A C:\Users\Public\Desktop\SSZ.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00001011 ____A C:\Users\Public\Desktop\PowerISO.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG SafeGuard toolbar

2013-02-26 19:02 - 2013-02-26 19:01 - 00000000 ____D C:\Program Files (x86)\PowerISO

2013-02-26 19:01 - 2013-02-26 19:01 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-02-26 18:05 - 2012-11-05 21:19 - 00000000 ____D C:\Windows\System32\Drivers\NISx64

2013-02-26 16:24 - 2013-01-31 16:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-26 16:24 - 2013-01-31 16:25 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-26 15:01 - 2012-11-05 21:02 - 00000000 ____D C:\users\Hellfire

2013-02-26 15:00 - 2012-11-05 21:19 - 00000000 ____D C:\ProgramData\Norton

2013-02-26 15:00 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-02-26 15:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-02-26 15:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-02-26 15:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2013-02-20 19:11 - 2013-02-20 19:10 - 35112960 ____A C:\Users\Hellfire\Desktop\Amo-Chan_Sunshine.avi

2013-02-20 19:10 - 2013-02-20 19:10 - 30316766 ____A C:\Users\Hellfire\Desktop\Blessed Days In The Cherry Blossoms [Radical_Yue].mp4

2013-02-20 16:14 - 2013-02-20 16:13 - 16677171 ____A C:\Users\Hellfire\Desktop\RWBY _White_ Trailer.mp4

2013-02-20 16:06 - 2013-02-20 16:06 - 17620779 ____A C:\Users\Hellfire\Desktop\RWBY _Red_ Trailer.mp4

2013-02-20 12:59 - 2013-02-20 12:59 - 13475287 ____A C:\Users\Hellfire\Desktop\[PMV] To the sky.mp4

2013-02-19 19:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-02-18 08:15 - 2012-12-20 21:07 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Stronghold_LLC

2013-02-17 09:09 - 2013-02-17 09:04 - 00007748 ____A C:\Users\Hellfire\Desktop\GameFAQs Dynasty Warriors 7 (PS3) Dim Sum Location Guide by divini.txt

2013-02-14 22:14 - 2013-02-14 22:14 - 00002019 ____A C:\Users\Hellfire\Desktop\The Promised Land .lnk

2013-02-14 22:14 - 2013-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\The Promised Land

2013-02-14 21:20 - 2013-02-14 21:20 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\EPubMetadataEditor

2013-02-14 21:13 - 2013-02-14 21:13 - 00000840 ____A C:\Users\Hellfire\.recently-used.xbel

2013-02-14 21:09 - 2013-01-11 01:02 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\gtk-2.0

2013-02-14 13:45 - 2013-02-14 13:41 - 00000000 ____D C:\ProgramData\Big Fish Games

2013-02-14 13:18 - 2013-02-14 13:18 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Boolat Games

2013-02-14 12:54 - 2013-02-14 12:54 - 00000000 ____D C:\Windows\The Promised Land

2013-02-14 12:51 - 2013-02-14 12:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-02-13 11:55 - 2012-11-05 21:14 - 00000000 ____D C:\Users\Hellfire\AppData\Local\ATI

2013-02-13 09:32 - 2013-02-13 09:30 - 145802744 ____A (Symantec Corporation) C:\Users\Public\NIS-TW-30-20-1-0-24-EN-US.exe

2013-02-13 03:25 - 2009-07-13 20:45 - 00284136 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-13 03:06 - 2013-02-13 03:06 - 00000118 ____A C:\Windows\System32\MRT.INI

2013-02-13 03:04 - 2012-11-05 23:27 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-02-11 23:25 - 2012-11-05 21:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\VirtualStore

2013-02-11 23:23 - 2013-02-11 23:23 - 00000651 ____A C:\Users\Public\Desktop\Diablo III.lnk

2013-02-10 20:53 - 2013-02-10 20:53 - 00000000 ____D C:\ProgramData\Belkin

2013-02-10 20:48 - 2013-02-10 20:47 - 00000000 ____D C:\Users\Hellfire\Desktop\MCEdit-0.1.6.win-amd64

2013-02-09 22:49 - 2013-02-09 22:49 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Lonely Troops

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\PlayFirst

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\ProgramData\PlayFirst

2013-02-09 22:41 - 2013-02-09 22:41 - 00000000 ____D C:\Program Files (x86)\ReflexiveArcade

2013-02-09 22:33 - 2013-01-31 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-02-07 21:51 - 2013-02-09 22:40 - 99145558 ____A C:\Users\Public\World Mosaics 3 - Fairy Tales - Full PreCracked - Foxy Games.exe

2013-02-07 09:38 - 2013-02-07 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-02-05 00:14 - 2013-02-05 00:13 - 00000000 ____D C:\Users\Hellfire\AppData\Local\TERA

2013-02-05 00:13 - 2013-02-05 00:13 - 00000419 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk

2013-02-04 01:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions