Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing.


  • This topic is locked This topic is locked
8 replies to this topic

#1 cincygoon

cincygoon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 09 April 2012 - 09:03 PM

I did the steps with frst64.exe and will attach my log file as well. I'm running Win 7 x64. Thank you!!

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 09-04-2012 21:42:15
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [PLFSetL] C:\Windows\\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2009-09-02] (Avid Technology, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [390 2012-04-08] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe [x]
HKLM-x32\...\Run: [AmdAgent] C:\Windows\Temp\temp68.exe [x]
HKLM-x32\...\Run: [CGWGCnHLqP.exe] C:\ProgramData\CGWGCnHLqP.exe [300544 2012-04-08] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Acer\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-01] (Google Inc.)
HKU\Acer\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Acer\...\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [249856 2005-08-11] (Macrovision Corporation)
HKU\Acer\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2011-12-14] (Acresso Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2011-03-24] (Adobe Systems)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [325200 2010-03-03] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [865824 2010-02-05] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-19] ()
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-15] (Skype Technologies)

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6405120 2010-03-17] (ATI Technologies Inc.)
1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16877 2002-07-16] (Adaptec)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 Bridge; C:\Windows\System32\Drivers\Bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-10-05] (Citrix Systems, Inc.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-03-29] (DT Soft Ltd)
3 MAUSBMOBILEPRE; C:\Windows\System32\DRIVERS\MAudioMobilePre.sys [187912 2009-09-02] (Avid Technology, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 ScreamBAudioSvc; C:\Windows\System32\drivers\ScreamingBAudio64.sys [38992 2010-07-01] (Screaming Bee LLC)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [103272 2009-05-21] (PACE Anti-Piracy, Inc.)
0 Tpkd; C:\Windows\SysWow64\Drivers\Tpkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 PCDSRVC{51725DDC-760D55D3-06020101}_0; \??\c:\users\acer\appdata\local\temp\vbno3esa8fg0\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-09 21:42 - 2012-04-09 21:42 - 0000000 ____D C:\FRST
2012-04-08 20:15 - 2012-04-08 20:15 - 0271024 ____A C:\Windows\Minidump\040912-37128-01.dmp
2012-04-08 19:40 - 2012-04-08 19:40 - 0001845 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-08 19:40 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-04-08 19:40 - 2012-03-06 15:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-04-08 19:40 - 2012-03-06 15:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-04-08 19:40 - 2012-03-06 15:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-04-08 19:40 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-04-08 19:40 - 2012-03-06 15:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-04-08 19:40 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-04-08 19:40 - 2012-03-06 15:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-04-08 19:40 - 2012-03-06 15:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-04-08 14:30 - 2012-04-08 14:27 - 0300544 ___AH C:\Users\All Users\CGWGCnHLqP.exe
2012-04-08 14:30 - 2012-04-08 14:27 - 0300544 ___AH C:\ProgramData\CGWGCnHLqP.exe
2012-04-08 14:28 - 2012-04-08 14:28 - 0000000 ____D C:\Windows\system64
2012-04-08 14:07 - 2012-04-08 14:07 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\Malwarebytes
2012-04-08 14:06 - 2012-04-08 19:36 - 0000000 ___HD C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-08 14:06 - 2012-04-08 14:06 - 0000000 ___HD C:\Users\All Users\Malwarebytes
2012-04-08 14:06 - 2012-04-08 14:06 - 0000000 ___HD C:\ProgramData\Malwarebytes
2012-04-08 14:06 - 2011-12-10 11:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-08 05:37 - 2012-04-08 05:37 - 0275208 ___AH C:\Windows\Minidump\040812-33945-01.dmp
2012-04-08 05:28 - 2012-04-08 05:28 - 0275264 ___AH C:\Windows\Minidump\040812-34398-01.dmp
2012-04-07 14:12 - 2012-04-07 14:12 - 0275208 ___AH C:\Windows\Minidump\040712-33462-01.dmp
2012-04-07 11:47 - 2012-04-07 11:47 - 0275208 ___AH C:\Windows\Minidump\040712-33914-01.dmp
2012-04-06 10:24 - 2012-04-06 10:25 - 0881952 ___AH C:\Windows\Minidump\040612-68796-01.dmp
2012-04-06 09:22 - 2012-04-09 08:57 - 1598710 ___AH C:\Windows\ntbtlog.txt
2012-04-06 08:13 - 2009-07-13 17:14 - 0020480 ___AH (Microsoft Corporation) C:\Windows\svchost.exe
2012-03-25 19:56 - 2011-12-16 09:56 - 0000000 ___HD C:\Users\Acer\Desktop\NexExpP2
2012-03-24 13:49 - 2012-03-24 13:49 - 0000000 ___HD C:\Users\Acer\Downloads\Auto-Tune_Efx_VST_PC_v1.00
2012-03-19 17:50 - 2012-03-19 18:20 - 0000000 ___HD C:\Users\Acer\Desktop\thinkinboutyou
2012-03-19 17:48 - 2012-03-19 17:56 - 0000000 ___HD C:\Users\Acer\Desktop\onlyone
2012-03-17 22:29 - 2012-03-19 18:28 - 0000000 ___HD C:\Users\Acer\Desktop\neverforgetme
2012-03-17 22:07 - 2012-03-19 17:50 - 0000000 ___HD C:\Users\Acer\Desktop\moneyO
2012-03-17 21:57 - 2012-03-19 17:40 - 0000000 ___HD C:\Users\Acer\Desktop\practice
2012-03-17 21:36 - 2012-03-19 17:36 - 0000000 ___HD C:\Users\Acer\Desktop\perfectinterlude
2012-03-17 21:09 - 2012-03-17 23:24 - 0000000 ___HD C:\Users\Acer\Downloads\[XBOX 1] Grand Theft Auto San Andreas
2012-03-17 20:54 - 2012-03-17 21:05 - 0001264 ___AH C:\Users\Acer\Desktop\Download U.lnk
2012-03-17 20:54 - 2012-03-17 21:05 - 0000000 ___HD C:\Program Files (x86)\1ClickDownload
2012-03-17 20:32 - 2012-03-17 20:35 - 0001286 ___AH C:\Users\Acer\Downloads\Download U.lnk
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\Users\All Users\Tarma Installer
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\ProgramData\Tarma Installer
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\Program Files (x86)\Yontoo
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\Program Files (x86)\fbphotozoom
2012-03-17 19:00 - 2012-03-17 19:10 - 563609284 ___AH C:\Users\Acer\Desktop\Produce.avi
2012-03-17 18:03 - 2012-03-17 18:03 - 5931415 ___AH C:\Users\Acer\Downloads\Beyonce feat. Andre 3000 & Kanye West - Party - www.XRPSMixEdit.blogspot.com.mp3
2012-03-14 20:14 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 20:14 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 20:14 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-14 08:34 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 08:34 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 08:34 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 08:33 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 08:33 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 08:33 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-14 08:32 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 08:32 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 08:32 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 08:32 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-11 12:08 - 2012-03-11 12:08 - 0000000 ___HD C:\Program Files (x86)\Cyberlink
2012-03-11 12:06 - 2012-03-11 12:08 - 0000000 ___HD C:\Program Files\CyberLink
2012-03-11 12:06 - 2012-03-11 12:06 - 0000000 ___HD C:\Users\All Users\CLSK
2012-03-11 12:06 - 2012-03-11 12:06 - 0000000 ___HD C:\ProgramData\CLSK
2012-03-11 11:54 - 2012-03-11 12:03 - 589372728 ___AH C:\Users\Acer\Downloads\CyberLink.1424a_GM4_Trial_VDE120130-03.exe
2012-03-11 11:40 - 2012-03-11 11:41 - 0000000 ___HD C:\Users\Acer\Desktop\MUSICVIDEO
2012-03-11 11:39 - 2012-03-11 11:39 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\DiskAid
2012-03-11 11:39 - 2012-03-11 11:39 - 0000000 ___HD C:\Program Files (x86)\DigiDNA
2012-03-11 09:15 - 2012-03-11 17:42 - 0000000 ___HD C:\Users\Acer\Desktop\inthemorning
2012-03-11 09:14 - 2012-03-11 09:14 - 30537450 ___AH C:\Users\Acer\Downloads\inthemorning.zip
2012-03-11 08:09 - 2012-03-11 18:13 - 0000000 ___HD C:\Users\Acer\Desktop\work out
2012-03-11 08:09 - 2012-03-11 17:49 - 0000000 ___HD C:\Users\Acer\Desktop\comeandgo
2012-03-10 18:02 - 2012-03-10 18:05 - 5015178 ___AH C:\Users\Acer\Desktop\MarvinRough.mp3
2012-03-10 17:35 - 2012-03-10 17:35 - 2472678 ___AH C:\Users\Acer\Downloads\Drake Marvins Room Instrumental- HD ACTUAL THING! (D_L Link).mp3

============ 3 Months Modified Files and Folders =============

2012-04-09 21:42 - 2012-04-09 21:42 - 0000000 ____D C:\FRST
2012-04-09 12:26 - 2010-07-12 14:50 - 3015884800 __ASH C:\hiberfil.sys
2012-04-09 08:57 - 2012-04-06 09:22 - 1598710 ___AH C:\Windows\ntbtlog.txt
2012-04-09 00:41 - 2010-07-12 14:50 - 0740240 ___AH C:\Windows\PFRO.log
2012-04-08 20:17 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-08 20:15 - 2012-04-08 20:15 - 0271024 ____A C:\Windows\Minidump\040912-37128-01.dmp
2012-04-08 20:15 - 2011-04-01 12:09 - 0000000 ___HD C:\Windows\Minidump
2012-04-08 20:15 - 2009-07-13 20:51 - 0132005 ___AH C:\Windows\setupact.log
2012-04-08 20:14 - 2011-04-01 12:09 - 553693784 ____A C:\Windows\MEMORY.DMP
2012-04-08 19:40 - 2012-04-08 19:40 - 0001845 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-08 19:36 - 2012-04-08 14:06 - 0000000 ___HD C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-08 14:28 - 2012-04-08 14:28 - 0000000 ____D C:\Windows\system64
2012-04-08 14:27 - 2012-04-08 14:30 - 0300544 ___AH C:\Users\All Users\CGWGCnHLqP.exe
2012-04-08 14:27 - 2012-04-08 14:30 - 0300544 ___AH C:\ProgramData\CGWGCnHLqP.exe
2012-04-08 14:07 - 2012-04-08 14:07 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\Malwarebytes
2012-04-08 14:06 - 2012-04-08 14:06 - 0000000 ___HD C:\Users\All Users\Malwarebytes
2012-04-08 14:06 - 2012-04-08 14:06 - 0000000 ___HD C:\ProgramData\Malwarebytes
2012-04-08 13:06 - 2009-07-13 18:34 - 0000882 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-04-08 08:41 - 2010-07-12 14:53 - 2007761 ___AH C:\Windows\WindowsUpdate.log
2012-04-08 08:31 - 2011-11-07 17:48 - 0000384 ___AH C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
2012-04-08 05:37 - 2012-04-08 05:37 - 0275208 ___AH C:\Windows\Minidump\040812-33945-01.dmp
2012-04-08 05:28 - 2012-04-08 05:28 - 0275264 ___AH C:\Windows\Minidump\040812-34398-01.dmp
2012-04-07 14:12 - 2012-04-07 14:12 - 0275208 ___AH C:\Windows\Minidump\040712-33462-01.dmp
2012-04-07 11:47 - 2012-04-07 11:47 - 0275208 ___AH C:\Windows\Minidump\040712-33914-01.dmp
2012-04-06 13:17 - 2010-07-12 12:59 - 0000000 ___HD C:\users\Acer
2012-04-06 10:25 - 2012-04-06 10:24 - 0881952 ___AH C:\Windows\Minidump\040612-68796-01.dmp
2012-04-06 08:10 - 2011-10-25 18:46 - 0000000 ___HD C:\Users\Acer\Desktop\SampleNEW
2012-04-06 07:51 - 2011-03-30 22:40 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\Skype
2012-04-05 17:36 - 2011-07-03 21:53 - 0000000 ___HD C:\Users\Acer\AppData\Local\ElevatedDiagnostics
2012-04-05 12:19 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-05 12:18 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 16:01 - 2011-04-18 18:22 - 0000032 ___AH C:\Windows\SysWOW64\w3data.vss
2012-03-30 16:01 - 2011-04-18 18:22 - 0000032 ___AH C:\Windows\SysWOW64\msvcsv60.dll
2012-03-30 16:01 - 2011-04-18 18:22 - 0000032 ___AH C:\Windows\msocreg32.dat
2012-03-30 13:04 - 2009-07-13 21:08 - 0032554 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-30 12:55 - 2011-03-22 19:28 - 0000898 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-29 14:56 - 2009-07-13 21:13 - 0730448 ___AH C:\Windows\System32\PerfStringBackup.INI
2012-03-29 14:50 - 2011-03-22 19:28 - 0000894 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-28 19:30 - 2011-05-26 18:54 - 0000000 ___HD C:\Users\Acer\AppData\Local\CrashDumps
2012-03-25 17:59 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\NDF
2012-03-25 17:30 - 2011-05-10 17:42 - 0000000 ___HD C:\Users\All Users\PACE Anti-Piracy
2012-03-25 17:30 - 2011-05-10 17:42 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\PACE Anti-Piracy
2012-03-25 17:30 - 2011-05-10 17:42 - 0000000 ___HD C:\ProgramData\PACE Anti-Piracy
2012-03-25 16:07 - 2011-03-24 12:30 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\uTorrent
2012-03-24 14:17 - 2011-04-30 14:48 - 0000000 ___HD C:\Program Files (x86)\Antares Audio Technologies
2012-03-24 14:17 - 2011-03-22 19:51 - 0000000 ___HD C:\Program Files (x86)\VstPlugins
2012-03-24 13:49 - 2012-03-24 13:49 - 0000000 ___HD C:\Users\Acer\Downloads\Auto-Tune_Efx_VST_PC_v1.00
2012-03-19 18:28 - 2012-03-17 22:29 - 0000000 ___HD C:\Users\Acer\Desktop\neverforgetme
2012-03-19 18:20 - 2012-03-19 17:50 - 0000000 ___HD C:\Users\Acer\Desktop\thinkinboutyou
2012-03-19 17:56 - 2012-03-19 17:48 - 0000000 ___HD C:\Users\Acer\Desktop\onlyone
2012-03-19 17:50 - 2012-03-17 22:07 - 0000000 ___HD C:\Users\Acer\Desktop\moneyO
2012-03-19 17:40 - 2012-03-17 21:57 - 0000000 ___HD C:\Users\Acer\Desktop\practice
2012-03-19 17:36 - 2012-03-17 21:36 - 0000000 ___HD C:\Users\Acer\Desktop\perfectinterlude
2012-03-18 19:08 - 2011-03-22 13:30 - 0000000 ___HD C:\Users\Acer\AppData\Local\Google
2012-03-17 23:24 - 2012-03-17 21:09 - 0000000 ___HD C:\Users\Acer\Downloads\[XBOX 1] Grand Theft Auto San Andreas
2012-03-17 23:20 - 2011-03-24 19:58 - 0000000 ___HD C:\Users\Acer\Documents\My Recordings
2012-03-17 21:05 - 2012-03-17 20:54 - 0001264 ___AH C:\Users\Acer\Desktop\Download U.lnk
2012-03-17 21:05 - 2012-03-17 20:54 - 0000000 ___HD C:\Program Files (x86)\1ClickDownload
2012-03-17 20:35 - 2012-03-17 20:32 - 0001286 ___AH C:\Users\Acer\Downloads\Download U.lnk
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\Users\All Users\Tarma Installer
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\ProgramData\Tarma Installer
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\Program Files (x86)\Yontoo
2012-03-17 20:32 - 2012-03-17 20:32 - 0000000 ___HD C:\Program Files (x86)\fbphotozoom
2012-03-17 19:10 - 2012-03-17 19:00 - 563609284 ___AH C:\Users\Acer\Desktop\Produce.avi
2012-03-17 18:03 - 2012-03-17 18:03 - 5931415 ___AH C:\Users\Acer\Downloads\Beyonce feat. Andre 3000 & Kanye West - Party - www.XRPSMixEdit.blogspot.com.mp3
2012-03-15 13:57 - 2009-07-13 20:45 - 5000248 ___AH C:\Windows\System32\FNTCACHE.DAT
2012-03-14 20:14 - 2010-04-01 23:24 - 0000000 ___HD C:\Users\All Users\Microsoft Help
2012-03-14 20:14 - 2010-04-01 23:24 - 0000000 ___HD C:\ProgramData\Microsoft Help
2012-03-12 18:54 - 2011-03-30 22:54 - 0000000 ___HD C:\Users\All Users\CyberLink
2012-03-12 18:54 - 2011-03-30 22:54 - 0000000 ___HD C:\ProgramData\CyberLink
2012-03-12 11:19 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\config\TxR
2012-03-11 18:13 - 2012-03-11 08:09 - 0000000 ___HD C:\Users\Acer\Desktop\work out
2012-03-11 17:49 - 2012-03-11 08:09 - 0000000 ___HD C:\Users\Acer\Desktop\comeandgo
2012-03-11 17:42 - 2012-03-11 09:15 - 0000000 ___HD C:\Users\Acer\Desktop\inthemorning
2012-03-11 12:25 - 2011-03-30 22:54 - 0000000 ___HD C:\Users\Public\CyberLink
2012-03-11 12:12 - 2011-03-30 22:54 - 0000000 ___HD C:\Users\Acer\Documents\CyberLink
2012-03-11 12:12 - 2011-03-30 22:54 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\CyberLink
2012-03-11 12:11 - 2010-07-12 12:59 - 0117952 ___AH C:\Users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-11 12:09 - 2011-03-30 00:11 - 0000000 ___HD C:\Program Files (x86)\QuickTime
2012-03-11 12:08 - 2012-03-11 12:08 - 0000000 ___HD C:\Program Files (x86)\Cyberlink
2012-03-11 12:08 - 2012-03-11 12:06 - 0000000 ___HD C:\Program Files\CyberLink
2012-03-11 12:08 - 2010-07-12 12:59 - 0000000 ___HD C:\Users\Acer\AppData\LocalLow
2012-03-11 12:06 - 2012-03-11 12:06 - 0000000 ___HD C:\Users\All Users\CLSK
2012-03-11 12:06 - 2012-03-11 12:06 - 0000000 ___HD C:\ProgramData\CLSK
2012-03-11 12:06 - 2010-04-01 23:12 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-11 12:03 - 2012-03-11 11:54 - 589372728 ___AH C:\Users\Acer\Downloads\CyberLink.1424a_GM4_Trial_VDE120130-03.exe
2012-03-11 11:41 - 2012-03-11 11:40 - 0000000 ___HD C:\Users\Acer\Desktop\MUSICVIDEO
2012-03-11 11:39 - 2012-03-11 11:39 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\DiskAid
2012-03-11 11:39 - 2012-03-11 11:39 - 0000000 ___HD C:\Program Files (x86)\DigiDNA
2012-03-11 09:14 - 2012-03-11 09:14 - 30537450 ___AH C:\Users\Acer\Downloads\inthemorning.zip
2012-03-10 18:05 - 2012-03-10 18:02 - 5015178 ___AH C:\Users\Acer\Desktop\MarvinRough.mp3
2012-03-10 17:53 - 2011-03-24 19:57 - 0000000 ___HD C:\Program Files (x86)\Acoustica Shared Effects
2012-03-10 17:35 - 2012-03-10 17:35 - 2472678 ___AH C:\Users\Acer\Downloads\Drake Marvins Room Instrumental- HD ACTUAL THING! (D_L Link).mp3
2012-03-08 17:00 - 2012-03-08 16:58 - 0275264 ___AH C:\Windows\Minidump\030812-75488-01.dmp
2012-03-07 20:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-07 16:44 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\PolicyDefinitions
2012-03-06 21:09 - 2012-03-06 21:09 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-06 21:09 - 2012-03-06 21:09 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-06 21:09 - 2012-03-06 21:09 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-06 21:09 - 2012-03-06 21:09 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-06 21:09 - 2012-03-06 21:09 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-06 21:09 - 2012-03-06 21:09 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-06 21:09 - 2012-03-06 21:09 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-06 21:09 - 2012-03-06 21:09 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-06 21:09 - 2012-03-06 21:09 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-06 21:09 - 2012-03-06 21:09 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-06 21:09 - 2012-03-06 21:09 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-06 21:09 - 2012-03-06 21:09 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-06 21:09 - 2012-03-06 21:09 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-06 21:09 - 2012-03-06 21:09 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-06 21:09 - 2012-03-06 21:09 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-06 21:09 - 2012-03-06 21:07 - 0003397 ___AH C:\Windows\IE9_main.log
2012-03-06 15:15 - 2012-04-08 19:40 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-04-08 19:40 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-04-08 19:40 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-04-08 19:40 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-04-08 19:40 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-04-08 19:40 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-04-08 19:40 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-04-08 19:40 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-04-08 19:40 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-06 12:09 - 2011-03-29 19:13 - 0000000 ___HD C:\Users\All Users\DAEMON Tools Lite
2012-03-06 12:09 - 2011-03-29 19:13 - 0000000 ___HD C:\ProgramData\DAEMON Tools Lite
2012-03-04 10:08 - 2012-03-04 10:08 - 0000843 ___AH C:\Users\Acer\Desktop\Downloads.lnk
2012-03-03 21:50 - 2012-03-03 21:44 - 0000000 ___HD C:\Users\Acer\Desktop\JJ - XP Vol 1
2012-03-03 21:33 - 2012-03-03 21:33 - 0275264 ___AH C:\Windows\Minidump\030412-86596-01.dmp
2012-03-03 20:00 - 2011-03-30 22:40 - 0000000 __RHD C:\Program Files (x86)\Skype
2012-03-03 20:00 - 2011-03-30 22:40 - 0000000 ___HD C:\Users\All Users\Skype
2012-03-03 20:00 - 2011-03-30 22:40 - 0000000 ___HD C:\ProgramData\Skype
2012-02-29 11:50 - 2011-06-16 20:09 - 0000000 ___HD C:\Users\Acer\Desktop\Acer_Camera_Suyin_v.5.2.5.3_Win7x86x64
2012-02-23 05:18 - 2011-09-04 15:45 - 0279656 ____H (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 20:50 - 2012-02-22 20:50 - 0000076 ___AH C:\Users\Acer\Desktop\hypersonic 2.txt
2012-02-20 17:15 - 2012-02-20 17:12 - 0000000 ___HD C:\Users\Acer\Downloads\Steinberg.Hypersonic.2.0.Rebuild.SynsoEmu
2012-02-20 13:57 - 2012-02-20 13:56 - 0275264 ___AH C:\Windows\Minidump\022012-89060-01.dmp
2012-02-19 12:00 - 2011-06-16 08:52 - 0414368 ___AH (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-19 11:26 - 2010-07-12 13:02 - 0000843 ___AH C:\Users\Acer\Documents\Downloads.lnk
2012-02-19 11:26 - 2010-07-12 13:02 - 0000174 ___SH C:\Users\Acer\Start Menu\Programs\Startup\desktop.ini
2012-02-19 11:26 - 2010-07-12 13:02 - 0000174 ___SH C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-18 13:37 - 2010-04-01 23:34 - 0000000 ___HD C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 22:38 - 2012-03-14 08:32 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 08:32 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 08:32 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 08:32 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-13 16:11 - 2012-02-13 16:11 - 0000000 ___HD C:\Users\Acer\Documents\iZotope Nectar
2012-02-13 16:11 - 2011-12-14 19:59 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\iZotope
2012-02-09 22:36 - 2012-03-14 08:34 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 08:34 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 19:48 - 2011-03-24 12:31 - 0000000 ___HD C:\Program Files (x86)\uTorrent
2012-02-08 19:18 - 2012-02-08 19:18 - 0000000 __HDC C:\Users\All Users\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-02-08 19:18 - 2012-02-08 19:18 - 0000000 __HDC C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-02-08 19:18 - 2011-03-29 19:25 - 0000000 ___HD C:\Program Files\Native Instruments
2012-02-08 19:18 - 2011-03-23 18:56 - 0000000 ___HD C:\Program Files\VstPlugins
2012-02-08 19:17 - 2012-02-08 19:17 - 0000000 __HDC C:\Users\All Users\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-02-08 19:17 - 2012-02-08 19:17 - 0000000 __HDC C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-02-08 19:17 - 2012-02-08 19:17 - 0000000 ___HD C:\Users\All Users\Native Instruments
2012-02-08 19:17 - 2012-02-08 19:17 - 0000000 ___HD C:\ProgramData\Native Instruments
2012-02-08 19:12 - 2012-02-08 19:04 - 0000000 ___HD C:\Users\Acer\Downloads\Native.Instruments.Massive.STANDALONE.VSTi.RTAS.v1.3.0.x86.x64-ASSiGN
2012-02-08 16:49 - 2012-02-08 16:48 - 0454656 ___AH C:\Users\Acer\Downloads\KeyGen.exe
2012-02-02 20:34 - 2012-03-14 08:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-28 19:07 - 2012-01-28 19:05 - 0000000 ___HD C:\Users\Acer\Documents\FlashDrive
2012-01-24 22:38 - 2012-03-14 08:33 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-14 08:33 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-14 08:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-19 19:49 - 2012-01-19 19:48 - 0000000 ___HD C:\Users\Acer\Documents\Ableton
2012-01-19 19:48 - 2012-01-19 19:48 - 0000000 ___HD C:\Users\All Users\Ableton
2012-01-19 19:48 - 2012-01-19 19:48 - 0000000 ___HD C:\Users\Acer\AppData\Roaming\Ableton
2012-01-19 19:48 - 2012-01-19 19:48 - 0000000 ___HD C:\ProgramData\Ableton
2012-01-19 19:43 - 2012-01-19 19:43 - 0000000 ___HD C:\Program Files (x86)\Ableton
2012-01-19 12:05 - 2011-11-19 15:46 - 0000000 ___HD C:\Users\Acer\Desktop\MMCOLLAB - Objectified
2012-01-11 22:26 - 2011-10-21 07:20 - 54008112 ___AH (Microsoft Corporation) C:\Windows\System32\MRT.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3142.46 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3135.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:441.9 GB) (Free:199.92 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:21.79 GB) (Free:10.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (Recovery1) (CDROM) (Total:3.91 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:2.06 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 21 GB 31 KB
Partition 2 Primary 2110 MB 21 GB
Partition 3 Primary 441 GB 23 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 21 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 2110 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 441 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3824 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-04-05 12:44

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   45.46KB   4 downloads

Edited by Noviciate, 10 April 2012 - 02:49 PM.
Added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:25 PM

Posted 10 April 2012 - 03:04 PM

Good evening. :)

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [AmdAgent] C:\Windows\Temp\temp68.exe [x]
SubSystems: [Windows] ==> ZeroAccess
cmd: bootrec /FixMbr
TDL4: custom:26000022

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

So long, and thanks for all the fish.

 

 


#3 cincygoon

cincygoon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 10 April 2012 - 07:41 PM

FIXLOG RESULTS:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-10 20:38:26 R:1
Running from G:\

==============================================

HKLM-x32\\\.\.\.\\Run\\AmdAgent Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

Attached Files


Edited by Noviciate, 11 April 2012 - 01:56 PM.
Added from attachment.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:25 PM

Posted 11 April 2012 - 01:57 PM

Good evening. :)

How is the PC behaving now?

So long, and thanks for all the fish.

 

 


#5 cincygoon

cincygoon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 11 April 2012 - 02:33 PM

I can now log onto Windows normally but every icon on my desktop is now transparent, and internet explorer will not function for some reason.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:25 PM

Posted 12 April 2012 - 03:17 PM

Good evening. :)

Pick one of the icons on your Desktop, right click it and select Properties.
Select the General Tab and see if the Hidden box is checked - if it is, uncheck it and click Apply and then OK.
If that makes the icon look like it should, repeat for all the others on your Desktop.


Let me know how that goes.

So long, and thanks for all the fish.

 

 


#7 cincygoon

cincygoon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 12 April 2012 - 07:17 PM

I was able to make the untransparent anymore by turning off hidden. Internet explorer however will still not function.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:25 PM

Posted 13 April 2012 - 02:30 PM

Good evening.

Can you expand on "Internet explorer however will still not function" - does it not start, start but not connect to the internet or something else?

So long, and thanks for all the fish.

 

 


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:25 PM

Posted 18 April 2012 - 03:11 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users