Reply to thread

Message: <blockquote data-quote="holaboo" data-source="post: 115898" data-attributes="member: 7385">Last but not least, the Farbar report:Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 28 days old)Ran by SYSTEM at 10-04-2013 18:39:17Running from G:\Windows 7 Home Premium   (X64) OS Language: English(US) The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)HKLM-x32\...\Run: [360Safetray] "C:\Program Files (x86)\360\360safe\safemon\360Tray.exe" /start [879208 2013-03-06] (360.cn)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: []  [x]HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [336304 2012-10-11] (Razer USA Ltd)HKLM-x32\...\Run: [Arctosa] "C:\Program Files (x86)\Razer\Arctosa\razerhid.exe" [232960 2009-08-19] (Razer USA Ltd.)HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)HKU\FW56E\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)HKU\FW56E\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100==================== Services (Whitelisted) ===================3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)2 360rp; "C:\Program Files (x86)\360\360sd\360rp.exe" [939352 2010-12-10] (360.cn)3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)3 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-01-05] ()2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [418376 2013-04-04] (Malwarebytes Corporation)2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 2013-04-04] (Malwarebytes Corporation)2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [1124184 2013-04-02] (Trusteer Ltd.)3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-06-26] (Sonic Solutions)4 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-06-26] (Sonic Solutions)2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)3 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-07-27] (Sony Corporation)3 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-07-27] (Sony Corporation)3 TeamViewer5; "C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service [173352 2010-07-06] (TeamViewer GmbH)3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-07-23] (Sony Corporation)3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-07-23] (Sony Corporation)3 VUAgent; "C:\Program Files\Sony\VAIO Update 5\VUAgent.exe" [1223024 2010-04-09] (Sony Corporation)3 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-07-23] (Sony Corporation)3 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [88080 2012-11-20] (ShenZhen Xunlei Networking Technologies,LTD)2 ZhuDongFangYu; "C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe" [286568 2013-01-23] (360.cn)3 pgsql-8.3; "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\" [x]==================== Drivers (Whitelisted) =====================1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [62848 2013-01-08] (360.cn)1 360Box64; C:\Windows\System32\Drivers\360Box64.sys [297336 2012-12-31] (360????)1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40688 2012-05-22] (360.cn)1 360FsFlt; C:\Windows\System32\Drivers\360FsFlt.sys [211336 2012-12-06] (360.cn)1 360netmon; C:\Windows\System32\Drivers\360netmon.sys [57984 2012-05-30] (360.cn)1 360SelfProtection; C:\Windows\SysWow64\Drivers\360SelfProtection.sys [123520 2010-10-20] (360????)3 Arctosa; C:\Windows\System32\Drivers\Arctosa.sys [19840 2009-08-19] (Razer USA Ltd.)2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [312480 2011-09-08] ()1 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV64.SYS [188808 2012-11-01] (360.cn)1 EfiMon; C:\Windows\System32\Drivers\EfiMon.sys [19712 2010-08-13] (???)1 EfiMon; C:\Windows\SysWow64\Drivers\EfiMon.sys [19712 2010-08-13] (???)0 HookPort; C:\Windows\SysWow64\Drivers\HookPort.sys [60544 2010-09-23] (360????)0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-06-04] (Lavasoft AB)2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43168 2011-09-08] ()3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-11-04] (McAfee, Inc.)1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [308296 2009-11-04] (McAfee, Inc.)3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.)3 Mkd2Nadr; C:\Windows\System32\Drivers\Mkd2Nadr.sys [106040 2008-10-17] (AhnLab, Inc.)3 Mkd2Nadr; C:\Windows\SysWow64\Drivers\Mkd2Nadr.sys [106040 2008-10-17] (AhnLab, Inc.)3 Mkd3kfNt; C:\Windows\System32\Drivers\Mkd3kfNt.sys [179768 2008-10-17] (AhnLab, Inc.)3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)3 p2pfilter; \??\C:\Program Files (x86)\p2pover\p2pfilter.sys [4524 2005-05-10] ()1 qutmdserv; C:\Windows\System32\drivers\qutmdrv.sys [91184 2010-04-16] (360????)1 RapportCerberus_51755; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [586072 2013-03-29] ()1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [228600 2013-04-02] (Trusteer Ltd.)3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [175352 2013-03-03] (Trusteer Ltd.)0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236248 2013-04-02] (Trusteer Ltd.)1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357272 2013-04-02] (Trusteer Ltd.)3 Razerlow; C:\Windows\System32\Drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)3 s1018bus; C:\Windows\System32\Drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)3 s1018mdfl; C:\Windows\System32\Drivers\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)3 s1018mdm; C:\Windows\System32\Drivers\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)3 s1018mgmt; C:\Windows\System32\Drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)3 s1018nd5; C:\Windows\System32\Drivers\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)3 s1018obex; C:\Windows\System32\Drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)3 s1018unic; C:\Windows\System32\Drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-19] (Duplex Secure Ltd.)3 TesSafe; \??\C:\Windows\system32\TesSafe.sys [163920 2011-08-15] (TENCENT)3 dump_wmimmc; \??\C:\Program Files (x86)\softnyxGame\GunBoundIS\GameGuard\dump_wmimmc.sys [x]3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]2 vcs; \??\C:\Users\FW56E\Desktop\yuyinbianshengqi\vcs.sys [x]3 X6va005; \??\C:\Users\FW56E\AppData\Local\Temp\0058ABB.tmp [x]3 X6va006; \??\C:\Users\FW56E\AppData\Local\Temp\00632C9.tmp [x]3 X6va007; \??\C:\Users\FW56E\AppData\Local\Temp\0077EA0.tmp [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2013-04-10 18:39 - 2013-04-10 18:39 - 00000000 ____D C:\FRST2013-04-10 17:31 - 2013-04-10 17:31 - 01466241 ____A (Farbar) C:\Users\FW56E\Downloads\FRST64.exe2013-04-10 17:30 - 2013-04-10 17:30 - 00001615 ____A C:\Users\FW56E\Desktop\RKreport[1]_S_04102013_02d1830.txt2013-04-10 17:28 - 2013-04-10 17:30 - 00000000 ____D C:\Users\FW56E\Desktop\RK_Quarantine2013-04-10 17:27 - 2013-04-10 17:28 - 00816128 ____A C:\Users\FW56E\Desktop\RogueKiller.exe2013-04-10 17:16 - 2013-04-10 17:16 - 04316280 ____A (Piriform Ltd) C:\Users\FW56E\Downloads\ccsetup400 (1).exe2013-04-10 17:15 - 2013-04-10 17:15 - 00000000 ____D C:\_OTL2013-04-10 17:12 - 2013-04-10 17:12 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk2013-04-10 17:12 - 2013-04-10 17:12 - 00000000 ____D C:\Program Files\CCleaner2013-04-10 17:11 - 2013-04-10 17:11 - 04316280 ____A (Piriform Ltd) C:\Users\FW56E\Downloads\ccsetup400.exe2013-04-10 16:56 - 2013-04-10 16:56 - 00019088 ____A C:\Users\FW56E\Downloads\report_1176f8ad43e3b58246d69f91a5af56197.txt2013-04-10 16:47 - 2013-04-10 17:15 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-04-10 16:47 - 2013-04-10 16:47 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2013-04-10 16:47 - 2013-04-10 16:47 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22013-04-10 16:47 - 2009-01-25 11:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe2013-04-10 16:46 - 2013-04-10 16:46 - 55454464 ____A (Safer-Networking Ltd.                                       ) C:\Users\FW56E\Downloads\SpybotSD2.exe2013-04-10 16:35 - 2013-04-10 16:38 - 00000000 ____D C:\Users\FW56E\Desktop\New folder2013-04-10 16:35 - 2013-04-10 16:36 - 04745728 ____A (AVAST Software) C:\Users\FW56E\Downloads\aswMBR (1).exe2013-04-10 16:32 - 2013-04-10 16:32 - 00209940 ____A C:\Users\FW56E\Downloads\Extras.Txt2013-04-10 16:31 - 2013-04-10 16:31 - 00155232 ____A C:\Users\FW56E\Downloads\OTL.Txt2013-04-10 16:29 - 2013-04-10 16:30 - 04745728 ____A (AVAST Software) C:\Users\FW56E\Downloads\aswMBR.exe2013-04-10 16:11 - 2013-04-10 16:11 - 00602112 ____A (OldTimer Tools) C:\Users\FW56E\Downloads\OTL.exe2013-04-10 15:21 - 2013-04-10 15:21 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\Malwarebytes2013-04-10 15:20 - 2013-04-10 15:20 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-04-10 15:20 - 2013-04-10 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes2013-04-10 15:20 - 2013-04-10 15:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-04-10 15:20 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-04-10 15:10 - 2013-04-08 17:32 - 02309169 ____A C:\Users\FW56E\Downloads\League of Legends RP Code Generator.exe2013-04-10 15:09 - 2013-04-10 15:09 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\FW56E\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-04-10 15:08 - 2013-04-10 15:08 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\FW56E\Downloads\mbam-setup-1.75.0.1300.exe2013-04-10 15:08 - 2013-04-10 15:08 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\FW56E\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-04-10 15:01 - 2013-04-10 15:01 - 00691848 ____A (CNET Download.com) C:\Users\FW56E\Downloads\cbsidlm-cbsi5_4_0_101-Absolute_Key_Logger_Removal_Tool-ORG-75447038.exe2013-04-10 14:51 - 2013-04-10 14:52 - 01056489 ____A C:\Users\FW56E\Downloads\League of Legends RP Code Generator.rar2013-04-10 12:37 - 2013-03-02 06:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-04-10 12:30 - 2013-02-15 06:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll2013-04-10 12:30 - 2013-02-15 06:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll2013-04-10 12:30 - 2013-02-15 06:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll2013-04-10 12:30 - 2013-02-15 04:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2013-04-10 12:30 - 2013-02-15 04:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2013-04-10 12:30 - 2013-02-15 03:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2013-04-10 12:23 - 2013-03-19 06:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-04-10 12:23 - 2013-03-19 05:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-04-10 12:23 - 2013-03-19 05:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-04-10 12:23 - 2013-03-19 05:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-04-10 12:23 - 2013-03-19 04:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-04-10 12:23 - 2013-03-19 03:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe2013-04-10 12:16 - 2013-03-01 03:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-03-28 15:22 - 2012-11-07 17:55 - 00039680 ____A (360????) C:\Windows\System32\Drivers\360LanProtect.sys2013-03-21 23:45 - 2013-03-21 23:45 - 00000000 ____D C:\Windows\SysWOW64\Adobe2013-03-21 23:44 - 2013-03-21 23:44 - 07781072 ____A (Adobe Systems Inc.) C:\Users\FW56E\Downloads\Shockwave_Installer_Slim.exe2013-03-21 23:44 - 2013-03-21 23:44 - 07781072 ____A (Adobe Systems Inc.) C:\Users\FW56E\Downloads\Shockwave_Installer_Slim (1).exe2013-03-19 16:54 - 2013-03-19 16:54 - 54085656 ____A (Blizzard Entertainment) C:\Users\FW56E\Downloads\StarCraft-II-Setup-enUS.exe2013-03-14 02:22 - 2013-03-14 02:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-03-14 02:22 - 2013-03-14 02:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-03-13 18:05 - 2013-03-13 18:05 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\Civitas22013-03-13 18:03 - 2013-03-13 18:03 - 00001338 ____A C:\Users\Public\Desktop\Imperium Romanum - Gold Edition.lnk2013-03-13 18:02 - 2013-03-13 18:05 - 00000000 ____D C:\Program Files (x86)\Kalypso Media2013-03-13 14:23 - 2013-02-12 04:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys2013-03-13 14:06 - 2013-02-28 13:57 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-03-13 14:06 - 2013-02-28 13:57 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-03-13 14:06 - 2013-02-28 13:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-03-13 14:06 - 2013-02-28 13:57 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-03-13 14:06 - 2013-02-28 13:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-03-13 14:06 - 2013-02-28 13:57 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-03-13 14:06 - 2013-02-28 13:57 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-03-13 14:06 - 2013-02-28 13:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-03-13 14:06 - 2013-02-28 13:37 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-03-13 14:06 - 2013-02-28 13:37 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-03-13 14:06 - 2013-02-28 13:37 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-03-13 14:06 - 2013-02-28 13:37 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-03-13 14:06 - 2013-02-28 13:37 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-03-13 14:06 - 2013-02-28 13:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-03-13 14:06 - 2013-02-28 13:37 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-03-13 14:06 - 2013-02-28 13:37 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-03-13 14:06 - 2013-02-28 13:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-03-13 14:06 - 2013-02-28 12:03 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-03-13 14:06 - 2013-02-28 11:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-03-13 14:05 - 2013-02-28 13:57 - 12296192 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-03-13 14:05 - 2013-02-28 13:57 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-03-13 14:05 - 2013-02-28 13:37 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll==================== One Month Modified Files and Folders =======2013-04-10 17:35 - 2010-03-15 19:25 - 00000437 ____A C:\Windows\System32\Drivers\etc\hosts.ics2013-04-10 17:35 - 2009-11-01 00:50 - 04614682 ____A C:\Windows\PFRO.log2013-04-10 17:35 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-04-10 17:35 - 2009-07-14 04:51 - 00205735 ____A C:\Windows\setupact.log2013-04-10 17:34 - 2013-02-27 15:11 - 00000000 ____D C:\Users\FW56E\AppData\Local\PMB Files2013-04-10 17:34 - 2009-11-01 00:10 - 01494125 ____A C:\Windows\WindowsUpdate.log2013-04-10 17:33 - 2009-07-14 05:13 - 00797450 ____A C:\Windows\System32\PerfStringBackup.INI2013-04-10 17:31 - 2013-04-10 17:31 - 01466241 ____A (Farbar) C:\Users\FW56E\Downloads\FRST64.exe2013-04-10 17:30 - 2013-04-10 17:30 - 00001615 ____A C:\Users\FW56E\Desktop\RKreport[1]_S_04102013_02d1830.txt2013-04-10 17:30 - 2013-04-10 17:28 - 00000000 ____D C:\Users\FW56E\Desktop\RK_Quarantine2013-04-10 17:29 - 2010-04-22 21:47 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\360Safe2013-04-10 17:28 - 2013-04-10 17:27 - 00816128 ____A C:\Users\FW56E\Desktop\RogueKiller.exe2013-04-10 17:26 - 2009-07-14 04:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-04-10 17:26 - 2009-07-14 04:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-04-10 17:16 - 2013-04-10 17:16 - 04316280 ____A (Piriform Ltd) C:\Users\FW56E\Downloads\ccsetup400 (1).exe2013-04-10 17:15 - 2013-04-10 17:15 - 00000000 ____D C:\_OTL2013-04-10 17:15 - 2013-04-10 16:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-04-10 17:12 - 2013-04-10 17:12 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk2013-04-10 17:12 - 2013-04-10 17:12 - 00000000 ____D C:\Program Files\CCleaner2013-04-10 17:11 - 2013-04-10 17:11 - 04316280 ____A (Piriform Ltd) C:\Users\FW56E\Downloads\ccsetup400.exe2013-04-10 16:56 - 2013-04-10 16:56 - 00019088 ____A C:\Users\FW56E\Downloads\report_1176f8ad43e3b58246d69f91a5af56197.txt2013-04-10 16:47 - 2013-04-10 16:47 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2013-04-10 16:47 - 2013-04-10 16:47 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22013-04-10 16:46 - 2013-04-10 16:46 - 55454464 ____A (Safer-Networking Ltd.                                       ) C:\Users\FW56E\Downloads\SpybotSD2.exe2013-04-10 16:38 - 2013-04-10 16:35 - 00000000 ____D C:\Users\FW56E\Desktop\New folder2013-04-10 16:36 - 2013-04-10 16:35 - 04745728 ____A (AVAST Software) C:\Users\FW56E\Downloads\aswMBR (1).exe2013-04-10 16:32 - 2013-04-10 16:32 - 00209940 ____A C:\Users\FW56E\Downloads\Extras.Txt2013-04-10 16:31 - 2013-04-10 16:31 - 00155232 ____A C:\Users\FW56E\Downloads\OTL.Txt2013-04-10 16:30 - 2013-04-10 16:29 - 04745728 ____A (AVAST Software) C:\Users\FW56E\Downloads\aswMBR.exe2013-04-10 16:13 - 2010-08-31 14:52 - 00002133 ____A C:\Users\FW56E\Desktop\360????.lnk2013-04-10 16:11 - 2013-04-10 16:11 - 00602112 ____A (OldTimer Tools) C:\Users\FW56E\Downloads\OTL.exe2013-04-10 15:21 - 2013-04-10 15:21 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\Malwarebytes2013-04-10 15:20 - 2013-04-10 15:20 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-04-10 15:20 - 2013-04-10 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes2013-04-10 15:20 - 2013-04-10 15:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-04-10 15:09 - 2013-04-10 15:09 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\FW56E\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-04-10 15:08 - 2013-04-10 15:08 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\FW56E\Downloads\mbam-setup-1.75.0.1300.exe2013-04-10 15:08 - 2013-04-10 15:08 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\FW56E\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-04-10 15:01 - 2013-04-10 15:01 - 00691848 ____A (CNET Download.com) C:\Users\FW56E\Downloads\cbsidlm-cbsi5_4_0_101-Absolute_Key_Logger_Removal_Tool-ORG-75447038.exe2013-04-10 14:58 - 2012-10-14 13:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-04-10 14:58 - 2009-07-14 04:45 - 00496728 ____A C:\Windows\System32\FNTCACHE.DAT2013-04-10 14:55 - 2010-01-04 15:36 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\Skype2013-04-10 14:52 - 2013-04-10 14:51 - 01056489 ____A C:\Users\FW56E\Downloads\League of Legends RP Code Generator.rar2013-04-10 12:38 - 2012-04-01 17:54 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-04-10 12:38 - 2011-05-18 08:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-04-10 03:29 - 2012-08-13 10:39 - 00000000 ____D C:\ProgramData\QvodPlayer2013-04-09 23:44 - 2011-11-15 17:02 - 00000000 ____D C:\Media2013-04-09 17:58 - 2011-09-12 15:42 - 00000000 ____D C:\Users\FW56E\Documents\Outlook Files2013-04-09 06:20 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing2013-04-08 19:59 - 2010-02-13 12:08 - 00000000 ____D C:\Users\FW56E\Documents\Tencent Files2013-04-08 17:32 - 2013-04-10 15:10 - 02309169 ____A C:\Users\FW56E\Downloads\League of Legends RP Code Generator.exe2013-04-07 21:47 - 2011-09-22 12:24 - 00000000 ____D C:\Program Files (x86)\StarCraft II2013-04-07 20:35 - 2013-02-25 17:20 - 00000000 ___RD C:\Program Files (x86)\Skype2013-04-07 20:35 - 2009-11-01 00:38 - 00000000 ____D C:\ProgramData\Skype2013-04-05 14:09 - 2010-02-08 23:51 - 00000000 ____D C:\ppsvodcache2013-04-05 14:07 - 2010-04-20 19:32 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\PPStream2013-04-04 13:50 - 2013-04-10 15:20 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-04-02 12:16 - 2011-02-25 11:51 - 00236248 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys2013-04-01 23:44 - 2012-01-06 18:40 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\KuGou72013-04-01 18:25 - 2010-06-09 20:15 - 00001076 ____A C:\Users\Public\Desktop\QQ??.lnk2013-03-29 14:28 - 2010-02-13 12:08 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\Tencent2013-03-29 14:26 - 2010-04-30 14:13 - 00000000 ____D C:\Windows\Tasks\360Disabled2013-03-29 00:24 - 2012-04-09 21:57 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\360mobilemgr2013-03-21 23:45 - 2013-03-21 23:45 - 00000000 ____D C:\Windows\SysWOW64\Adobe2013-03-21 23:44 - 2013-03-21 23:44 - 07781072 ____A (Adobe Systems Inc.) C:\Users\FW56E\Downloads\Shockwave_Installer_Slim.exe2013-03-21 23:44 - 2013-03-21 23:44 - 07781072 ____A (Adobe Systems Inc.) C:\Users\FW56E\Downloads\Shockwave_Installer_Slim (1).exe2013-03-19 20:01 - 2011-09-22 12:24 - 00000000 ____D C:\Users\FW56E\Documents\StarCraft II2013-03-19 19:40 - 2011-09-22 12:24 - 00001057 ____A C:\Users\Public\Desktop\StarCraft II.lnk2013-03-19 16:54 - 2013-03-19 16:54 - 54085656 ____A (Blizzard Entertainment) C:\Users\FW56E\Downloads\StarCraft-II-Setup-enUS.exe2013-03-19 06:04 - 2013-04-10 12:23 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-03-19 05:46 - 2013-04-10 12:23 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-03-19 05:04 - 2013-04-10 12:23 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-03-19 05:04 - 2013-04-10 12:23 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-03-19 04:47 - 2013-04-10 12:23 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-03-19 03:06 - 2013-04-10 12:23 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe2013-03-16 20:25 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\NDF2013-03-16 20:21 - 2012-10-09 18:06 - 00000000 ____D C:\Program Files (x86)\RaidCall2013-03-14 03:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache2013-03-14 02:25 - 2010-02-08 23:20 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-03-14 02:25 - 2009-11-01 00:30 - 00000000 ____D C:\ProgramData\Microsoft Help2013-03-14 02:23 - 2013-03-14 02:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-03-14 02:23 - 2013-03-14 02:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-03-13 18:05 - 2013-03-13 18:05 - 00000000 ____D C:\Users\FW56E\AppData\Roaming\Civitas22013-03-13 18:05 - 2013-03-13 18:02 - 00000000 ____D C:\Program Files (x86)\Kalypso Media2013-03-13 18:03 - 2013-03-13 18:03 - 00001338 ____A C:\Users\Public\Desktop\Imperium Romanum - Gold Edition.lnk2013-03-13 18:00 - 2011-11-24 00:00 - 00002185 ____A C:\Users\FW56E\Desktop\??7.lnk2013-03-13 18:00 - 2010-04-28 03:47 - 00000000 ___SD C:\kankan2013-03-13 17:27 - 2010-12-02 19:45 - 00000000 ____D C:\TDDOWNLOAD2013-03-12 00:10 - 2010-03-23 20:33 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points  =========================Restore point made on: 2013-03-29 12:07:10Restore point made on: 2013-03-29 12:12:10Restore point made on: 2013-04-02 15:49:11Restore point made on: 2013-04-03 10:35:31Restore point made on: 2013-04-09 13:51:53Restore point made on: 2013-04-10 12:03:20Restore point made on: 2013-04-10 12:15:53Restore point made on: 2013-04-10 12:22:55Restore point made on: 2013-04-10 12:29:58Restore point made on: 2013-04-10 12:37:33==================== Memory info =========================== Percentage of memory in use: 16%Total physical RAM: 4063.02 MBAvailable physical RAM: 3405.9 MBTotal Pagefile: 4061.17 MBAvailable Pagefile: 3393.76 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB==================== Partitions =============================1 Drive c: () (Fixed) (Total:454.49 GB) (Free:76.29 GB) NTFS2 Drive e: (Recovery) (Fixed) (Total:11.17 GB) (Free:0.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]4 Drive g: () (Removable) (Total:1.91 GB) (Free:1.17 GB) FAT5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]  Disk ###  Status         Size     Free     Dyn  Gpt  --------  -------------  -------  -------  ---  ---  Disk 0    Online          465 GB      0 B           Disk 1    Online         1959 MB      0 B         Partitions of Disk 0:===============Disk ID: 239B2184  Partition ###  Type              Size     Offset  -------------  ----------------  -------  -------  Partition 1    Recovery            11 GB  1024 KB  Partition 2    Primary            100 MB    11 GB  Partition 3    Primary            454 GB    11 GB==================================================================================Disk: 0Partition 1Type  : 27Hidden: YesActive: No  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 3     E   Recovery     NTFS   Partition     11 GB  Healthy    Hidden  =========================================================Disk: 0Partition 2Type  : 07Hidden: NoActive: Yes  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 1     Y   System Rese  NTFS   Partition    100 MB  Healthy            =========================================================Disk: 0Partition 3Type  : 07Hidden: NoActive: No  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 2     C                NTFS   Partition    454 GB  Healthy            =========================================================Partitions of Disk 1:===============Disk ID: 00000000  Partition ###  Type              Size     Offset  -------------  ----------------  -------  -------  Partition 1    Primary           1959 MB    31 KB==================================================================================Disk: 1Partition 1Type  : 0EHidden: NoActive: Yes  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 4     G                FAT    Removable   1959 MB  Healthy            ======================================================================================= MBR Partition Table ================================================Partitions of Disk 0:===============Disk ID: 239B2184Partition 1:=========Hex: 0020210027FEFFFF0008000000706501Active: NOType: 27Size: 11 GBPartition 2:=========Hex: 80FEFFFF07FEFFFF0078650100200300Active: YESType: 07 (NTFS)Size: 100 MBPartition 3:=========Hex: 00FEFFFF07FEFFFF0098680130C0CF38Active: NOType: 07 (NTFS)Size: 454 GB==============================Partitions of Disk 1:===============Disk ID: 00000000Partition 1:=========Hex: 800101000E0FFF8C3F000000523E3D00Active: YESType: 0ESize: 2 GBLast Boot: 2013-04-06 01:16==================== End Of Log =============================</blockquote>

Verification

Top