Jump to content

Oh boy here we go again. That redirect virus...


nexus18
 Share

Recommended Posts

Well im back. Same redirect virus and all. Well maybe not the same. This time it didn't install anything really, it just redirects me. One thing to note however is that I cannot access any of the major search engines main websites. Whilst I can access the IP address and browse, typing in the regular website comes up with nothing but a 404 error. Checked the hosts file and its clean. Ran Malware Bytes and everything is clean. What the hell? I still get redirected and the websites won't connect, I don't even get a ping response when using cmd.

Here's a MBAM scan log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.08.02

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Jose Luis Jr :: JOSELUISJR-PC [administrator]

9/8/2012 2:54:24 AM

mbam-log-2012-09-08 (02-54-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208988

Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

So yea. Im confused as hell here, any help is very appreciated.

Link to post
Share on other sites

Hello nexus18.

This needs more follow-up checks.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Ah I see. Yes, follow-up checks make sense. Thank you for your time!

aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-09 02:43:14

-----------------------------

02:43:14.115 OS Version: Windows 6.1.7601 Service Pack 1

02:43:14.115 Number of processors: 8 586 0x1E05

02:43:14.116 ComputerName: JOSELUISJR-PC UserName: Jose Luis Jr

02:43:24.859 Initialize success

02:44:19.204 AVAST engine defs: 12090801

02:45:20.146 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

02:45:20.152 Disk 0 Vendor: ST95005620AS SD28 Size: 476940MB BusType: 11

02:45:20.160 Disk 0 MBR read successfully

02:45:20.168 Disk 0 MBR scan

02:45:20.179 Disk 0 Windows 7 default MBR code

02:45:20.188 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

02:45:20.195 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

02:45:20.203 Disk 0 scanning sectors +976771072

02:45:20.221 Disk 0 scanning C:\Windows\system32\drivers

02:45:25.966 Service scanning

02:45:38.916 Modules scanning

02:45:43.218 Scan finished successfully

02:45:53.937 Disk 0 MBR has been saved successfully to "C:\Users\Jose Luis Jr\Documents\MBR.dat"

02:45:53.946 The log file has been saved successfully to "C:\Users\Jose Luis Jr\Documents\aswMBR.txt"

TDSSKILLER report:

02:46:19.0255 1824 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

02:46:19.0606 1824 ============================================================

02:46:19.0606 1824 Current date / time: 2012/09/09 02:46:19.0606

02:46:19.0606 1824 SystemInfo:

02:46:19.0606 1824

02:46:19.0607 1824 OS Version: 6.1.7601 ServicePack: 1.0

02:46:19.0607 1824 Product type: Workstation

02:46:19.0607 1824 ComputerName: JOSELUISJR-PC

02:46:19.0607 1824 UserName: Jose Luis Jr

02:46:19.0607 1824 Windows directory: C:\Windows

02:46:19.0607 1824 System windows directory: C:\Windows

02:46:19.0607 1824 Processor architecture: Intel x86

02:46:19.0607 1824 Number of processors: 8

02:46:19.0607 1824 Page size: 0x1000

02:46:19.0607 1824 Boot type: Normal boot

02:46:19.0607 1824 ============================================================

02:46:20.0725 1824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

02:46:20.0728 1824 ============================================================

02:46:20.0728 1824 \Device\Harddisk0\DR0:

02:46:20.0728 1824 MBR partitions:

02:46:20.0728 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

02:46:20.0728 1824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

02:46:20.0728 1824 ============================================================

02:46:20.0733 1824 C: <-> \Device\Harddisk0\DR0\Partition2

02:46:20.0733 1824 ============================================================

02:46:20.0733 1824 Initialize success

02:46:20.0733 1824 ============================================================

02:46:24.0935 5796 ============================================================

02:46:24.0935 5796 Scan started

02:46:24.0935 5796 Mode: Manual;

02:46:24.0935 5796 ============================================================

02:46:25.0654 5796 ================ Scan system memory ========================

02:46:25.0654 5796 System memory - ok

02:46:25.0655 5796 ================ Scan services =============================

02:46:25.0821 5796 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

02:46:25.0824 5796 1394ohci - ok

02:46:25.0871 5796 5897 - ok

02:46:25.0889 5796 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

02:46:25.0896 5796 ACPI - ok

02:46:25.0906 5796 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

02:46:25.0906 5796 AcpiPmi - ok

02:46:25.0921 5796 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

02:46:25.0922 5796 AdobeARMservice - ok

02:46:25.0933 5796 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

02:46:25.0937 5796 AdobeFlashPlayerUpdateSvc - ok

02:46:25.0953 5796 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

02:46:25.0957 5796 adp94xx - ok

02:46:25.0970 5796 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

02:46:25.0973 5796 adpahci - ok

02:46:25.0989 5796 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

02:46:25.0991 5796 adpu320 - ok

02:46:26.0018 5796 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

02:46:26.0032 5796 AeLookupSvc - ok

02:46:26.0139 5796 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

02:46:26.0146 5796 AFD - ok

02:46:26.0178 5796 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

02:46:26.0197 5796 AgereSoftModem - ok

02:46:26.0205 5796 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

02:46:26.0205 5796 agp440 - ok

02:46:26.0212 5796 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

02:46:26.0214 5796 aic78xx - ok

02:46:26.0222 5796 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

02:46:26.0224 5796 ALG - ok

02:46:26.0230 5796 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

02:46:26.0230 5796 aliide - ok

02:46:26.0242 5796 [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

02:46:26.0245 5796 AMD External Events Utility - ok

02:46:26.0254 5796 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

02:46:26.0254 5796 amdagp - ok

02:46:26.0259 5796 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

02:46:26.0260 5796 amdide - ok

02:46:26.0266 5796 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

02:46:26.0267 5796 AmdK8 - ok

02:46:26.0422 5796 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

02:46:26.0608 5796 amdkmdag - ok

02:46:26.0626 5796 [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

02:46:26.0630 5796 amdkmdap - ok

02:46:26.0636 5796 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

02:46:26.0637 5796 AmdPPM - ok

02:46:26.0644 5796 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys

02:46:26.0645 5796 amdsata - ok

02:46:26.0654 5796 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

02:46:26.0655 5796 amdsbs - ok

02:46:26.0661 5796 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys

02:46:26.0661 5796 amdxata - ok

02:46:26.0666 5796 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

02:46:26.0668 5796 AppID - ok

02:46:26.0673 5796 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

02:46:26.0674 5796 AppIDSvc - ok

02:46:26.0695 5796 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll

02:46:26.0696 5796 Appinfo - ok

02:46:26.0705 5796 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

02:46:26.0707 5796 AppMgmt - ok

02:46:26.0714 5796 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

02:46:26.0715 5796 arc - ok

02:46:26.0725 5796 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

02:46:26.0726 5796 arcsas - ok

02:46:26.0751 5796 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

02:46:26.0753 5796 aspnet_state - ok

02:46:26.0757 5796 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

02:46:26.0758 5796 AsyncMac - ok

02:46:26.0763 5796 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

02:46:26.0763 5796 atapi - ok

02:46:26.0773 5796 [ 5371FF39AB5C496AC609F9DAD755D778 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

02:46:26.0774 5796 AtiHdmiService - ok

02:46:26.0793 5796 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

02:46:26.0799 5796 AudioEndpointBuilder - ok

02:46:26.0807 5796 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

02:46:26.0810 5796 Audiosrv - ok

02:46:26.0818 5796 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

02:46:26.0819 5796 AxInstSV - ok

02:46:26.0835 5796 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

02:46:26.0843 5796 b06bdrv - ok

02:46:26.0854 5796 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

02:46:26.0857 5796 b57nd60x - ok

02:46:26.0871 5796 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

02:46:26.0873 5796 BDESVC - ok

02:46:26.0880 5796 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

02:46:26.0880 5796 Beep - ok

02:46:26.0899 5796 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll

02:46:26.0909 5796 BFE - ok

02:46:26.0916 5796 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

02:46:26.0916 5796 blbdrive - ok

02:46:27.0023 5796 [ F82FE3C3B87934554491D54498F008E4 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe

02:46:27.0100 5796 Bluetooth Device Manager - ok

02:46:27.0131 5796 [ B097D6C522FF0D61EFE6BC85C25E5949 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe

02:46:27.0144 5796 Bluetooth Media Service - ok

02:46:27.0162 5796 [ 96621958FADE636986F13F32458D8647 ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe

02:46:27.0171 5796 Bluetooth OBEX Service - ok

02:46:27.0178 5796 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

02:46:27.0179 5796 bowser - ok

02:46:27.0184 5796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

02:46:27.0185 5796 BrFiltLo - ok

02:46:27.0190 5796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

02:46:27.0190 5796 BrFiltUp - ok

02:46:27.0198 5796 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

02:46:27.0199 5796 BridgeMP - ok

02:46:27.0207 5796 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll

02:46:27.0208 5796 Browser - ok

02:46:27.0225 5796 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

02:46:27.0227 5796 Brserid - ok

02:46:27.0235 5796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

02:46:27.0236 5796 BrSerWdm - ok

02:46:27.0240 5796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

02:46:27.0241 5796 BrUsbMdm - ok

02:46:27.0246 5796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

02:46:27.0247 5796 BrUsbSer - ok

02:46:27.0254 5796 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

02:46:27.0255 5796 BthEnum - ok

02:46:27.0260 5796 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

02:46:27.0261 5796 BTHMODEM - ok

02:46:27.0268 5796 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

02:46:27.0270 5796 BthPan - ok

02:46:27.0285 5796 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

02:46:27.0289 5796 BTHPORT - ok

02:46:27.0295 5796 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

02:46:27.0296 5796 bthserv - ok

02:46:27.0302 5796 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

02:46:27.0303 5796 BTHUSB - ok

02:46:27.0307 5796 btmaudio - ok

02:46:27.0314 5796 [ 6F14BB67AE49143DF6D56BD52C1CB925 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys

02:46:27.0314 5796 BTMCOM - ok

02:46:27.0335 5796 [ 70F16E401DFE2882EFD9A0FC10124274 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys

02:46:27.0339 5796 BTMUSB - ok

02:46:27.0344 5796 catchme - ok

02:46:27.0352 5796 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

02:46:27.0352 5796 cdfs - ok

02:46:27.0360 5796 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys

02:46:27.0362 5796 cdrom - ok

02:46:27.0369 5796 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

02:46:27.0371 5796 CertPropSvc - ok

02:46:27.0377 5796 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

02:46:27.0378 5796 circlass - ok

02:46:27.0388 5796 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

02:46:27.0391 5796 CLFS - ok

02:46:27.0403 5796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

02:46:27.0405 5796 clr_optimization_v2.0.50727_32 - ok

02:46:27.0413 5796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

02:46:27.0423 5796 clr_optimization_v4.0.30319_32 - ok

02:46:27.0429 5796 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

02:46:27.0429 5796 CmBatt - ok

02:46:27.0434 5796 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

02:46:27.0435 5796 cmdide - ok

02:46:27.0449 5796 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys

02:46:27.0455 5796 CNG - ok

02:46:27.0460 5796 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

02:46:27.0461 5796 Compbatt - ok

02:46:27.0466 5796 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

02:46:27.0467 5796 CompositeBus - ok

02:46:27.0471 5796 COMSysApp - ok

02:46:27.0477 5796 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

02:46:27.0478 5796 crcdisk - ok

02:46:27.0488 5796 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll

02:46:27.0490 5796 CryptSvc - ok

02:46:27.0504 5796 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys

02:46:27.0510 5796 CSC - ok

02:46:27.0532 5796 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll

02:46:27.0538 5796 CscService - ok

02:46:27.0554 5796 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

02:46:27.0561 5796 DcomLaunch - ok

02:46:27.0571 5796 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

02:46:27.0574 5796 defragsvc - ok

02:46:27.0586 5796 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

02:46:27.0587 5796 DfsC - ok

02:46:27.0599 5796 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

02:46:27.0602 5796 Dhcp - ok

02:46:27.0608 5796 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

02:46:27.0609 5796 discache - ok

02:46:27.0615 5796 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

02:46:27.0616 5796 Disk - ok

02:46:27.0624 5796 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

02:46:27.0626 5796 Dnscache - ok

02:46:27.0637 5796 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

02:46:27.0640 5796 dot3svc - ok

02:46:27.0649 5796 [ B5E479EB83707DD698F66953E922042C ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys

02:46:27.0651 5796 dot4 - ok

02:46:27.0657 5796 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys

02:46:27.0657 5796 Dot4Print - ok

02:46:27.0662 5796 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

02:46:27.0663 5796 dot4usb - ok

02:46:27.0678 5796 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

02:46:27.0680 5796 DPS - ok

02:46:27.0685 5796 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

02:46:27.0686 5796 drmkaud - ok

02:46:27.0712 5796 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

02:46:27.0719 5796 DXGKrnl - ok

02:46:27.0726 5796 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

02:46:27.0728 5796 EapHost - ok

02:46:27.0785 5796 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

02:46:27.0837 5796 ebdrv - ok

02:46:27.0844 5796 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

02:46:27.0845 5796 EFS - ok

02:46:27.0867 5796 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

02:46:27.0873 5796 ehRecvr - ok

02:46:27.0879 5796 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

02:46:27.0880 5796 ehSched - ok

02:46:27.0887 5796 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys

02:46:27.0888 5796 ElbyCDIO - ok

02:46:27.0904 5796 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

02:46:27.0908 5796 elxstor - ok

02:46:27.0914 5796 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

02:46:27.0914 5796 ErrDev - ok

02:46:27.0930 5796 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

02:46:27.0933 5796 EventSystem - ok

02:46:27.0942 5796 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

02:46:27.0944 5796 exfat - ok

02:46:27.0952 5796 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

02:46:27.0954 5796 fastfat - ok

02:46:27.0976 5796 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

02:46:27.0983 5796 Fax - ok

02:46:27.0988 5796 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

02:46:27.0989 5796 fdc - ok

02:46:27.0994 5796 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

02:46:27.0995 5796 fdPHost - ok

02:46:28.0001 5796 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

02:46:28.0002 5796 FDResPub - ok

02:46:28.0007 5796 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

02:46:28.0008 5796 FileInfo - ok

02:46:28.0013 5796 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

02:46:28.0013 5796 Filetrace - ok

02:46:28.0035 5796 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

02:46:28.0048 5796 FLEXnet Licensing Service - ok

02:46:28.0053 5796 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

02:46:28.0054 5796 flpydisk - ok

02:46:28.0063 5796 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

02:46:28.0065 5796 FltMgr - ok

02:46:28.0089 5796 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll

02:46:28.0107 5796 FontCache - ok

02:46:28.0113 5796 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

02:46:28.0114 5796 FontCache3.0.0.0 - ok

02:46:28.0120 5796 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

02:46:28.0120 5796 FsDepends - ok

02:46:28.0125 5796 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

02:46:28.0126 5796 Fs_Rec - ok

02:46:28.0135 5796 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

02:46:28.0137 5796 fvevol - ok

02:46:28.0144 5796 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

02:46:28.0145 5796 gagp30kx - ok

02:46:28.0150 5796 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys

02:46:28.0151 5796 ggflt - ok

02:46:28.0156 5796 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys

02:46:28.0157 5796 ggsemc - ok

02:46:28.0176 5796 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

02:46:28.0189 5796 gpsvc - ok

02:46:28.0195 5796 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

02:46:28.0196 5796 hcw85cir - ok

02:46:28.0208 5796 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

02:46:28.0214 5796 HdAudAddService - ok

02:46:28.0221 5796 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

02:46:28.0223 5796 HDAudBus - ok

02:46:28.0228 5796 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

02:46:28.0229 5796 HidBatt - ok

02:46:28.0235 5796 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

02:46:28.0236 5796 HidBth - ok

02:46:28.0241 5796 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

02:46:28.0242 5796 HidIr - ok

02:46:28.0249 5796 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

02:46:28.0250 5796 hidserv - ok

02:46:28.0257 5796 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

02:46:28.0257 5796 HidUsb - ok

02:46:28.0264 5796 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

02:46:28.0266 5796 hkmsvc - ok

02:46:28.0275 5796 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

02:46:28.0278 5796 HomeGroupListener - ok

02:46:28.0293 5796 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

02:46:28.0296 5796 HomeGroupProvider - ok

02:46:28.0302 5796 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

02:46:28.0303 5796 HpSAMD - ok

02:46:28.0322 5796 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

02:46:28.0328 5796 HTTP - ok

02:46:28.0333 5796 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

02:46:28.0333 5796 hwpolicy - ok

02:46:28.0340 5796 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

02:46:28.0341 5796 i8042prt - ok

02:46:28.0360 5796 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

02:46:28.0364 5796 iaStorV - ok

02:46:28.0394 5796 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

02:46:28.0404 5796 idsvc - ok

02:46:28.0410 5796 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

02:46:28.0411 5796 iirsp - ok

02:46:28.0432 5796 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

02:46:28.0446 5796 IKEEXT - ok

02:46:28.0531 5796 [ 97FA95E4F486F37D60AD3744D86F3D7E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

02:46:28.0608 5796 IntcAzAudAddService - ok

02:46:28.0619 5796 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

02:46:28.0620 5796 intelide - ok

02:46:28.0626 5796 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

02:46:28.0627 5796 intelppm - ok

02:46:28.0634 5796 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

02:46:28.0636 5796 IPBusEnum - ok

02:46:28.0642 5796 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:46:28.0643 5796 IpFilterDriver - ok

02:46:28.0665 5796 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

02:46:28.0675 5796 iphlpsvc - ok

02:46:28.0682 5796 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

02:46:28.0682 5796 IPMIDRV - ok

02:46:28.0690 5796 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

02:46:28.0691 5796 IPNAT - ok

02:46:28.0695 5796 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

02:46:28.0696 5796 IRENUM - ok

02:46:28.0702 5796 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

02:46:28.0703 5796 isapnp - ok

02:46:28.0714 5796 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

02:46:28.0716 5796 iScsiPrt - ok

02:46:28.0725 5796 [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

02:46:28.0727 5796 JMCR - ok

02:46:28.0733 5796 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

02:46:28.0734 5796 kbdclass - ok

02:46:28.0739 5796 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

02:46:28.0739 5796 kbdhid - ok

02:46:28.0744 5796 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

02:46:28.0745 5796 KeyIso - ok

02:46:28.0752 5796 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

02:46:28.0753 5796 KSecDD - ok

02:46:28.0761 5796 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

02:46:28.0763 5796 KSecPkg - ok

02:46:28.0785 5796 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

02:46:28.0790 5796 KtmRm - ok

02:46:28.0799 5796 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll

02:46:28.0803 5796 LanmanServer - ok

02:46:28.0809 5796 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

02:46:28.0812 5796 LanmanWorkstation - ok

02:46:28.0820 5796 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

02:46:28.0821 5796 lltdio - ok

02:46:28.0830 5796 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

02:46:28.0833 5796 lltdsvc - ok

02:46:28.0837 5796 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

02:46:28.0839 5796 lmhosts - ok

02:46:28.0848 5796 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

02:46:28.0848 5796 LSI_FC - ok

02:46:28.0855 5796 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

02:46:28.0856 5796 LSI_SAS - ok

02:46:28.0862 5796 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

02:46:28.0864 5796 LSI_SAS2 - ok

02:46:28.0870 5796 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

02:46:28.0871 5796 LSI_SCSI - ok

02:46:28.0878 5796 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

02:46:28.0878 5796 luafv - ok

02:46:28.0884 5796 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

02:46:28.0884 5796 MBAMProtector - ok

02:46:28.0912 5796 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

02:46:28.0919 5796 MBAMService - ok

02:46:28.0926 5796 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

02:46:28.0928 5796 Mcx2Svc - ok

02:46:28.0933 5796 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

02:46:28.0934 5796 megasas - ok

02:46:28.0944 5796 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

02:46:28.0947 5796 MegaSR - ok

02:46:28.0953 5796 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

02:46:28.0955 5796 MMCSS - ok

02:46:28.0960 5796 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

02:46:28.0960 5796 Modem - ok

02:46:28.0970 5796 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

02:46:28.0971 5796 monitor - ok

02:46:28.0978 5796 [ 9960B18D55E7BD0F265C3C1953D19592 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys

02:46:28.0978 5796 MotioninJoyXFilter - ok

02:46:28.0984 5796 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

02:46:28.0984 5796 mouclass - ok

02:46:28.0990 5796 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

02:46:28.0990 5796 mouhid - ok

02:46:28.0997 5796 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

02:46:28.0998 5796 mountmgr - ok

02:46:29.0005 5796 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

02:46:29.0006 5796 MozillaMaintenance - ok

02:46:29.0014 5796 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

02:46:29.0015 5796 mpio - ok

02:46:29.0020 5796 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

02:46:29.0020 5796 mpsdrv - ok

02:46:29.0029 5796 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

02:46:29.0030 5796 MRxDAV - ok

02:46:29.0037 5796 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

02:46:29.0038 5796 mrxsmb - ok

02:46:29.0048 5796 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:46:29.0051 5796 mrxsmb10 - ok

02:46:29.0058 5796 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:46:29.0060 5796 mrxsmb20 - ok

02:46:29.0065 5796 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys

02:46:29.0066 5796 msahci - ok

02:46:29.0073 5796 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys

02:46:29.0074 5796 msdsm - ok

02:46:29.0082 5796 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

02:46:29.0085 5796 MSDTC - ok

02:46:29.0094 5796 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

02:46:29.0094 5796 Msfs - ok

02:46:29.0098 5796 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

02:46:29.0099 5796 mshidkmdf - ok

02:46:29.0104 5796 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

02:46:29.0104 5796 msisadrv - ok

02:46:29.0111 5796 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

02:46:29.0114 5796 MSiSCSI - ok

02:46:29.0118 5796 msiserver - ok

02:46:29.0123 5796 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

02:46:29.0123 5796 MSKSSRV - ok

02:46:29.0127 5796 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

02:46:29.0127 5796 MSPCLOCK - ok

02:46:29.0132 5796 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

02:46:29.0133 5796 MSPQM - ok

02:46:29.0141 5796 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

02:46:29.0143 5796 MsRPC - ok

02:46:29.0150 5796 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

02:46:29.0151 5796 mssmbios - ok

02:46:29.0155 5796 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

02:46:29.0156 5796 MSTEE - ok

02:46:29.0161 5796 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

02:46:29.0161 5796 MTConfig - ok

02:46:29.0166 5796 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

02:46:29.0167 5796 Mup - ok

02:46:29.0181 5796 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

02:46:29.0186 5796 napagent - ok

02:46:29.0197 5796 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

02:46:29.0200 5796 NativeWifiP - ok

02:46:29.0222 5796 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys

02:46:29.0230 5796 NDIS - ok

02:46:29.0235 5796 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

02:46:29.0237 5796 NdisCap - ok

02:46:29.0241 5796 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

02:46:29.0242 5796 NdisTapi - ok

02:46:29.0248 5796 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

02:46:29.0249 5796 Ndisuio - ok

02:46:29.0256 5796 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

02:46:29.0257 5796 NdisWan - ok

02:46:29.0264 5796 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

02:46:29.0264 5796 NDProxy - ok

02:46:29.0269 5796 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

02:46:29.0270 5796 NetBIOS - ok

02:46:29.0279 5796 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

02:46:29.0281 5796 NetBT - ok

02:46:29.0285 5796 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

02:46:29.0286 5796 Netlogon - ok

02:46:29.0302 5796 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

02:46:29.0308 5796 Netman - ok

02:46:29.0314 5796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

02:46:29.0318 5796 NetMsmqActivator - ok

02:46:29.0321 5796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

02:46:29.0322 5796 NetPipeActivator - ok

02:46:29.0335 5796 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

02:46:29.0340 5796 netprofm - ok

02:46:29.0345 5796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

02:46:29.0346 5796 NetTcpActivator - ok

02:46:29.0349 5796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

02:46:29.0350 5796 NetTcpPortSharing - ok

02:46:29.0459 5796 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys

02:46:29.0551 5796 netw5v32 - ok

02:46:29.0558 5796 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

02:46:29.0559 5796 nfrd960 - ok

02:46:29.0569 5796 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll

02:46:29.0573 5796 NlaSvc - ok

02:46:29.0579 5796 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

02:46:29.0580 5796 Npfs - ok

02:46:29.0585 5796 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

02:46:29.0587 5796 nsi - ok

02:46:29.0591 5796 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

02:46:29.0591 5796 nsiproxy - ok

02:46:29.0624 5796 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

02:46:29.0658 5796 Ntfs - ok

02:46:29.0663 5796 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

02:46:29.0664 5796 Null - ok

02:46:29.0673 5796 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys

02:46:29.0675 5796 nvraid - ok

02:46:29.0682 5796 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys

02:46:29.0684 5796 nvstor - ok

02:46:29.0691 5796 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

02:46:29.0691 5796 nv_agp - ok

02:46:29.0698 5796 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

02:46:29.0698 5796 ohci1394 - ok

02:46:29.0710 5796 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

02:46:29.0714 5796 p2pimsvc - ok

02:46:29.0730 5796 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

02:46:29.0735 5796 p2psvc - ok

02:46:29.0742 5796 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

02:46:29.0744 5796 Parport - ok

02:46:29.0749 5796 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys

02:46:29.0751 5796 partmgr - ok

02:46:29.0755 5796 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

02:46:29.0756 5796 Parvdm - ok

02:46:29.0765 5796 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

02:46:29.0768 5796 PcaSvc - ok

02:46:29.0777 5796 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

02:46:29.0778 5796 pci - ok

02:46:29.0784 5796 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

02:46:29.0785 5796 pciide - ok

02:46:29.0793 5796 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

02:46:29.0795 5796 pcmcia - ok

02:46:29.0801 5796 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

02:46:29.0802 5796 pcw - ok

02:46:29.0821 5796 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

02:46:29.0827 5796 PEAUTH - ok

02:46:29.0857 5796 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

02:46:29.0868 5796 PeerDistSvc - ok

02:46:29.0911 5796 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

02:46:29.0937 5796 pla - ok

02:46:29.0957 5796 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

02:46:29.0962 5796 PlugPlay - ok

02:46:29.0968 5796 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

02:46:29.0970 5796 PNRPAutoReg - ok

02:46:29.0977 5796 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

02:46:29.0979 5796 PNRPsvc - ok

02:46:29.0994 5796 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

02:46:30.0001 5796 PolicyAgent - ok

02:46:30.0010 5796 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

02:46:30.0012 5796 Power - ok

02:46:30.0019 5796 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

02:46:30.0019 5796 PptpMiniport - ok

02:46:30.0024 5796 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

02:46:30.0025 5796 Processor - ok

02:46:30.0034 5796 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll

02:46:30.0038 5796 ProfSvc - ok

02:46:30.0043 5796 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

02:46:30.0044 5796 ProtectedStorage - ok

02:46:30.0051 5796 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

02:46:30.0053 5796 Psched - ok

02:46:30.0089 5796 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

02:46:30.0115 5796 ql2300 - ok

02:46:30.0123 5796 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

02:46:30.0124 5796 ql40xx - ok

02:46:30.0135 5796 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

02:46:30.0138 5796 QWAVE - ok

02:46:30.0144 5796 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

02:46:30.0145 5796 QWAVEdrv - ok

02:46:30.0149 5796 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

02:46:30.0150 5796 RasAcd - ok

02:46:30.0156 5796 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

02:46:30.0157 5796 RasAgileVpn - ok

02:46:30.0164 5796 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

02:46:30.0166 5796 RasAuto - ok

02:46:30.0172 5796 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

02:46:30.0174 5796 Rasl2tp - ok

02:46:30.0185 5796 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

02:46:30.0192 5796 RasMan - ok

02:46:30.0198 5796 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

02:46:30.0200 5796 RasPppoe - ok

02:46:30.0206 5796 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

02:46:30.0207 5796 RasSstp - ok

02:46:30.0217 5796 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

02:46:30.0220 5796 rdbss - ok

02:46:30.0225 5796 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

02:46:30.0226 5796 rdpbus - ok

02:46:30.0232 5796 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

02:46:30.0232 5796 RDPCDD - ok

02:46:30.0242 5796 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

02:46:30.0243 5796 RDPDR - ok

02:46:30.0249 5796 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

02:46:30.0249 5796 RDPENCDD - ok

02:46:30.0255 5796 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

02:46:30.0256 5796 RDPREFMP - ok

02:46:30.0267 5796 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

02:46:30.0268 5796 RdpVideoMiniport - ok

02:46:30.0277 5796 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

02:46:30.0279 5796 RDPWD - ok

02:46:30.0288 5796 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

02:46:30.0290 5796 rdyboost - ok

02:46:30.0297 5796 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

02:46:30.0299 5796 RemoteAccess - ok

02:46:30.0306 5796 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

02:46:30.0309 5796 RemoteRegistry - ok

02:46:30.0316 5796 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

02:46:30.0316 5796 RFCOMM - ok

02:46:30.0322 5796 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

02:46:30.0324 5796 RpcEptMapper - ok

02:46:30.0329 5796 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

02:46:30.0331 5796 RpcLocator - ok

02:46:30.0343 5796 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll

02:46:30.0346 5796 RpcSs - ok

02:46:30.0353 5796 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

02:46:30.0354 5796 rspndr - ok

02:46:30.0363 5796 [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys

02:46:30.0365 5796 RTHDMIAzAudService - ok

02:46:30.0381 5796 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

02:46:30.0388 5796 RTL8167 - ok

02:46:30.0395 5796 [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys

02:46:30.0396 5796 s1018bus - ok

02:46:30.0401 5796 [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys

02:46:30.0402 5796 s1018mdfl - ok

02:46:30.0409 5796 [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys

02:46:30.0410 5796 s1018mdm - ok

02:46:30.0418 5796 [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys

02:46:30.0418 5796 s1018mgmt - ok

02:46:30.0438 5796 [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys

02:46:30.0438 5796 s1018nd5 - ok

02:46:30.0445 5796 [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys

02:46:30.0446 5796 s1018obex - ok

02:46:30.0453 5796 [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys

02:46:30.0454 5796 s1018unic - ok

02:46:30.0459 5796 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

02:46:30.0459 5796 s3cap - ok

02:46:30.0464 5796 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

02:46:30.0465 5796 SamSs - ok

02:46:30.0471 5796 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

02:46:30.0472 5796 sbp2port - ok

02:46:30.0480 5796 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

02:46:30.0483 5796 SCardSvr - ok

02:46:30.0489 5796 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

02:46:30.0490 5796 scfilter - ok

02:46:30.0516 5796 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

02:46:30.0526 5796 Schedule - ok

02:46:30.0532 5796 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

02:46:30.0532 5796 SCPolicySvc - ok

02:46:30.0540 5796 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys

02:46:30.0540 5796 sdbus - ok

02:46:30.0550 5796 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

02:46:30.0553 5796 SDRSVC - ok

02:46:30.0558 5796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

02:46:30.0559 5796 secdrv - ok

02:46:30.0564 5796 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

02:46:30.0566 5796 seclogon - ok

02:46:30.0572 5796 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

02:46:30.0574 5796 SENS - ok

02:46:30.0579 5796 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

02:46:30.0581 5796 SensrSvc - ok

02:46:30.0586 5796 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

02:46:30.0587 5796 Serenum - ok

02:46:30.0593 5796 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

02:46:30.0594 5796 Serial - ok

02:46:30.0599 5796 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

02:46:30.0600 5796 sermouse - ok

02:46:30.0612 5796 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

02:46:30.0615 5796 SessionEnv - ok

02:46:30.0619 5796 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

02:46:30.0620 5796 sffdisk - ok

02:46:30.0627 5796 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

02:46:30.0628 5796 sffp_mmc - ok

02:46:30.0632 5796 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

02:46:30.0633 5796 sffp_sd - ok

02:46:30.0638 5796 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

02:46:30.0639 5796 sfloppy - ok

02:46:30.0653 5796 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

02:46:30.0659 5796 SharedAccess - ok

02:46:30.0672 5796 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

02:46:30.0679 5796 ShellHWDetection - ok

02:46:30.0685 5796 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

02:46:30.0686 5796 sisagp - ok

02:46:30.0691 5796 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

02:46:30.0692 5796 SiSRaid2 - ok

02:46:30.0700 5796 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

02:46:30.0701 5796 SiSRaid4 - ok

02:46:30.0712 5796 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

02:46:30.0715 5796 SkypeUpdate - ok

02:46:30.0721 5796 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

02:46:30.0722 5796 Smb - ok

02:46:30.0732 5796 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

02:46:30.0734 5796 SNMPTRAP - ok

02:46:30.0746 5796 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe

02:46:30.0748 5796 Sony PC Companion - ok

02:46:30.0753 5796 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

02:46:30.0754 5796 spldr - ok

02:46:30.0766 5796 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe

02:46:30.0773 5796 Spooler - ok

02:46:30.0843 5796 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

02:46:30.0943 5796 sppsvc - ok

02:46:30.0951 5796 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

02:46:30.0954 5796 sppuinotify - ok

02:46:30.0970 5796 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

02:46:30.0975 5796 srv - ok

02:46:30.0987 5796 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

02:46:30.0992 5796 srv2 - ok

02:46:30.0999 5796 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

02:46:31.0001 5796 srvnet - ok

02:46:31.0009 5796 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

02:46:31.0012 5796 SSDPSRV - ok

02:46:31.0019 5796 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

02:46:31.0022 5796 SstpSvc - ok

02:46:31.0025 5796 Steam Client Service - ok

02:46:31.0031 5796 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

02:46:31.0032 5796 stexstor - ok

02:46:31.0048 5796 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

02:46:31.0058 5796 StiSvc - ok

02:46:31.0099 5796 [ 36565318396A9D0A880687D1BB9C7F79 ] StkCMini C:\Windows\system32\Drivers\StkCMini.sys

02:46:31.0125 5796 StkCMini - ok

02:46:31.0142 5796 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

02:46:31.0143 5796 storflt - ok

02:46:31.0149 5796 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys

02:46:31.0150 5796 storvsc - ok

02:46:31.0155 5796 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys

02:46:31.0155 5796 swenum - ok

02:46:31.0167 5796 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

02:46:31.0172 5796 swprv - ok

02:46:31.0176 5796 Synth3dVsc - ok

02:46:31.0209 5796 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

02:46:31.0233 5796 SysMain - ok

02:46:31.0241 5796 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

02:46:31.0243 5796 TabletInputService - ok

02:46:31.0254 5796 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

02:46:31.0258 5796 TapiSrv - ok

02:46:31.0264 5796 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

02:46:31.0266 5796 TBS - ok

02:46:31.0298 5796 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

02:46:31.0324 5796 Tcpip - ok

02:46:31.0345 5796 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

02:46:31.0352 5796 TCPIP6 - ok

02:46:31.0360 5796 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

02:46:31.0361 5796 tcpipreg - ok

02:46:31.0367 5796 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

02:46:31.0368 5796 TDPIPE - ok

02:46:31.0373 5796 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

02:46:31.0374 5796 TDTCP - ok

02:46:31.0380 5796 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

02:46:31.0381 5796 tdx - ok

02:46:31.0386 5796 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys

02:46:31.0387 5796 TermDD - ok

02:46:31.0407 5796 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

02:46:31.0414 5796 TermService - ok

02:46:31.0420 5796 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

02:46:31.0422 5796 Themes - ok

02:46:31.0427 5796 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

02:46:31.0429 5796 THREADORDER - ok

02:46:31.0435 5796 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

02:46:31.0437 5796 TrkWks - ok

02:46:31.0446 5796 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

02:46:31.0449 5796 TrustedInstaller - ok

02:46:31.0456 5796 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

02:46:31.0457 5796 tssecsrv - ok

02:46:31.0465 5796 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

02:46:31.0466 5796 TsUsbFlt - ok

02:46:31.0471 5796 tsusbhub - ok

02:46:31.0480 5796 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

02:46:31.0481 5796 tunnel - ok

02:46:31.0487 5796 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

02:46:31.0488 5796 uagp35 - ok

02:46:31.0498 5796 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

02:46:31.0501 5796 udfs - ok

02:46:31.0510 5796 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

02:46:31.0512 5796 UI0Detect - ok

02:46:31.0519 5796 [ F13DA74969897359A88F2A739F54A250 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

02:46:31.0520 5796 UleadBurningHelper - ok

02:46:31.0526 5796 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

02:46:31.0527 5796 uliagpkx - ok

02:46:31.0533 5796 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys

02:46:31.0533 5796 umbus - ok

02:46:31.0549 5796 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

02:46:31.0550 5796 UmPass - ok

02:46:31.0559 5796 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll

02:46:31.0563 5796 UmRdpService - ok

02:46:31.0574 5796 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

02:46:31.0580 5796 upnphost - ok

02:46:31.0587 5796 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

02:46:31.0588 5796 usbaudio - ok

02:46:31.0594 5796 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

02:46:31.0595 5796 usbccgp - ok

02:46:31.0601 5796 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

02:46:31.0602 5796 usbcir - ok

02:46:31.0608 5796 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys

02:46:31.0608 5796 usbehci - ok

02:46:31.0626 5796 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

02:46:31.0629 5796 usbhub - ok

02:46:31.0634 5796 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys

02:46:31.0634 5796 usbohci - ok

02:46:31.0639 5796 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

02:46:31.0641 5796 usbprint - ok

02:46:31.0647 5796 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

02:46:31.0648 5796 usbscan - ok

02:46:31.0654 5796 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

02:46:31.0655 5796 USBSTOR - ok

02:46:31.0660 5796 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

02:46:31.0661 5796 usbuhci - ok

02:46:31.0669 5796 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

02:46:31.0671 5796 usbvideo - ok

02:46:31.0686 5796 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

02:46:31.0688 5796 UxSms - ok

02:46:31.0693 5796 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

02:46:31.0695 5796 VaultSvc - ok

02:46:31.0700 5796 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

02:46:31.0701 5796 VClone - ok

02:46:31.0706 5796 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

02:46:31.0707 5796 vdrvroot - ok

02:46:31.0720 5796 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

02:46:31.0726 5796 vds - ok

02:46:31.0732 5796 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

02:46:31.0733 5796 vga - ok

02:46:31.0739 5796 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

02:46:31.0739 5796 VgaSave - ok

02:46:31.0743 5796 VGPU - ok

02:46:31.0752 5796 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

02:46:31.0754 5796 vhdmp - ok

02:46:31.0760 5796 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

02:46:31.0761 5796 viaagp - ok

02:46:31.0766 5796 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

02:46:31.0768 5796 ViaC7 - ok

02:46:31.0773 5796 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

02:46:31.0773 5796 viaide - ok

02:46:31.0782 5796 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys

02:46:31.0784 5796 vmbus - ok

02:46:31.0791 5796 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

02:46:31.0792 5796 VMBusHID - ok

02:46:31.0798 5796 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

02:46:31.0799 5796 volmgr - ok

02:46:31.0810 5796 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

02:46:31.0815 5796 volmgrx - ok

02:46:31.0825 5796 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

02:46:31.0828 5796 volsnap - ok

02:46:31.0836 5796 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

02:46:31.0838 5796 vsmraid - ok

02:46:31.0869 5796 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

02:46:31.0880 5796 VSS - ok

02:46:31.0886 5796 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

02:46:31.0887 5796 vwifibus - ok

02:46:31.0901 5796 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

02:46:31.0905 5796 W32Time - ok

02:46:31.0912 5796 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

02:46:31.0913 5796 WacomPen - ok

02:46:31.0919 5796 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

02:46:31.0920 5796 WANARP - ok

02:46:31.0923 5796 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

02:46:31.0923 5796 Wanarpv6 - ok

02:46:31.0970 5796 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

02:46:31.0996 5796 WatAdminSvc - ok

02:46:32.0030 5796 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

02:46:32.0056 5796 wbengine - ok

02:46:32.0065 5796 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

02:46:32.0068 5796 WbioSrvc - ok

02:46:32.0081 5796 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

02:46:32.0086 5796 wcncsvc - ok

02:46:32.0091 5796 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

02:46:32.0093 5796 WcsPlugInService - ok

02:46:32.0098 5796 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

02:46:32.0099 5796 Wd - ok

02:46:32.0115 5796 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

02:46:32.0122 5796 Wdf01000 - ok

02:46:32.0128 5796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

02:46:32.0131 5796 WdiServiceHost - ok

02:46:32.0134 5796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

02:46:32.0136 5796 WdiSystemHost - ok

02:46:32.0146 5796 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

02:46:32.0149 5796 WebClient - ok

02:46:32.0159 5796 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

02:46:32.0162 5796 Wecsvc - ok

02:46:32.0168 5796 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

02:46:32.0170 5796 wercplsupport - ok

02:46:32.0177 5796 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

02:46:32.0179 5796 WerSvc - ok

02:46:32.0188 5796 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

02:46:32.0188 5796 WfpLwf - ok

02:46:32.0193 5796 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

02:46:32.0193 5796 WIMMount - ok

02:46:32.0214 5796 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

02:46:32.0229 5796 WinDefend - ok

02:46:32.0235 5796 WinHttpAutoProxySvc - ok

02:46:32.0254 5796 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

02:46:32.0256 5796 Winmgmt - ok

02:46:32.0312 5796 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

02:46:32.0339 5796 WinRM - ok

02:46:32.0349 5796 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

02:46:32.0350 5796 WinUsb - ok

02:46:32.0377 5796 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

02:46:32.0387 5796 Wlansvc - ok

02:46:32.0423 5796 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

02:46:32.0457 5796 wlidsvc - ok

02:46:32.0463 5796 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

02:46:32.0464 5796 WmiAcpi - ok

02:46:32.0473 5796 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

02:46:32.0475 5796 wmiApSrv - ok

02:46:32.0507 5796 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

02:46:32.0530 5796 WMPNetworkSvc - ok

02:46:32.0535 5796 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

02:46:32.0537 5796 WPCSvc - ok

02:46:32.0544 5796 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

02:46:32.0546 5796 WPDBusEnum - ok

02:46:32.0551 5796 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

02:46:32.0552 5796 ws2ifsl - ok

02:46:32.0558 5796 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll

02:46:32.0561 5796 wscsvc - ok

02:46:32.0564 5796 WSearch - ok

02:46:32.0637 5796 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

02:46:32.0695 5796 wuauserv - ok

02:46:32.0704 5796 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

02:46:32.0705 5796 WudfPf - ok

02:46:32.0713 5796 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

02:46:32.0714 5796 WUDFRd - ok

02:46:32.0720 5796 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

02:46:32.0722 5796 wudfsvc - ok

02:46:32.0731 5796 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

02:46:32.0735 5796 WwanSvc - ok

02:46:32.0743 5796 [ EE9144207EE0211EB5656BA6808AC4A0 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

02:46:32.0744 5796 xusb21 - ok

02:46:32.0752 5796 ================ Scan global ===============================

02:46:32.0758 5796 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

02:46:32.0767 5796 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

02:46:32.0775 5796 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

02:46:32.0782 5796 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

02:46:32.0793 5796 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

02:46:32.0797 5796 [Global] - ok

02:46:32.0797 5796 ================ Scan MBR ==================================

02:46:32.0800 5796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

02:46:32.0982 5796 \Device\Harddisk0\DR0 - ok

02:46:32.0983 5796 ================ Scan VBR ==================================

02:46:32.0987 5796 [ B8042EF1543A4CCA334AB66449B35AA2 ] \Device\Harddisk0\DR0\Partition1

02:46:32.0990 5796 \Device\Harddisk0\DR0\Partition1 - ok

02:46:32.0996 5796 [ 4E739EAB68B1AB920257C0CF29CE96F5 ] \Device\Harddisk0\DR0\Partition2

02:46:32.0999 5796 \Device\Harddisk0\DR0\Partition2 - ok

02:46:33.0000 5796 ============================================================

02:46:33.0000 5796 Scan finished

02:46:33.0000 5796 ============================================================

02:46:33.0020 0244 Detected object count: 0

02:46:33.0020 0244 Actual detected object count: 0

RK report:

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Jose Luis Jr [Admin rights]

Mode : Scan -- Date : 09/09/2012 02:49:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5897 (\??\C:\Users\JOSELU~1\AppData\Local\Temp\5897.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5897 (\??\C:\Users\JOSELU~1\AppData\Local\Temp\5897.sys) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST95005620AS ATA Device +++++

--- User ---

[MBR] b2c7958589ec20e1677b195f21c0b389

[bSP] a1f8a96e2b86c4ce5a6bac37af4a3526 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Nexus18 only. If you are a casual viewer, do NOT try this on your system!

If you are not Nexus18 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 3

If you have a prior copy of Combofix, delete it now :excl:

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

The PC has been perfect. No hiccups or problems so far besides flash crashing and what not. But that has nothing to do with the virus, hahaha.

Rogue Killer Log:

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Jose Luis Jr [Admin rights]

Mode : Remove -- Date : 09/10/2012 00:34:30

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : -> KILLED [TermProc]

¤¤¤ Registry Entries : 19 ¤¤¤

[RUN][bLACKLIST DLL] HKCU\[...]\Run : Adobe (rundll32.exe "C:\Users\Jose Luis Jr\AppData\Local\Aeria Games\Adobe\kphzkv.dll",DllRegisterServerW) -> DELETED

[RUN][bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Adobe (rundll32.exe "C:\Users\Jose Luis Jr\AppData\Local\Aeria Games\Adobe\kphzkv.dll",DllRegisterServerW) -> DELETED

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5897 (\??\C:\Users\JOSELU~1\AppData\Local\Temp\5897.sys) -> DELETED

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5897 (\??\C:\Users\JOSELU~1\AppData\Local\Temp\5897.sys) -> DELETED

[TASK][RESIDU] ProgramDataUpdater : C:\Windows\System32\rundll32.exe -> DELETED

[TASK][RESIDU] Proxy : C:\Windows\System32\rundll32.exe -> DELETED

[TASK][RESIDU] SR : C:\Windows\System32\rundll32.exe -> DELETED

[TASK][RESIDU] IpAddressConflict1 : C:\Windows\System32\rundll32.exe -> DELETED

[TASK][RESIDU] IpAddressConflict2 : C:\Windows\System32\rundll32.exe -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST95005620AS ATA Device +++++

--- User ---

[MBR] b2c7958589ec20e1677b195f21c0b389

[bSP] a1f8a96e2b86c4ce5a6bac37af4a3526 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Rkill Log:

Rkill 2.3.10 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingc...opic308364.html

Program started at: 09/10/2012 12:37:26 AM in x86 mode.

Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.

Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.

Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.

Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.

Startup Type set to: Automatic

* COM+ Event System (MpsSvc) is not Running.

Startup Type set to: Automatic

* Network Connections (Netman) is not Running.

Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.

Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

* Security Center (wscsvc) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.

Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.

Startup Type set to: Manual

* NetBT (NetBT) is not Running.

Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.

Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.

Startup Type set to: System

* MpsSvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/10/2012 12:37:30 AM

Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

Combofix Log:

ComboFix 12-09-09.02 - Jose Luis Jr 09/10/2012 0:39.8.8 - x86 MINIMAL

Microsoft Windows 7 Alienware 2010 6.1.7601.1.1252.1.1033.18.3054.2008 [GMT -5:00]

Running from: c:\users\Jose Luis Jr\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))

.

.

2012-09-10 05:44 . 2012-09-10 05:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-09-10 05:44 . 2012-09-10 05:44 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-09-10 05:44 . 2012-09-10 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-09 09:03 . 2012-09-09 09:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-09 09:03 . 2012-09-09 09:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-09 09:03 . 2012-09-09 09:03 -------- d-----w- c:\program files\OpenAL

2012-09-09 07:41 . 2012-09-09 07:41 -------- d-----w- c:\program files\ERUNT

2012-09-08 07:35 . 2012-09-10 05:44 -------- d-----w- c:\users\Jose Luis Jr\AppData\Local\temp

2012-09-04 07:39 . 2012-09-04 07:39 -------- d-----w- c:\users\Jose Luis Jr\AppData\Local\{B62B5E6F-F663-11E1-8270-B8AC6F996F26}

2012-09-02 08:14 . 2012-09-02 08:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Macromedia

2012-09-02 08:13 . 2012-09-02 08:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla

2012-09-02 08:12 . 2012-09-02 08:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes

2012-09-02 08:10 . 2012-09-02 08:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Ulead Systems

2012-09-02 08:09 . 2012-09-02 08:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI

2012-09-02 08:09 . 2012-09-02 08:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI

2012-08-28 21:21 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F49460A-3E14-4533-B4AF-51E778F2628B}\mpengine.dll

2012-08-24 06:00 . 2012-08-24 06:00 -------- d-----w- c:\users\Jose Luis Jr\AppData\Local\NBGI

2012-08-17 08:01 . 2012-08-17 08:01 -------- d-----w- c:\windows\system32\Wat

2012-08-16 09:42 . 2012-08-21 04:32 -------- d-----w- c:\program files\Project64 1.6

2012-08-16 09:42 . 2012-08-16 09:42 40960 ----a-r- c:\users\Jose Luis Jr\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2012-08-16 09:42 . 2012-08-16 09:42 40960 ----a-r- c:\users\Jose Luis Jr\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2012-08-15 20:29 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 20:29 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 20:29 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 20:29 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll

2012-08-13 09:42 . 2012-08-13 09:42 -------- d-----w- c:\program files\Medieval Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 08:26 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-08-28 21:20 . 2012-04-21 05:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 21:20 . 2012-04-21 05:19 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 05:19 . 2009-07-13 23:42 20268032 ----a-w- c:\windows\system32\imageres.dll

2012-07-11 05:19 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll

2012-07-11 05:19 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll

2012-07-10 02:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-07-03 18:46 . 2012-06-23 05:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-08 16:13 . 2012-09-08 16:13 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-02_08.34.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-22 03:20 . 2012-09-08 08:28 29700 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2012-09-08 21:22 35074 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 04:50 . 2012-08-24 05:26 86016 c:\windows\System32\DriverStore\infpub.dat

+ 2009-07-14 04:50 . 2012-09-07 05:59 86016 c:\windows\System32\DriverStore\infpub.dat

+ 2012-09-08 05:38 . 2012-09-09 09:01 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-07-09 03:00 . 2012-09-08 05:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

- 2012-07-09 03:00 . 2012-08-31 17:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

- 2012-07-08 22:06 . 2012-09-02 07:53 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-07-08 22:06 . 2012-09-08 06:46 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2012-07-08 22:06 . 2012-08-31 19:26 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2012-07-08 22:06 . 2012-09-07 06:04 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2012-04-22 02:57 . 2012-09-08 21:22 9416 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-845778531-2913447589-3389831647-1000_UserData.bin

+ 2012-09-10 05:36 . 2012-09-10 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-09-02 08:32 . 2012-09-02 08:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-09-02 08:32 . 2012-09-02 08:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-09-10 05:36 . 2012-09-10 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-23 19:56 . 2012-09-08 05:37 240762 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2012-04-22 01:08 . 2012-09-10 01:21 275014 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 04:50 . 2012-09-07 05:59 143360 c:\windows\System32\DriverStore\infstrng.dat

- 2009-07-14 04:50 . 2012-08-24 05:26 143360 c:\windows\System32\DriverStore\infstrng.dat

+ 2009-07-14 04:50 . 2012-09-07 05:59 143360 c:\windows\System32\DriverStore\infstor.dat

- 2009-07-14 04:50 . 2012-08-21 09:20 143360 c:\windows\System32\DriverStore\infstor.dat

+ 2012-09-03 16:23 . 2012-09-03 16:23 851176 c:\windows\System32\DriverStore\FileRepository\sa0106adb.inf_x86_neutral_9393be47b75bf1c0\i386\WinUSBCoInstaller2.dll

+ 2012-04-22 02:46 . 2012-09-08 06:46 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-04-22 02:46 . 2012-09-02 07:53 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:47 . 2012-09-10 05:35 296824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-09-09 07:42 . 2005-10-20 17:02 163328 c:\windows\erdnt\9-9-2012\ERDNT.EXE

+ 2012-09-03 16:23 . 2012-09-03 16:23 1461992 c:\windows\System32\DriverStore\FileRepository\sa0106adb.inf_x86_neutral_9393be47b75bf1c0\i386\WdfCoInstaller01009.dll

- 2012-07-08 22:40 . 2012-09-02 08:08 7072148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-07-08 22:40 . 2012-09-07 06:11 7072148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-09-09 07:42 . 2012-09-09 07:42 2641920 c:\windows\erdnt\9-9-2012\Users\00000002\UsrClass.dat

+ 2012-09-09 07:42 . 2012-09-09 07:42 2654208 c:\windows\erdnt\9-9-2012\Users\00000001\NTUSER.DAT

- 2009-07-14 04:41 . 2012-09-02 08:24 16187392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:41 . 2012-09-09 09:01 16187392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-04-22 03:38 . 2012-09-10 05:35 10455620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-845778531-2913447589-3389831647-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2012-07-25 53896]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Steam"="c:\program files\Steam\steam.exe" [2012-08-12 1353080]

"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]

"Akamai NetSession Interface"="c:\users\Jose Luis Jr\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2010-11-20 859648]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-04 8120864]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 102400]

"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-10-25 20895312]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]

.

c:\users\Jose Luis Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 40136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux6"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

.

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]

R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]

R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]

R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 21:20]

.

.

------- Supplementary Scan -------

.

uStart Page = www.rtwincustomize.net

uInternet Settings,ProxyOverride = <local>

IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{B2A6CA56-F312-4438-A660-D9BCEE99EAEA}: NameServer = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: extentions.y2layers.installId - 2b69f06d-e188-4180-a02c-65c8a38955e9

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-44601130.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-10 00:46:13

ComboFix-quarantined-files.txt 2012-09-10 05:46

ComboFix2.txt 2012-09-08 08:20

ComboFix3.txt 2012-09-08 07:35

ComboFix4.txt 2012-09-08 07:02

ComboFix5.txt 2012-09-10 05:38

.

Pre-Run: 211,439,927,296 bytes free

Post-Run: 211,515,371,520 bytes free

.

- - End Of File - - 0FBD59473830429EDFBAE8F5112C7E72

Link to post
Share on other sites

Look for this log, and Copy & Paste all the contents

C:\Qoobox\ComboFix-quarantined-files.txt

Had you run Combofix on your own before I started helping you ??

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %APPDATA%\*.dll /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    rundll32.exe
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    c:\windows|rundll32;true;true;true /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites

Yea I have had to use Combofix on previous occasions. Here is the log you were asking for:

2012-09-10 05:45:14 . 2012-09-10 05:45:14 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-44601130.sys.reg.dat

2012-09-04 07:56:16 . 2012-09-04 07:56:16 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-esuier.reg.dat

2012-09-04 07:56:16 . 2012-09-04 07:56:16 178 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-rvcasv.reg.dat

2012-09-04 07:56:16 . 2012-09-04 07:56:16 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-XSECVA.reg.dat

2012-09-04 07:42:11 . 2012-09-04 07:42:11 2,066 ----a-w- C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk.vir

2012-09-04 07:42:11 . 2012-09-04 07:42:11 2,030 ----a-w- C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\Desktop\Live Security Platinum.lnk.vir

2012-09-04 07:39:49 . 2012-09-04 07:39:52 1,584,128 ----a-w- C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\AppData\Roaming\esuier.dll.vir

2012-09-04 07:38:11 . 2012-09-04 07:45:57 5,120 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\GAC\Desktop.ini.vir

2012-09-04 07:38:08 . 2012-09-04 07:38:08 72,704 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\n.vir

2012-09-04 07:38:08 . 2012-09-04 07:38:08 2,048 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\@.vir

2012-09-04 07:38:04 . 2012-09-04 07:38:04 72,704 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-845778531-2913447589-3389831647-1000\$f2089992f43978e2f9f3fce4ad6145b6\n.vir

2012-09-04 07:37:53 . 2012-09-04 07:37:53 158,208 ----a-w- C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\AppData\Roaming\rvcasv.dll.vir

2012-09-04 07:37:49 . 2012-09-04 07:37:48 268,304 ----a-w- C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\AppData\Roaming\xsecva\xsecva.exe.vir

2012-09-02 08:36:38 . 2012-09-02 08:36:38 1,426 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-UnityWebPlayer.reg.dat

2012-09-02 08:29:31 . 2012-09-02 08:29:31 1,168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ncvet.reg.dat

2012-09-02 08:29:31 . 2012-09-02 08:29:31 74 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_6b510cb3c5b1e34c.reg.dat

2012-09-02 08:29:31 . 2012-09-02 08:29:31 1,054 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ncvet.dll.reg.dat

2012-09-02 08:29:31 . 2012-09-02 08:29:31 1,186 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_6b510cb3c5b1e34c.reg.dat

2012-09-02 08:28:19 . 2012-09-10 05:43:01 12,734 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-09-02 08:22:03 . 2012-09-10 05:39:25 1,124 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-09-02 08:08:14 . 2012-09-02 08:08:14 232,960 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U\00000008.@.vir

2012-09-02 08:08:13 . 2012-09-02 08:08:13 93,184 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U\80000032.@.vir

2012-09-02 08:08:12 . 2012-09-02 08:08:12 13,312 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U\80000000.@.vir

2012-09-02 08:08:11 . 2012-09-02 08:08:11 804 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\L\00000004.@.vir

2012-09-02 08:08:11 . 2012-09-02 08:08:11 1,632 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U\000000cb.@.vir

2012-09-02 08:08:11 . 2012-09-02 08:08:11 2,048 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U\00000004.@.vir

2012-09-02 08:07:31 . 2012-09-02 08:07:31 21 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\L\201d3dde.vir

2012-09-02 06:32:00 . 2012-09-02 06:32:00 70,400 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\6b510cb3c5b1e34c.sys.vir

2012-09-02 06:31:29 . 2012-09-02 06:31:28 358,912 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{F40C7DAC-D40B-E334-2B81-C7480B64E20A}\syshost.exe.vir

2012-08-31 08:18:58 . 2012-09-02 08:01:56 2,048 ----a-w- C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-845778531-2913447589-3389831647-1000\$f2089992f43978e2f9f3fce4ad6145b6\@.vir

2012-07-16 08:33:30 . 2012-07-16 08:33:30 24,144 ----a-w- C:\Qoobox\Quarantine\C\Windows\temp\ncvet.dll.vir

2009-07-13 23:24:44 . 2012-05-21 17:25:58 811,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\user32.dll.vir

2009-07-13 20:31:02 . 2009-06-10 21:26:30 356,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\Fonts\monbaiti.ttf.vir

As for the OTL log:

It freezes after finishing the scan. Tried running it a second time without luck.

Link to post
Share on other sites

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Alright! FRST scan finally done. Getting a USB was a pain but here it is.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2012 01

Ran by SYSTEM at 16-09-2012 01:59:34

Running from F:\

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut [859648 2010-11-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8120864 2009-12-03] (Realtek Semiconductor)

HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-04] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)

HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [20895312 2010-10-25] ()

HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [Aeria Ignite] "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent [1403032 2012-07-19] (Aeria Games & Entertainment)

HKU\Jose Luis Jr\...\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup [53896 2012-07-25] (Raptr, Inc)

HKU\Jose Luis Jr\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)

HKU\Jose Luis Jr\...\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent [1353080 2012-08-12] (Valve Corporation)

HKU\Jose Luis Jr\...\Run: [sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-05-31] (Sony)

HKU\Jose Luis Jr\...\Run: [Akamai NetSession Interface] "C:\Users\Jose Luis Jr\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)

HKU\Jose Luis Jr\...\Run: [babylon] rundll32.exe "C:\Users\Jose Luis Jr\AppData\Local\Microsoft Games\Babylon\uhnlvpwm.dll",DllRegisterServerW [445952 2012-09-11] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{B2A6CA56-F312-4438-A660-D9BCEE99EAEA}: [NameServer]208.67.222.222,208.67.220.220

Startup: C:\Users\Jose Luis Jr\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services ================================

3 Bluetooth Device Manager; "C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe" [3511888 2010-10-25] (Motorola, Inc.)

3 Bluetooth Media Service; "C:\Program Files\Motorola\Bluetooth\audiosrv.exe" [901384 2010-07-15] (Motorola, Inc.)

2 Bluetooth OBEX Service; "C:\Program Files\Motorola\Bluetooth\obexsrv.exe" [508680 2010-07-16] (Motorola, Inc.)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

3 Sony PC Companion; "C:\Program Files\Sony\Sony PC Companion\PCCService.exe" [155320 2012-01-18] (Avanquest Software)

2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.)

==================== Drivers =================================

3 BTMCOM; C:\Windows\System32\Drivers\btmcom.sys [41344 2010-06-30] (Motorola, Inc.)

3 BTMUSB; C:\Windows\System32\Drivers\btmusb.sys [402432 2010-10-26] (Motorola, Inc.)

1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)

3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [95304 2011-11-10] (MotioninJoy)

3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [168480 2009-12-02] (Realtek Semiconductor Corp.)

3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)

3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)

3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)

3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)

3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)

3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)

3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)

3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1521544 2010-04-16] (Syntek)

3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)

3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [x]

3 catchme; \??\C:\Users\JOSELU~1\AppData\Local\Temp\catchme.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-13 06:13 - 2011-02-17 16:13 - 00125952 ____A C:\Windows\System32\ZLhp2600.DLL

2012-09-12 23:02 - 2012-09-12 23:02 - 00024915 ____A C:\Users\Jose Luis Jr\Documents\Is psychology science.odt

2012-09-12 07:42 - 2012-08-22 09:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-09-12 07:42 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-09-12 07:42 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-09-11 23:17 - 2012-09-11 23:17 - 00903552 ____A (Farbar) C:\Users\Jose Luis Jr\Downloads\FRST.exe

2012-09-11 22:44 - 2012-09-11 22:44 - 00013728 ____A C:\Users\Jose Luis Jr\Documents\Vlah.odt

2012-09-11 22:27 - 2012-09-11 22:27 - 00000245 ____A C:\Users\Jose Luis Jr\Desktop\acronyms.txt

2012-09-10 13:40 - 2012-09-10 13:40 - 00600064 ____A (OldTimer Tools) C:\Users\Jose Luis Jr\Downloads\OTL.exe

2012-09-09 21:46 - 2012-09-09 21:46 - 00017192 ____A C:\ComboFix.txt

2012-09-09 21:37 - 2012-09-09 21:37 - 00004798 ____A C:\Users\Jose Luis Jr\Desktop\Rkill.txt

2012-09-09 21:34 - 2012-09-09 21:34 - 00003044 ____A C:\Users\Jose Luis Jr\Desktop\RKreport[3].txt

2012-09-09 21:33 - 2012-09-09 21:33 - 00003304 ____A C:\Users\Jose Luis Jr\Desktop\RKreport[2].txt

2012-09-09 21:24 - 2012-09-09 21:24 - 04747716 ____R (Swearware) C:\Users\Jose Luis Jr\Desktop\ComboFix.exe

2012-09-09 21:23 - 2012-09-09 21:23 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Jose Luis Jr\Downloads\rkill.com

2012-09-09 20:28 - 2012-09-09 20:28 - 00025479 ____A C:\Users\Jose Luis Jr\Documents\Mass Communication.odt

2012-09-09 14:14 - 2012-09-09 14:14 - 00337278 ____A C:\Users\Jose Luis Jr\Documents\Economics Webquest Worksheet.odt

2012-09-09 01:03 - 2012-09-09 01:03 - 00444952 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll

2012-09-09 01:03 - 2012-09-09 01:03 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll

2012-09-09 01:03 - 2012-09-09 01:03 - 00000000 ____D C:\Program Files\OpenAL

2012-09-09 01:01 - 2012-09-09 01:01 - 00000216 ____A C:\Users\Jose Luis Jr\Desktop\ClaDun x2 Demo.url

2012-09-08 23:49 - 2012-09-08 23:49 - 00002148 ____A C:\Users\Jose Luis Jr\Desktop\RKreport[1].txt

2012-09-08 23:48 - 2012-09-09 21:33 - 00000000 ____D C:\Users\Jose Luis Jr\Desktop\RK_Quarantine

2012-09-08 23:47 - 2012-09-08 23:47 - 01378816 ____A C:\Users\Jose Luis Jr\Downloads\RogueKiller.exe

2012-09-08 23:47 - 2012-09-08 23:47 - 00068033 ____A C:\Users\Jose Luis Jr\Documents\TDSS.txt

2012-09-08 23:45 - 2012-09-08 23:45 - 00001299 ____A C:\Users\Jose Luis Jr\Documents\aswMBR.txt

2012-09-08 23:45 - 2012-09-08 23:45 - 00000512 ____A C:\Users\Jose Luis Jr\Documents\MBR.dat

2012-09-08 23:42 - 2012-09-08 23:43 - 04731392 ____A (AVAST Software) C:\Users\Jose Luis Jr\Downloads\aswMBR.exe

2012-09-08 23:41 - 2012-09-08 23:41 - 00791393 ____A (Lars Hederer ) C:\Users\Jose Luis Jr\Downloads\erunt-setup.exe

2012-09-08 23:41 - 2012-09-08 23:41 - 00000894 ____A C:\Users\Jose Luis Jr\Desktop\NTREGOPT.lnk

2012-09-08 23:41 - 2012-09-08 23:41 - 00000875 ____A C:\Users\Jose Luis Jr\Desktop\ERUNT.lnk

2012-09-08 23:41 - 2012-09-08 23:41 - 00000000 ____D C:\Program Files\ERUNT

2012-09-08 08:13 - 2012-09-08 13:20 - 00000000 ____D C:\Program Files\Mozilla Firefox

2012-09-08 00:24 - 2012-08-24 10:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Jose Luis Jr\Desktop\TDSSKiller.com.exe

2012-09-08 00:12 - 2012-09-08 00:12 - 04749820 ____R (Swearware) C:\Users\Jose Luis Jr\Downloads\ComboFix.exe

2012-09-08 00:04 - 2012-09-08 00:04 - 00607260 ____R (Swearware) C:\Users\Jose Luis Jr\Downloads\dds(1).com

2012-09-07 23:17 - 2012-09-07 23:17 - 00980480 ____A C:\Users\Jose Luis Jr\Downloads\MicrosoftFixit50267.msi

2012-09-07 23:07 - 2012-09-07 23:07 - 00144960 ____A C:\Windows\Minidump\090812-11809-01.dmp

2012-09-07 22:53 - 2012-09-07 22:53 - 00144960 ____A C:\Windows\Minidump\090812-14508-01.dmp

2012-09-07 22:50 - 2012-09-07 22:50 - 00144960 ____A C:\Windows\Minidump\090812-21434-01.dmp

2012-09-07 22:49 - 2012-09-07 22:49 - 00178692 ____A C:\Windows\System32\c_726590.nls

2012-09-04 01:30 - 2012-09-04 01:31 - 00000000 ____D C:\Users\Jose Luis Jr\Downloads\The Sufferer & The Witness

2012-09-04 00:57 - 2008-08-19 01:19 - 00000000 ____D C:\Users\Jose Luis Jr\Desktop\Sho_Sound_Rip

2012-09-04 00:53 - 2012-09-04 01:22 - 00435712 ____A C:\Users\Jose Luis Jr\Documents\TWEWY.thm

2012-09-04 00:03 - 2012-08-28 21:25 - 01175552 ____A (3DMGAME) C:\Users\Jose Luis Jr\Desktop\Dark Souls_Prepare To Die Edition v1.0 Plus 22 Trainer.exe

2012-09-03 23:39 - 2012-09-03 23:39 - 00000000 ____D C:\Users\Jose Luis Jr\AppData\Local\{B62B5E6F-F663-11E1-8270-B8AC6F996F26}

2012-09-03 23:39 - 2012-09-03 23:39 - 00000000 ____A C:\Users\Jose Luis Jr\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞÿ

2012-09-03 23:37 - 2012-09-03 23:37 - 00000012 ____A C:\Windows\srun.log

2012-09-03 23:25 - 2012-09-03 23:25 - 00000000 ____D C:\Users\Jose Luis Jr\Documents\FLiNGTrainer

2012-09-02 00:22 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-02 00:22 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-02 00:22 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-02 00:22 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-02 00:22 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-02 00:22 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-02 00:22 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-02 00:22 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-01 22:28 - 2012-09-01 22:28 - 00000010 ____A C:\Users\Jose Luis Jr\Documents\stuff.txt

2012-08-29 00:39 - 2009-06-16 15:03 - 00000000 ____D C:\Users\Jose Luis Jr\Desktop\2252_The_World_Ends_With_You_USA_NDS-SQUiRE

2012-08-28 01:46 - 2012-08-28 01:46 - 00032869 ____A C:\Users\Jose Luis Jr\AppData\Local\recently-used.xbel

2012-08-28 01:45 - 2012-08-28 01:45 - 01017769 ____A C:\Users\Jose Luis Jr\Documents\Akihiko2 mayonaka.xcf

2012-08-28 01:42 - 2012-08-28 01:42 - 00908363 ____A C:\Users\Jose Luis Jr\Documents\Akihiko2.xcf

2012-08-23 23:04 - 2012-08-23 23:04 - 00002866 ____A C:\Users\Jose Luis Jr\Documents\Invitation2.msrcIncident

2012-08-23 22:06 - 2012-08-23 22:06 - 00000000 ____D C:\Users\Jose Luis Jr\Documents\NBGI

2012-08-23 22:06 - 2012-08-23 22:06 - 00000000 ____D C:\Users\Jose Luis Jr\Documents\Games for Windows - LIVE Demos

2012-08-23 22:00 - 2012-08-23 22:00 - 00000000 ____D C:\Users\Jose Luis Jr\AppData\Local\NBGI

2012-08-23 20:52 - 2012-08-23 20:52 - 00000209 ____A C:\Users\Jose Luis Jr\Desktop\Dark Souls Prepare to Die Edition.url

2012-08-22 22:38 - 2012-08-22 22:38 - 32835859 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 7.wma

2012-08-21 22:20 - 2012-08-21 22:20 - 28790369 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 6.wma

2012-08-20 21:15 - 2012-08-20 21:15 - 28058499 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 5.wma

2012-08-19 17:11 - 2012-08-19 17:26 - 990855214 ____A C:\Users\Jose Luis Jr\Downloads\Zelda_4.wav

2012-08-19 17:03 - 2012-08-19 17:03 - 67907249 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 4.wma

2012-08-17 20:51 - 2012-08-17 20:51 - 00000000 ____D C:\Users\Jose Luis Jr\Downloads\FRAPS.v3.5.4

============ 3 Months Modified Files ========================

2012-09-15 22:57 - 2012-04-21 18:46 - 01707241 ____A C:\Windows\WindowsUpdate.log

2012-09-15 22:51 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-15 22:51 - 2009-07-13 20:39 - 00051007 ____A C:\Windows\setupact.log

2012-09-15 22:45 - 2012-04-21 18:36 - 00154224 ____A C:\Windows\System32\perfh011.dat

2012-09-15 22:45 - 2012-04-21 18:36 - 00041466 ____A C:\Windows\System32\perfc011.dat

2012-09-15 21:51 - 2012-04-20 21:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-14 10:50 - 2009-07-13 20:34 - 00009808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-14 10:50 - 2009-07-13 20:34 - 00009808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-13 00:00 - 2012-04-21 11:08 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-09-12 23:02 - 2012-09-12 23:02 - 00024915 ____A C:\Users\Jose Luis Jr\Documents\Is psychology science.odt

2012-09-11 23:17 - 2012-09-11 23:17 - 00903552 ____A (Farbar) C:\Users\Jose Luis Jr\Downloads\FRST.exe

2012-09-11 22:44 - 2012-09-11 22:44 - 00013728 ____A C:\Users\Jose Luis Jr\Documents\Vlah.odt

2012-09-11 22:27 - 2012-09-11 22:27 - 00000245 ____A C:\Users\Jose Luis Jr\Desktop\acronyms.txt

2012-09-11 10:37 - 2012-04-21 19:04 - 00811520 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll

2012-09-11 10:37 - 2012-04-21 19:03 - 00409088 ____A (Microsoft Corporation) C:\Windows\System32\systemcpl.dll

2012-09-11 10:37 - 2012-04-21 19:03 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll

2012-09-10 13:40 - 2012-09-10 13:40 - 00600064 ____A (OldTimer Tools) C:\Users\Jose Luis Jr\Downloads\OTL.exe

2012-09-10 06:38 - 2012-04-21 18:49 - 00977676 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-09 21:47 - 2012-04-20 21:33 - 00024480 ____A C:\Windows\PFRO.log

2012-09-09 21:46 - 2012-09-09 21:46 - 00017192 ____A C:\ComboFix.txt

2012-09-09 21:44 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini

2012-09-09 21:37 - 2012-09-09 21:37 - 00004798 ____A C:\Users\Jose Luis Jr\Desktop\Rkill.txt

2012-09-09 21:34 - 2012-09-09 21:34 - 00003044 ____A C:\Users\Jose Luis Jr\Desktop\RKreport[3].txt

2012-09-09 21:33 - 2012-09-09 21:33 - 00003304 ____A C:\Users\Jose Luis Jr\Desktop\RKreport[2].txt

2012-09-09 21:24 - 2012-09-09 21:24 - 04747716 ____R (Swearware) C:\Users\Jose Luis Jr\Desktop\ComboFix.exe

2012-09-09 21:23 - 2012-09-09 21:23 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Jose Luis Jr\Downloads\rkill.com

2012-09-09 20:28 - 2012-09-09 20:28 - 00025479 ____A C:\Users\Jose Luis Jr\Documents\Mass Communication.odt

2012-09-09 14:14 - 2012-09-09 14:14 - 00337278 ____A C:\Users\Jose Luis Jr\Documents\Economics Webquest Worksheet.odt

2012-09-09 01:03 - 2012-09-09 01:03 - 00444952 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll

2012-09-09 01:03 - 2012-09-09 01:03 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll

2012-09-09 01:01 - 2012-09-09 01:01 - 00000216 ____A C:\Users\Jose Luis Jr\Desktop\ClaDun x2 Demo.url

2012-09-08 23:49 - 2012-09-08 23:49 - 00002148 ____A C:\Users\Jose Luis Jr\Desktop\RKreport[1].txt

2012-09-08 23:47 - 2012-09-08 23:47 - 01378816 ____A C:\Users\Jose Luis Jr\Downloads\RogueKiller.exe

2012-09-08 23:47 - 2012-09-08 23:47 - 00068033 ____A C:\Users\Jose Luis Jr\Documents\TDSS.txt

2012-09-08 23:45 - 2012-09-08 23:45 - 00001299 ____A C:\Users\Jose Luis Jr\Documents\aswMBR.txt

2012-09-08 23:45 - 2012-09-08 23:45 - 00000512 ____A C:\Users\Jose Luis Jr\Documents\MBR.dat

2012-09-08 23:43 - 2012-09-08 23:42 - 04731392 ____A (AVAST Software) C:\Users\Jose Luis Jr\Downloads\aswMBR.exe

2012-09-08 23:41 - 2012-09-08 23:41 - 00791393 ____A (Lars Hederer ) C:\Users\Jose Luis Jr\Downloads\erunt-setup.exe

2012-09-08 23:41 - 2012-09-08 23:41 - 00000894 ____A C:\Users\Jose Luis Jr\Desktop\NTREGOPT.lnk

2012-09-08 23:41 - 2012-09-08 23:41 - 00000875 ____A C:\Users\Jose Luis Jr\Desktop\ERUNT.lnk

2012-09-08 00:26 - 2009-07-13 15:11 - 00445008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2012-09-08 00:12 - 2012-09-08 00:12 - 04749820 ____R (Swearware) C:\Users\Jose Luis Jr\Downloads\ComboFix.exe

2012-09-08 00:04 - 2012-09-08 00:04 - 00607260 ____R (Swearware) C:\Users\Jose Luis Jr\Downloads\dds(1).com

2012-09-07 23:17 - 2012-09-07 23:17 - 00980480 ____A C:\Users\Jose Luis Jr\Downloads\MicrosoftFixit50267.msi

2012-09-07 23:07 - 2012-09-07 23:07 - 00144960 ____A C:\Windows\Minidump\090812-11809-01.dmp

2012-09-07 23:07 - 2012-07-03 15:46 - 350930363 ____A C:\Windows\MEMORY.DMP

2012-09-07 22:53 - 2012-09-07 22:53 - 00144960 ____A C:\Windows\Minidump\090812-14508-01.dmp

2012-09-07 22:50 - 2012-09-07 22:50 - 00144960 ____A C:\Windows\Minidump\090812-21434-01.dmp

2012-09-07 22:49 - 2012-09-07 22:49 - 00178692 ____A C:\Windows\System32\c_726590.nls

2012-09-06 21:59 - 2012-05-03 22:56 - 00210712 ____A C:\Windows\DPINST.LOG

2012-09-04 01:22 - 2012-09-04 00:53 - 00435712 ____A C:\Users\Jose Luis Jr\Documents\TWEWY.thm

2012-09-03 23:39 - 2012-09-03 23:39 - 00000000 ____A C:\Users\Jose Luis Jr\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞÿ

2012-09-03 23:37 - 2012-09-03 23:37 - 00000012 ____A C:\Windows\srun.log

2012-09-02 00:21 - 2009-07-13 20:53 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-09-01 23:37 - 2012-06-22 21:54 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-01 22:28 - 2012-09-01 22:28 - 00000010 ____A C:\Users\Jose Luis Jr\Documents\stuff.txt

2012-08-28 21:25 - 2012-09-04 00:03 - 01175552 ____A (3DMGAME) C:\Users\Jose Luis Jr\Desktop\Dark Souls_Prepare To Die Edition v1.0 Plus 22 Trainer.exe

2012-08-28 13:20 - 2012-04-20 21:19 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-28 13:20 - 2012-04-20 21:19 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-08-28 01:46 - 2012-08-28 01:46 - 00032869 ____A C:\Users\Jose Luis Jr\AppData\Local\recently-used.xbel

2012-08-28 01:45 - 2012-08-28 01:45 - 01017769 ____A C:\Users\Jose Luis Jr\Documents\Akihiko2 mayonaka.xcf

2012-08-28 01:42 - 2012-08-28 01:42 - 00908363 ____A C:\Users\Jose Luis Jr\Documents\Akihiko2.xcf

2012-08-24 10:28 - 2012-09-08 00:24 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Jose Luis Jr\Desktop\TDSSKiller.com.exe

2012-08-23 23:04 - 2012-08-23 23:04 - 00002866 ____A C:\Users\Jose Luis Jr\Documents\Invitation2.msrcIncident

2012-08-23 22:59 - 2012-07-01 20:41 - 00002867 ____A C:\Users\Jose Luis Jr\Documents\Invitation.msrcIncident

2012-08-23 20:52 - 2012-08-23 20:52 - 00000209 ____A C:\Users\Jose Luis Jr\Desktop\Dark Souls Prepare to Die Edition.url

2012-08-22 22:38 - 2012-08-22 22:38 - 32835859 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 7.wma

2012-08-22 09:16 - 2012-09-12 07:42 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 09:16 - 2012-09-12 07:42 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 09:16 - 2012-09-12 07:42 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 22:20 - 2012-08-21 22:20 - 28790369 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 6.wma

2012-08-20 21:15 - 2012-08-20 21:15 - 28058499 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 5.wma

2012-08-19 17:26 - 2012-08-19 17:11 - 990855214 ____A C:\Users\Jose Luis Jr\Downloads\Zelda_4.wav

2012-08-19 17:03 - 2012-08-19 17:03 - 67907249 ____A C:\Users\Jose Luis Jr\Desktop\Zelda 4.wma

2012-08-17 20:52 - 2012-04-25 18:24 - 00000562 ____A C:\Users\Jose Luis Jr\Desktop\Fraps.lnk

2012-08-17 20:47 - 2012-08-16 21:23 - 00005120 ____A C:\Users\Jose Luis Jr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-08-16 21:20 - 2012-08-16 21:20 - 00063349 ____A C:\Users\Jose Luis Jr\Desktop\dssfsds.wma

2012-08-16 05:12 - 2009-07-13 20:33 - 00323520 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-16 01:41 - 2012-08-16 01:41 - 02080797 ____A (Project64 ) C:\Users\Jose Luis Jr\Downloads\setup Project64 1.6.exe

2012-08-15 21:57 - 2012-05-03 22:56 - 00001972 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

2012-08-13 01:42 - 2012-08-13 01:42 - 00001200 ____A C:\Users\Public\Desktop\Medieval CUE Splitter.lnk

2012-08-13 01:41 - 2012-08-13 01:41 - 01235950 ____A (Medieval Software) C:\Users\Jose Luis Jr\Downloads\cuesplitter_setup.exe

2012-08-13 00:34 - 2012-08-12 23:15 - 141802193 ____A C:\Users\Jose Luis Jr\Downloads\The_Flashbulb_-_Arboreal__2010_.rar

2012-08-12 02:19 - 2012-07-09 18:32 - 00001945 ____A C:\Windows\epplauncher.mif

2012-08-07 00:09 - 2012-08-07 00:03 - 268435456 ____A C:\Users\Jose Luis Jr\Desktop\hk-ffc.nds

2012-08-03 06:32 - 2012-08-03 06:32 - 00010256 ____A C:\Users\Jose Luis Jr\Documents\Metal.xcf

2012-08-03 06:31 - 2012-08-03 06:31 - 00737280 ____A C:\Users\Jose Luis Jr\Documents\GG.thm

2012-08-03 05:39 - 2012-08-03 05:39 - 00580063 ____A C:\Users\Jose Luis Jr\Documents\rrrrrrnfdsvcds.xcf

2012-08-03 05:14 - 2012-08-03 05:14 - 00257508 ____A C:\Users\Jose Luis Jr\Documents\GG.xcf

2012-08-01 03:15 - 2012-08-01 03:05 - 44705442 ____A C:\Users\Jose Luis Jr\Downloads\BLAZBLUE_IN_L.A.VOCAL_EDITION.zip

2012-08-01 02:24 - 2012-08-01 02:24 - 01353232 ____A C:\Users\Jose Luis Jr\Downloads\Rainmeter-2.3.3.exe

2012-07-31 18:39 - 2012-04-21 18:46 - 00078480 ____A C:\Users\Jose Luis Jr\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-31 17:41 - 2012-07-31 17:41 - 00001126 ____A C:\Users\Public\Desktop\Camtasia Studio 7.lnk

2012-07-31 17:20 - 2012-07-31 17:20 - 12491398 ____A C:\Users\Jose Luis Jr\Documents\SOL.xcf

2012-07-28 23:06 - 2012-07-28 23:06 - 00067556 ____A C:\Users\Jose Luis Jr\Documents\Brett's music playlist.txt

2012-07-28 04:03 - 2012-07-28 04:03 - 00237312 ____A C:\Users\Jose Luis Jr\Downloads\ab 5 stars.m3u

2012-07-27 12:56 - 2012-07-27 12:56 - 01753904 ____A C:\Users\Jose Luis Jr\Downloads\NetPatchv20c.zip

2012-07-27 12:54 - 2012-07-27 12:44 - 601939735 ____A C:\Users\Jose Luis Jr\Downloads\ggxxreload.zip

2012-07-25 23:00 - 2012-07-25 23:00 - 00176318 ____A C:\Users\Jose Luis Jr\Documents\Akihiko.xcf

2012-07-25 15:04 - 2012-07-25 15:00 - 136441593 ____A C:\Users\Jose Luis Jr\Downloads\P4U_Complete_Character_Sprites.7z

2012-07-24 19:11 - 2012-06-30 21:31 - 00001986 ____A C:\Users\Public\Desktop\Aeria Ignite.lnk

2012-07-23 20:48 - 2012-07-23 07:13 - 00000095 ____A C:\Users\Jose Luis Jr\Documents\SMT build.txt

2012-07-18 09:47 - 2012-08-15 12:29 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-17 23:34 - 2012-07-17 04:25 - 00003975 ____A C:\Users\Jose Luis Jr\Documents\Fog_Mist tab.txt

2012-07-17 09:06 - 2012-07-17 09:06 - 00457061 ____A C:\Users\Jose Luis Jr\Desktop\Lol.quest-save

2012-07-17 07:38 - 2012-07-17 07:37 - 03059160 ____A (Axe Software) C:\Users\Jose Luis Jr\Downloads\quest520.exe

2012-07-17 07:37 - 2012-07-17 07:37 - 10254795 ____A C:\Users\Jose Luis Jr\Downloads\First Times.quest

2012-07-17 02:02 - 2012-07-17 02:02 - 27445671 ____A C:\Users\Jose Luis Jr\Downloads\Lobos - Persona 4 - Fog.flac

2012-07-16 00:31 - 2012-07-16 00:31 - 00001956 ____A C:\Users\Jose Luis Jr\Desktop\HunterBlade.lnk

2012-07-16 00:24 - 2012-07-15 22:42 - 1359577734 ____A C:\Users\Jose Luis Jr\Downloads\HunterBlade0.050426_EN.exe

2012-07-14 23:21 - 2012-07-14 23:20 - 72106372 ____A ( ) C:\Users\Jose Luis Jr\Downloads\iwbtgbeta(fs).exe

2012-07-14 22:39 - 2012-07-14 22:35 - 00000341 ____A C:\Users\Jose Luis Jr\Downloads\save1.sav

2012-07-14 22:35 - 2012-07-14 22:34 - 00000558 ____A C:\Users\Jose Luis Jr\Downloads\config.ini

2012-07-14 22:35 - 2012-07-14 22:34 - 00000117 ____A C:\Users\Jose Luis Jr\Downloads\trophy.sav

2012-07-14 22:34 - 2012-07-14 22:33 - 45351936 ____A C:\Users\Jose Luis Jr\Downloads\iwbtgg.exe

2012-07-14 22:14 - 2012-07-14 22:14 - 00458752 ____A C:\Users\Jose Luis Jr\Desktop\Persona.thm

2012-07-14 22:07 - 2012-07-14 22:06 - 00527423 ____A ( ) C:\Users\Jose Luis Jr\Downloads\Lame_v3.99.3_for_Windows.exe

2012-07-14 22:06 - 2012-07-14 22:06 - 00002556 ____A C:\Users\Jose Luis Jr\Desktop\Ringtone.aup

2012-07-13 22:47 - 2012-07-13 22:47 - 00684680 ____A C:\Windows\Minidump\071412-33399-01.dmp

2012-07-13 22:43 - 2012-07-13 22:41 - 113632264 ____A (Advanced Micro Devices, Inc.) C:\Users\Jose Luis Jr\Documents\12-6_mobility_vista_win7_32_dd_ccc.exe

2012-07-13 22:39 - 2012-07-13 22:39 - 00792704 ____A (AMD) C:\Users\Jose Luis Jr\Downloads\amddriverdownloader.exe

2012-07-12 14:33 - 2012-07-12 14:33 - 00591840 ____A (Unity Technologies ApS) C:\Users\Jose Luis Jr\Downloads\UnityWebPlayer.exe

2012-07-11 15:05 - 2012-07-11 15:05 - 00060928 ____A C:\Users\Jose Luis Jr\Documents\Blood Sin.thm

2012-07-10 21:19 - 2009-07-13 15:42 - 20268032 ____A (Microsoft Corporation) C:\Windows\System32\imageres.dll

2012-07-10 21:19 - 2009-07-13 15:40 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll

2012-07-10 21:19 - 2009-07-13 15:39 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll

2012-07-10 16:40 - 2012-07-10 16:39 - 03255248 ____A (Javacool Software LLC ) C:\Users\Jose Luis Jr\Downloads\spywareblastersetup46(1).exe

2012-07-10 16:37 - 2012-07-10 16:37 - 03255248 ____A (Javacool Software LLC ) C:\Users\Jose Luis Jr\Downloads\spywareblastersetup46.exe

2012-07-09 18:45 - 2009-07-13 18:05 - 00152576 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll

2012-07-09 18:34 - 2012-07-09 18:34 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-07-09 18:34 - 2012-07-09 18:34 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-07-09 18:23 - 2012-07-09 18:23 - 00894448 ____A (Oracle Corporation) C:\Users\Jose Luis Jr\Downloads\jxpiinstall.exe

2012-07-09 18:21 - 2012-07-09 18:21 - 00001863 ____A C:\Users\Public\Desktop\Defraggler.lnk

2012-07-09 18:20 - 2012-07-09 18:20 - 03594744 ____A (Piriform Ltd) C:\Users\Jose Luis Jr\Downloads\dfsetup210.exe

2012-07-09 18:15 - 2012-07-09 18:15 - 00448512 ____A (OldTimer Tools) C:\Users\Jose Luis Jr\Downloads\TFC.exe

2012-07-09 17:48 - 2012-07-09 17:48 - 00881475 ____A C:\Users\Jose Luis Jr\Downloads\SecurityCheck.exe

2012-07-09 16:40 - 2012-07-09 16:40 - 00014683 ____A C:\Users\Jose Luis Jr\Desktop\Combofix.txt

2012-07-09 16:20 - 2012-07-09 16:19 - 00452386 ____A C:\Users\Jose Luis Jr\Desktop\Files.zip

2012-07-09 15:51 - 2012-07-09 15:51 - 00017703 ____A C:\Users\Jose Luis Jr\Documents\Combofix.txt

2012-07-09 15:23 - 2012-07-09 15:23 - 04040432 ____A (Inbox.Com ) C:\Users\Jose Luis Jr\Downloads\InboxEmailNotifierSetup.exe

2012-07-09 15:22 - 2012-07-09 15:22 - 00016665 ____A C:\Users\Jose Luis Jr\Documents\DDS.txt

2012-07-09 15:22 - 2012-07-09 15:22 - 00007221 ____A C:\Users\Jose Luis Jr\Documents\Attach.txt

2012-07-09 15:10 - 2012-07-09 15:10 - 00607260 ____R (Swearware) C:\Users\Jose Luis Jr\Downloads\dds.com

2012-07-09 14:41 - 2012-07-09 14:41 - 00001013 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk

2012-07-09 14:40 - 2012-07-09 14:40 - 00167034 ____A C:\Users\Jose Luis Jr\Downloads\fa-setup.exe

2012-07-09 14:35 - 2012-07-09 14:35 - 01571162 ____A C:\Windows\System32\Drivers\Cat.DB

2012-07-09 14:34 - 2012-07-09 14:34 - 04166136 ____A (PC Tools) C:\Users\Jose Luis Jr\Downloads\spdoc.exe

2012-07-08 21:30 - 2012-07-08 21:30 - 00000164 ____A C:\Users\Jose Luis Jr\Downloads\cfscript.txt

2012-07-08 21:20 - 2012-07-08 21:20 - 00049152 ____A (Kelly's Korner) C:\Users\Jose Luis Jr\Downloads\ClearRecent.Exe

2012-07-07 04:23 - 2012-07-07 04:23 - 04503334 ____A C:\Users\Jose Luis Jr\Documents\404.xcf

2012-07-07 01:49 - 2012-07-07 01:49 - 03085119 ____A C:\Users\Jose Luis Jr\Desktop\Un3titled.wma

2012-07-07 00:58 - 2012-07-03 15:48 - 00000085 ___SH C:\Users\All Users\.zreglib

2012-07-05 20:39 - 2012-05-11 16:27 - 00000024 ____A C:\Users\Jose Luis Jr\random.dat

2012-07-05 20:20 - 2012-05-11 16:27 - 00000051 ____A C:\Users\Jose Luis Jr\jagex_cl_runescape_LIVE.dat

2012-07-04 13:16 - 2012-08-15 12:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 13:14 - 2012-08-15 12:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 13:14 - 2012-08-15 12:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-03 15:48 - 2012-07-03 15:48 - 05185720 ____A C:\Users\Jose Luis Jr\Downloads\SetupCloneDVD2930Slysoft.exe

2012-07-03 15:48 - 2012-07-03 15:48 - 00001157 ____A C:\Users\Public\Desktop\CloneDVD2.lnk

2012-07-03 15:46 - 2012-07-03 15:46 - 00144912 ____A C:\Windows\Minidump\070312-15646-01.dmp

2012-07-03 12:56 - 2012-07-03 12:56 - 00000965 ____A C:\Users\Public\Desktop\Inkscape.lnk

2012-07-03 12:50 - 2012-07-03 12:50 - 00010763 ____A C:\Users\Jose Luis Jr\Downloads\OTC.svg

2012-07-03 12:47 - 2012-07-03 12:44 - 35746429 ____A (inkscape.org) C:\Users\Jose Luis Jr\Downloads\Inkscape-0.48.2-1-win32.exe

2012-07-03 10:46 - 2012-06-22 21:54 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-01 20:36 - 2012-07-01 20:36 - 00000000 ___AH C:\Users\Jose Luis Jr\Documents\Default.rdp

2012-07-01 14:38 - 2012-07-01 14:38 - 00582170 ____A C:\Users\Jose Luis Jr\Downloads\technic-launcher-latest.jar

2012-07-01 14:35 - 2012-07-01 14:35 - 00052736 ____A (Technic) C:\Users\Jose Luis Jr\Downloads\TechnicLauncher.exe

2012-06-30 21:30 - 2012-06-30 21:30 - 03407664 ____A (Aeria Games & Entertainment) C:\Users\Jose Luis Jr\Downloads\aeria_ignite_install.exe

2012-06-29 14:13 - 2012-06-29 14:13 - 00001815 ____A C:\Users\Public\Desktop\EpicBot.lnk

2012-06-28 16:52 - 2012-08-16 00:00 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 16:27 - 2012-08-16 00:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 16:16 - 2012-08-16 00:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 16:09 - 2012-08-16 00:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 16:09 - 2012-08-16 00:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 16:08 - 2012-08-16 00:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 16:07 - 2012-08-16 00:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 16:06 - 2012-08-16 00:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 16:04 - 2012-08-16 00:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 16:04 - 2012-08-16 00:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 16:01 - 2012-08-16 00:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 16:01 - 2012-08-16 00:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 16:00 - 2012-08-16 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 15:57 - 2012-08-16 00:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-26 14:51 - 2012-06-26 14:40 - 00907255 ____A C:\Users\Jose Luis Jr\Documents\Menu.xcf

2012-06-26 14:06 - 2012-06-26 14:06 - 00010240 ____A C:\Users\Jose Luis Jr\Desktop\bebidas.xls

2012-06-26 13:50 - 2012-06-26 13:50 - 00001126 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk

2012-06-26 13:42 - 2012-06-26 13:42 - 151801119 ____A C:\Users\Jose Luis Jr\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe

2012-06-24 17:44 - 2012-06-24 17:44 - 00000052 ____A C:\Users\Jose Luis Jr\jagex_cl_runescape_LIVE1.dat

2012-06-24 17:44 - 2012-06-24 17:43 - 00725696 ____A C:\Users\Jose Luis Jr\Downloads\RSBot-4018.jar

2012-06-24 17:21 - 2012-06-24 17:21 - 00002063 ____A C:\Users\Public\Desktop\Street Fighter X Tekken.lnk

2012-06-22 22:47 - 2012-06-22 22:47 - 29728050 ____A C:\Users\Jose Luis Jr\Documents\Blood-sin.xcf

2012-06-22 21:53 - 2012-06-22 21:53 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Jose Luis Jr\Downloads\mbam-setup-1.61.0.1400.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-06 21:58:56

Restore point made on: 2012-09-10 13:47:22

Restore point made on: 2012-09-10 20:16:05

Restore point made on: 2012-09-11 10:18:47

Restore point made on: 2012-09-11 10:37:32

Restore point made on: 2012-09-13 00:00:29

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 4078.05 MB

Available physical RAM: 3551.65 MB

Total Pagefile: 4076.32 MB

Available Pagefile: 3554.44 MB

Total Virtual: 2047.88 MB

Available Virtual: 1960.48 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:199.2 GB) NTFS

3 Drive f: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3823 MB 564 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F USB20FD FAT32 Removable 3823 MB Healthy

==================================================================================

Last Boot: 2012-09-06 03:27

==================== End Of Log =============================

Link to post
Share on other sites

Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Link to post
Share on other sites

Here we go!

After the restart it gave me an error with failed to initiate ...Microsoft Games\Babylon\uhnlvpwm.dll which maybe means its somewhere on the registry still? But the file is gone, so it cant start up anymore.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2012 01

Ran by SYSTEM at 2012-09-16 09:16:25 Run:1

Running from F:\

==============================================

C:\Users\Jose Luis Jr\AppData\Local\Microsoft Games\Babylon\uhnlvpwm.dll moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %APPDATA%\*.dll /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    rundll32.exe
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    c:\windows|rundll32;true;true;true /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites

OTL log:

OTL logfile created on: 9/16/2012 9:55:16 AM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jose Luis Jr\Downloads

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 69.14% Memory free

5.96 Gb Paging File | 4.77 Gb Available in Paging File | 80.05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.66 Gb Total Space | 195.34 Gb Free Space | 41.95% Space Free | Partition Type: NTFS

Computer Name: JOSELUISJR-PC | User Name: Jose Luis Jr | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/10 16:40:10 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Jose Luis Jr\Downloads\OTL.exe

PRC - [2012/09/08 00:50:47 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2012/08/12 05:29:35 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe

PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jose Luis Jr\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/07/25 18:15:46 | 000,067,720 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr.exe

PRC - [2012/07/25 18:15:46 | 000,044,680 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr_im.exe

PRC - [2012/07/19 23:37:03 | 001,403,032 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 07:21:44 | 000,040,136 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe

PRC - [2012/06/12 13:28:16 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2012/06/11 12:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012/06/11 12:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2012/05/31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe

PRC - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe

PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/20 07:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2010/10/25 16:45:32 | 003,511,888 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe

PRC - [2010/07/16 14:07:54 | 000,508,680 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe

PRC - [2010/07/15 12:22:36 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe

PRC - [2010/07/15 12:22:24 | 000,901,384 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe

PRC - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/08 00:50:47 | 020,317,008 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2012/09/08 00:50:44 | 000,902,480 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/09/08 00:50:42 | 000,123,232 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll

MOD - [2012/09/08 00:50:40 | 000,190,816 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll

MOD - [2012/09/08 00:50:38 | 001,099,616 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2012/07/11 16:33:42 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012/07/11 16:33:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/07/11 16:33:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/07/11 16:33:02 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/07/11 16:32:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/07/11 16:32:34 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/07/11 16:32:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/07/09 22:08:33 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll

MOD - [2012/07/09 22:08:33 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll

MOD - [2012/07/09 22:08:32 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll

MOD - [2012/07/09 22:08:30 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll

MOD - [2012/07/09 22:07:53 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll

MOD - [2012/07/09 21:28:19 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll

MOD - [2012/07/09 21:28:07 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll

MOD - [2012/07/09 21:28:06 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll

MOD - [2012/07/09 21:28:04 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll

MOD - [2012/07/09 21:27:59 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll

MOD - [2012/07/09 21:27:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll

MOD - [2012/07/09 21:27:54 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll

MOD - [2012/07/09 21:27:53 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll

MOD - [2012/07/09 21:27:53 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll

MOD - [2012/07/09 21:27:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll

MOD - [2012/07/09 21:27:50 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll

MOD - [2012/07/09 21:26:39 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll

MOD - [2012/07/03 07:21:44 | 000,040,136 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe

MOD - [2012/07/03 07:21:42 | 000,627,400 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll

MOD - [2012/07/03 07:18:16 | 000,046,592 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll

MOD - [2012/06/22 16:59:52 | 000,313,856 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtWebKit.pyd

MOD - [2012/06/22 16:55:58 | 000,494,592 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtNetwork.pyd

MOD - [2012/06/22 16:53:22 | 005,812,736 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtGui.pyd

MOD - [2012/06/22 16:39:06 | 001,662,464 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtCore.pyd

MOD - [2012/06/22 16:24:28 | 000,067,584 | ---- | M] () -- C:\Program Files\Raptr\sip.pyd

MOD - [2012/05/24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll

MOD - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe

MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll

MOD - [2012/04/21 22:14:37 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3776.37403__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2012/04/21 22:14:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3776.37390__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2012/04/21 22:14:35 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3776.37392__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2012/04/21 22:14:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3776.37392__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2012/04/21 22:14:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3776.37509__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2012/04/21 22:14:35 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2012/04/21 22:14:35 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3776.37395__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2012/04/21 22:14:35 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3776.37402__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2012/04/21 22:14:34 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3776.37395__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2012/04/21 22:14:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3776.37391__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2012/04/21 22:14:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2012/04/21 22:14:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3776.37519__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2012/04/21 22:14:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3776.37504__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2012/04/21 22:14:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2012/04/21 22:14:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3776.37394__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2012/04/21 22:14:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2012/04/21 22:14:34 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2012/04/21 22:14:34 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3776.37401__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2012/04/21 22:14:34 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2012/04/21 22:14:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3776.37396__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2012/04/21 22:14:33 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3776.37409__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2012/04/21 22:14:33 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3776.37499__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2012/04/21 22:14:33 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3776.37420__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2012/04/21 22:14:33 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3776.37505__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2012/04/21 22:14:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3776.37502__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2012/04/21 22:14:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3776.37400__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2012/04/21 22:14:33 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3776.37401__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2012/04/21 22:14:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3776.37397__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2012/04/21 22:14:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3776.37396__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2012/04/21 22:14:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3776.37394__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2012/04/21 22:14:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3776.37395__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2012/04/21 22:14:33 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3776.37419__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2012/04/21 22:14:33 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3776.37407__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2012/04/21 22:14:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3776.37398__90ba9c70f846762e\AEM.Server.dll

MOD - [2012/04/21 22:14:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3776.37406__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2012/04/21 22:14:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2012/04/21 22:14:32 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3776.37504__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2012/03/20 15:17:16 | 000,585,728 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll

MOD - [2011/11/20 21:20:46 | 001,949,696 | ---- | M] () -- C:\Program Files\Raptr\libtorrent.pyd

MOD - [2011/10/24 13:49:56 | 002,717,595 | ---- | M] () -- C:\Program Files\Raptr\heliotrope._purple.pyd

MOD - [2011/09/08 18:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files\Raptr\liboscar.dll

MOD - [2011/09/08 18:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files\Raptr\libjabber.dll

MOD - [2011/09/08 18:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files\Raptr\libymsg.dll

MOD - [2011/09/08 18:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files\Raptr\plugins\libaim.dll

MOD - [2011/09/08 18:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files\Raptr\plugins\libicq.dll

MOD - [2011/09/08 18:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files\Raptr\plugins\libirc.dll

MOD - [2011/09/08 18:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl-nss.dll

MOD - [2011/09/08 18:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoojp.dll

MOD - [2011/09/08 18:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl.dll

MOD - [2011/09/08 18:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files\Raptr\plugins\libmsn.dll

MOD - [2011/09/08 18:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files\Raptr\plugins\libxmpp.dll

MOD - [2011/09/08 18:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoo.dll

MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll

MOD - [2011/02/15 13:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files\Raptr\libxml2-2.dll

MOD - [2011/02/15 13:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files\Raptr\sqlite3.dll

MOD - [2010/11/22 18:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files\Raptr\zlib1.dll

MOD - [2010/11/22 17:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files\Raptr\win32gui.pyd

MOD - [2010/11/22 17:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files\Raptr\win32file.pyd

MOD - [2010/11/22 17:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files\Raptr\win32api.pyd

MOD - [2010/11/22 17:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files\Raptr\win32process.pyd

MOD - [2010/11/22 17:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files\Raptr\gobject._gobject.pyd

MOD - [2010/11/22 17:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files\Raptr\win32com.shell.shell.pyd

MOD - [2010/11/22 17:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files\Raptr\pythoncom26.dll

MOD - [2010/11/22 17:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files\Raptr\pywintypes26.dll

MOD - [2010/11/22 17:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files\Raptr\PIL._imaging.pyd

MOD - [2010/11/22 17:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files\Raptr\_ssl.pyd

MOD - [2010/11/22 17:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files\Raptr\unicodedata.pyd

MOD - [2010/11/22 17:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files\Raptr\_hashlib.pyd

MOD - [2010/11/22 17:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files\Raptr\pyexpat.pyd

MOD - [2010/11/22 17:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files\Raptr\_ctypes.pyd

MOD - [2010/11/22 17:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files\Raptr\_sqlite3.pyd

MOD - [2010/11/22 17:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files\Raptr\_socket.pyd

MOD - [2010/11/22 17:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files\Raptr\winsound.pyd

MOD - [2010/10/25 16:45:46 | 020,895,312 | ---- | M] () -- C:\Program Files\Motorola\Bluetooth\btmshell.dll

MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll

========== Services (SafeList) ==========

SRV - [2012/09/08 11:13:19 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/09/08 00:50:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/08/28 16:20:22 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/12 13:28:16 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/06/11 12:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2010/10/25 16:45:32 | 003,511,888 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)

SRV - [2010/07/16 14:07:54 | 000,508,680 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2010/07/15 12:22:24 | 000,901,384 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOSELU~1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btmaud.sys -- (btmaudio)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/06/11 13:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012/06/11 11:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2012/05/04 02:11:24 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2012/05/04 02:11:24 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2011/12/14 21:11:00 | 000,007,168 | ---- | M] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) [Kernel | System | Running] -- C:\Windows\System32\drivers\dhahelper.sys -- (DhaHelper)

DRV - [2011/11/10 18:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV - [2011/07/23 21:22:12 | 000,042,592 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/10/26 18:59:36 | 000,402,432 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)

DRV - [2010/06/30 12:02:08 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)

DRV - [2010/05/26 17:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2010/04/16 13:59:44 | 001,521,544 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)

DRV - [2010/04/08 16:11:58 | 000,108,048 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009/12/02 15:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)

DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)

DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)

DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)

DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)

DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)

DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.rtwincustomize.net

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00

FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.3.5

FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827

FF - prefs.js..extensions.enabledAddons: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:6.1

FF - prefs.js..extensions.enabledAddons: {B62B5E6F-F663-11E1-8270-B8AC6F996F26}:2.0.14

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jose Luis Jr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Inbox\firefox\ [2012/07/09 18:23:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/08 11:13:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/08 11:13:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B62B5E6F-F663-11E1-8270-B8AC6F996F26}: C:\Users\Jose Luis Jr\AppData\Local\{B62B5E6F-F663-11E1-8270-B8AC6F996F26}\ [2012/09/04 02:39:53 | 000,000,000 | ---D | M]

[2012/04/21 22:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Extensions

[2012/09/12 00:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions

[2012/04/20 23:23:37 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2012/05/03 20:03:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com

[2012/09/12 00:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions

[2012/06/26 18:39:03 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2012/09/02 01:30:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012/08/02 22:51:07 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}

[2012/05/03 20:03:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com

[2009/07/13 18:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\myyqhhsjeg@myyqhhsjeg.org.xpi

[2009/07/13 18:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\myyqhhsjeg@myyqhhsjeg.org.xpi

[2012/08/29 16:48:48 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

[2012/09/08 11:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/09/04 02:39:53 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JOSE LUIS JR\APPDATA\LOCAL\{B62B5E6F-F663-11E1-8270-B8AC6F996F26}

[2012/09/08 11:13:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/09/02 01:30:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2007/08/07 10:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

[2012/09/02 01:30:09 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/08 02:33:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)

O4 - HKLM..\Run: [bTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jose Luis Jr\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [babylon] rundll32.exe "C:\Users\Jose Luis Jr\AppData\Local\Microsoft Games\Babylon\uhnlvpwm.dll",DllRegisterServerW File not found

O4 - HKCU..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe (Raptr, Inc)

O4 - HKCU..\Run: [sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Jose Luis Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2A6CA56-F312-4438-A660-D9BCEE99EAEA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2A6CA56-F312-4438-A660-D9BCEE99EAEA}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0A9B329C-A4E9-DF6C-EB70-16D135B7A91F} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework

ActiveX: {2689EF17-5886-C236-D25A-777DC238A0AE} - Java (Sun)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4EF3C31F-373B-A544-0649-691F272614FD} - Microsoft Windows Media Player

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 08:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools

[2012/09/16 08:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TI Shared

[2012/09/16 08:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education

[2012/09/16 08:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012/09/16 07:54:01 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\.ticables

[2012/09/16 07:52:26 | 000,007,168 | ---- | C] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) -- C:\Windows\System32\drivers\dhahelper.sys

[2012/09/16 07:52:25 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0_x86.dll

[2012/09/16 07:52:25 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll

[2012/09/16 07:52:25 | 000,042,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys

[2012/09/16 07:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\TiLP

[2012/09/16 07:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gtk+

[2012/09/16 07:51:58 | 000,000,000 | ---D | C] -- C:\GTK

[2012/09/16 07:00:47 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Desktop\Calculator

[2012/09/16 06:53:49 | 000,049,536 | ---- | C] (Texas Instruments Incorporated) -- C:\Windows\System32\drivers\tiehdusb.sys

[2012/09/16 06:53:49 | 000,021,456 | ---- | C] (Texas Instruments Incorporated) -- C:\Windows\System32\drivers\SilvrLnk.sys

[2012/09/16 06:53:29 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Documents\MyTIData

[2012/09/16 04:59:30 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/16 03:48:38 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\AppData\Local\SplitMediaLabs

[2012/09/16 03:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit

[2012/09/16 03:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs

[2012/09/16 03:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\SplitMediaLabs

[2012/09/16 03:47:43 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\AppData\Roaming\SplitMediaLabs

[2012/09/12 10:42:57 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2012/09/12 10:42:57 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2012/09/10 00:46:14 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/09/10 00:45:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/09/10 00:24:45 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Jose Luis Jr\Desktop\ComboFix.exe

[2012/09/09 04:03:54 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll

[2012/09/09 04:03:54 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll

[2012/09/09 04:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL

[2012/09/09 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Desktop\RK_Quarantine

[2012/09/09 02:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/09/09 02:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/09/08 11:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/09/08 03:24:38 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jose Luis Jr\Desktop\TDSSKiller.com.exe

[2012/09/08 02:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\AppData\Local\temp

[2012/09/04 03:57:36 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Desktop\Sho_Sound_Rip

[2012/09/04 03:03:46 | 001,175,552 | ---- | C] (3DMGAME) -- C:\Users\Jose Luis Jr\Desktop\Dark Souls_Prepare To Die Edition v1.0 Plus 22 Trainer.exe

[2012/09/04 02:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\AppData\Local\{B62B5E6F-F663-11E1-8270-B8AC6F996F26}

[2012/09/04 02:25:44 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Documents\FLiNGTrainer

[2012/09/02 03:22:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/02 03:22:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/02 03:22:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/29 03:39:30 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Desktop\2252_The_World_Ends_With_You_USA_NDS-SQUiRE

[2012/08/24 01:06:22 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Documents\NBGI

[2012/08/24 01:06:20 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\Documents\Games for Windows - LIVE Demos

[2012/08/24 01:00:01 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\AppData\Local\NBGI

[2012/08/23 23:52:41 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/08/17 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\Jose Luis Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

========== Files - Modified Within 30 Days ==========

[2012/09/16 09:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/16 09:22:02 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/09/16 09:22:02 | 000,166,856 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2012/09/16 09:22:02 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/09/16 09:22:02 | 000,045,870 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2012/09/16 09:17:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/16 09:17:07 | 2401,800,192 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/16 08:18:09 | 000,328,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/09/16 08:02:37 | 000,001,335 | ---- | M] () -- C:\Users\Public\Desktop\TI Connect.lnk

[2012/09/16 07:56:34 | 000,001,614 | ---- | M] () -- C:\Users\Jose Luis Jr\tilp.ini

[2012/09/14 13:50:51 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/14 13:50:51 | 000,009,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/13 02:02:56 | 000,024,915 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Is psychology science.odt

[2012/09/12 01:44:25 | 000,013,728 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Vlah.odt

[2012/09/12 01:28:37 | 001,881,338 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Our_Common_Future-Brundtland_Report_1987.pdf

[2012/09/11 13:37:51 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll

[2012/09/11 13:37:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll

[2012/09/10 00:24:54 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Jose Luis Jr\Desktop\ComboFix.exe

[2012/09/09 23:28:12 | 000,025,479 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Mass Communication.odt

[2012/09/09 17:14:51 | 000,337,278 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Economics Webquest Worksheet.odt

[2012/09/09 04:03:54 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll

[2012/09/09 04:03:54 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll

[2012/09/09 04:01:19 | 000,000,216 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\ClaDun x2 Demo.url

[2012/09/09 02:45:53 | 000,000,512 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\MBR.dat

[2012/09/09 02:41:38 | 000,000,894 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\NTREGOPT.lnk

[2012/09/09 02:41:38 | 000,000,875 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\ERUNT.lnk

[2012/09/08 16:20:46 | 000,001,990 | ---- | M] () -- C:\Users\Jose Luis Jr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/09/08 02:33:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/09/08 02:07:07 | 350,930,363 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/09/04 04:22:40 | 000,435,712 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\TWEWY.thm

[2012/09/04 04:21:05 | 000,019,008 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\You're_Out_of_Your_Vector.mp3

[2012/09/04 04:15:50 | 000,390,137 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\The World Ends With You - Transformation (Free Spirit) ringtone.mp3

[2012/09/04 02:39:53 | 000,000,000 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞÿ

[2012/09/02 02:37:37 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/29 00:25:54 | 001,175,552 | ---- | M] (3DMGAME) -- C:\Users\Jose Luis Jr\Desktop\Dark Souls_Prepare To Die Edition v1.0 Plus 22 Trainer.exe

[2012/08/28 16:20:22 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/08/28 16:20:22 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/28 04:46:44 | 000,086,437 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Akihiko2 mayonaka.gif

[2012/08/28 04:46:44 | 000,032,869 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Local\recently-used.xbel

[2012/08/28 04:45:55 | 001,017,769 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Akihiko2 mayonaka.xcf

[2012/08/28 04:42:30 | 000,908,363 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Akihiko2.xcf

[2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jose Luis Jr\Desktop\TDSSKiller.com.exe

[2012/08/24 02:04:12 | 000,002,866 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Invitation2.msrcIncident

[2012/08/24 01:59:35 | 000,002,867 | ---- | M] () -- C:\Users\Jose Luis Jr\Documents\Invitation.msrcIncident

[2012/08/23 23:52:41 | 000,000,209 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Dark Souls Prepare to Die Edition.url

[2012/08/23 02:03:01 | 043,402,268 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_7.mp3

[2012/08/23 01:38:21 | 032,835,859 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 7.wma

[2012/08/22 12:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2012/08/22 12:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2012/08/22 01:30:52 | 038,040,270 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_6.mp3

[2012/08/22 01:20:25 | 028,790,369 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 6.wma

[2012/08/21 00:47:14 | 037,119,924 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_5.mp3

[2012/08/21 00:15:43 | 028,058,499 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 5.wma

[2012/08/19 20:53:56 | 089,377,644 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_4.mp3

[2012/08/19 20:03:26 | 067,907,249 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 4.wma

[2012/08/17 23:52:15 | 000,000,562 | ---- | M] () -- C:\Users\Jose Luis Jr\Desktop\Fraps.lnk

[2012/08/17 23:47:19 | 000,005,120 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/09/16 08:02:37 | 000,001,335 | ---- | C] () -- C:\Users\Public\Desktop\TI Connect.lnk

[2012/09/16 07:56:34 | 000,001,614 | ---- | C] () -- C:\Users\Jose Luis Jr\tilp.ini

[2012/09/13 09:13:06 | 000,125,952 | ---- | C] () -- C:\Windows\System32\ZLhp2600.DLL

[2012/09/13 02:02:54 | 000,024,915 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Is psychology science.odt

[2012/09/12 01:44:23 | 000,013,728 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Vlah.odt

[2012/09/12 01:28:36 | 001,881,338 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Our_Common_Future-Brundtland_Report_1987.pdf

[2012/09/09 23:28:10 | 000,025,479 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Mass Communication.odt

[2012/09/09 17:14:51 | 000,337,278 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Economics Webquest Worksheet.odt

[2012/09/09 04:01:19 | 000,000,216 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\ClaDun x2 Demo.url

[2012/09/09 02:45:53 | 000,000,512 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\MBR.dat

[2012/09/09 02:41:38 | 000,000,894 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\NTREGOPT.lnk

[2012/09/09 02:41:38 | 000,000,875 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\ERUNT.lnk

[2012/09/04 04:21:05 | 000,019,008 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\You're_Out_of_Your_Vector.mp3

[2012/09/04 04:15:48 | 000,390,137 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\The World Ends With You - Transformation (Free Spirit) ringtone.mp3

[2012/09/04 03:53:28 | 000,435,712 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\TWEWY.thm

[2012/09/04 02:39:53 | 000,000,000 | ---- | C] () -- C:\Users\Jose Luis Jr\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞÿ

[2012/09/02 03:22:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/02 03:22:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/02 03:22:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/02 03:22:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/02 03:22:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/28 04:46:44 | 000,032,869 | ---- | C] () -- C:\Users\Jose Luis Jr\AppData\Local\recently-used.xbel

[2012/08/28 04:46:43 | 000,086,437 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Akihiko2 mayonaka.gif

[2012/08/28 04:45:55 | 001,017,769 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Akihiko2 mayonaka.xcf

[2012/08/28 04:42:30 | 000,908,363 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Akihiko2.xcf

[2012/08/24 02:04:12 | 000,002,866 | ---- | C] () -- C:\Users\Jose Luis Jr\Documents\Invitation2.msrcIncident

[2012/08/23 23:52:41 | 000,000,209 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Dark Souls Prepare to Die Edition.url

[2012/08/23 01:58:40 | 043,402,268 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_7.mp3

[2012/08/23 01:38:20 | 032,835,859 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 7.wma

[2012/08/22 01:28:13 | 038,040,270 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_6.mp3

[2012/08/22 01:20:24 | 028,790,369 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 6.wma

[2012/08/21 00:44:36 | 037,119,924 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_5.mp3

[2012/08/21 00:15:43 | 028,058,499 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 5.wma

[2012/08/19 20:47:26 | 089,377,644 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda_4.mp3

[2012/08/19 20:03:26 | 067,907,249 | ---- | C] () -- C:\Users\Jose Luis Jr\Desktop\Zelda 4.wma

[2012/08/17 00:23:59 | 000,005,120 | ---- | C] () -- C:\Users\Jose Luis Jr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/08/04 03:17:31 | 000,190,454 | ---- | C] () -- C:\Users\Jose Luis Jr\Save Aigis.jpg

[2012/08/04 03:17:31 | 000,140,841 | ---- | C] () -- C:\Users\Jose Luis Jr\Save Yu.jpg

[2012/07/03 18:48:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2012/06/24 20:44:36 | 000,000,052 | ---- | C] () -- C:\Users\Jose Luis Jr\jagex_cl_runescape_LIVE1.dat

[2012/06/16 00:44:16 | 000,000,261 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI

[2012/06/11 11:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2012/06/11 11:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2012/05/11 19:27:10 | 000,000,024 | ---- | C] () -- C:\Users\Jose Luis Jr\random.dat

[2012/05/11 19:27:09 | 000,000,051 | ---- | C] () -- C:\Users\Jose Luis Jr\jagex_cl_runescape_LIVE.dat

[2012/04/21 22:18:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/04/21 22:11:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat

[2012/04/21 22:05:14 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2012/04/21 22:03:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2012/04/21 22:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2012/04/21 21:48:45 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/04/21 21:48:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2012/04/21 21:48:44 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2012/04/21 21:48:44 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2012/04/21 21:48:43 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012/04/21 21:36:43 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat

[2012/04/21 21:36:42 | 000,166,856 | ---- | C] () -- C:\Windows\System32\perfh011.dat

[2012/04/21 21:36:42 | 000,045,870 | ---- | C] () -- C:\Windows\System32\perfc011.dat

[2012/04/21 21:36:42 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat

[2012/04/21 00:37:06 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys

[2012/04/21 00:37:06 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe

[2012/04/12 14:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011/03/17 19:57:18 | 000,339,968 | ---- | C] () -- C:\Windows\System32\ZSHP2600.EXE

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2012/08/28 00:47:20 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft

[2012/07/01 17:38:28 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\.techniclauncher

[2012/05/05 23:46:27 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Adobe

[2012/06/02 23:22:07 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\AnvSoft

[2012/04/21 22:18:42 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\ATI

[2012/09/04 04:21:12 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Audacity

[2012/05/03 20:03:51 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Babylon

[2012/04/25 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\enchant

[2012/06/29 17:25:13 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\EpicBot

[2012/05/14 01:01:57 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Guitar Pro 6

[2012/04/21 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Identities

[2012/07/03 16:18:10 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\inkscape

[2012/04/21 00:36:42 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\InstallShield

[2012/07/16 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\JoyChina

[2012/04/21 22:01:57 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Macromedia

[2012/06/23 00:54:59 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Malwarebytes

[2009/07/14 02:48:45 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Media Center Programs

[2012/09/16 03:52:56 | 000,000,000 | --SD | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Microsoft

[2012/04/21 14:04:25 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\MotioninJoy

[2012/04/21 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla

[2012/05/12 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Mumble

[2012/06/26 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org

[2012/08/01 05:25:40 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Rainmeter

[2012/09/16 09:17:45 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Raptr

[2012/06/01 00:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\RIFT

[2012/09/16 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Skype

[2012/04/26 23:58:05 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Sony

[2012/09/16 03:47:43 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\SplitMediaLabs

[2012/07/09 17:34:35 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\TestApp

[2012/09/04 04:40:35 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\transmission

[2012/04/21 01:09:44 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Ulead Systems

[2012/07/12 18:07:45 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\Unity

[2012/04/24 22:32:13 | 000,000,000 | ---D | M] -- C:\Users\Jose Luis Jr\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

[2012/08/16 04:42:08 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Jose Luis Jr\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

[2012/08/16 04:42:08 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Jose Luis Jr\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

[2012/08/16 04:42:08 | 000,008,854 | R--- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

[2012/08/01 05:25:40 | 000,008,192 | -H-- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\Rainmeter\Rainmeter.exe

[2012/07/26 15:10:51 | 029,136,152 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\Raptr\raptr-2.1.3-r65304-release.exe

< %APPDATA%\*.dll /s >

[2012/05/06 14:48:09 | 000,061,952 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll

[2012/05/06 14:48:09 | 000,065,024 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll

[2012/05/06 14:48:09 | 000,059,392 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll

[2012/05/06 14:48:09 | 000,062,464 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll

[2012/05/06 14:48:09 | 000,193,024 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll

[2012/05/06 14:48:09 | 000,273,920 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll

[2012/05/06 14:48:09 | 000,108,032 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll

[2012/05/06 14:48:09 | 000,195,072 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll

[2011/02/23 21:28:44 | 000,061,952 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\jinput-dx8.dll

[2011/02/23 21:28:44 | 000,065,024 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\jinput-dx8_64.dll

[2011/02/23 21:28:44 | 000,059,392 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\jinput-raw.dll

[2011/02/23 21:28:44 | 000,062,464 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\jinput-raw_64.dll

[2011/02/23 21:28:44 | 000,193,024 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\lwjgl.dll

[2011/02/23 21:28:44 | 000,273,920 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\lwjgl64.dll

[2011/02/23 21:28:44 | 000,108,032 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\OpenAL32.dll

[2011/02/23 21:28:44 | 000,195,072 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\OpenAL64.dll

[2011/02/23 21:28:44 | 000,061,952 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\jinput-dx8.dll

[2011/02/23 21:28:44 | 000,065,024 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\jinput-dx8_64.dll

[2011/02/23 21:28:44 | 000,059,392 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\jinput-raw.dll

[2011/02/23 21:28:44 | 000,062,464 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\jinput-raw_64.dll

[2011/02/23 21:28:44 | 000,193,024 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\lwjgl.dll

[2011/02/23 21:28:44 | 000,273,920 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\lwjgl64.dll

[2011/02/23 21:28:44 | 000,108,032 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\OpenAL32.dll

[2011/02/23 21:28:44 | 000,195,072 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\.minecraft\saves\4rd world\natives\natives\OpenAL64.dll

[2012/06/29 17:25:19 | 000,009,216 | ---- | M] () -- C:\Users\Jose Luis Jr\AppData\Roaming\EpicBot\Library\windows\x86\ebatb.dll

[2012/06/26 16:53:58 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pq10.tmp_\presentation-minimizer.oxt\msvcm90.dll

[2012/06/26 16:53:58 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pq10.tmp_\presentation-minimizer.oxt\msvcp90.dll

[2012/06/26 16:53:58 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pq10.tmp_\presentation-minimizer.oxt\msvcr90.dll

[2012/06/26 16:53:58 | 000,245,248 | ---- | M] (Apache Software Foundation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pq10.tmp_\presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll

[2012/06/26 16:53:59 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pqyt.tmp_\presenter-screen.oxt\msvcm90.dll

[2012/06/26 16:54:00 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pqyt.tmp_\presenter-screen.oxt\msvcp90.dll

[2012/06/26 16:54:00 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pqyt.tmp_\presenter-screen.oxt\msvcr90.dll

[2012/06/26 16:54:00 | 000,709,632 | ---- | M] (Apache Software Foundation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sv1pqyt.tmp_\presenter-screen.oxt\PresenterScreen.uno.dll

[2012/06/26 16:53:58 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sv1pq6n.tmp_\presentation-minimizer.oxt\msvcm90.dll

[2012/06/26 16:53:58 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sv1pq6n.tmp_\presentation-minimizer.oxt\msvcp90.dll

[2012/06/26 16:53:58 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sv1pq6n.tmp_\presentation-minimizer.oxt\msvcr90.dll

[2012/06/26 16:53:58 | 000,245,248 | ---- | M] (Apache Software Foundation) -- C:\Users\Jose Luis Jr\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sv1pq6n.tmp_\presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: BEEP.SYS >

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\erdnt\cache\beep.sys

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011/03/11 00:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: RUNDLL32.EXE >

[2009/07/13 20:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\System32\rundll32.exe

[2009/07/13 20:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe

< MD5 for: SCECLI.DLL >

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: THEMEUI.DLL >

[2009/08/01 17:17:10 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=4BBD51EB631DE696924B58C5D9E10179 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_84d4ec967cd4beac\themeui.dll

[2010/11/20 07:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\System32\themeui.dll

[2010/11/20 07:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7601.17514_none_8706005e79c34246\themeui.dll

< MD5 for: USERINIT.EXE >

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< c:\windows|rundll32;true;true;true /FP >

[2012/09/16 06:56:24 | 000,032,864 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-0724304B.pf

[2012/09/16 03:48:10 | 000,042,056 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-10FACE59.pf

[2012/09/16 08:10:02 | 000,032,360 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-1D6A79E2.pf

[2012/09/16 07:53:22 | 000,033,254 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-2BC6C34F.pf

[2012/09/16 07:53:33 | 000,034,156 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-319EBDCC.pf

[2012/09/16 07:52:57 | 000,026,090 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-5295EB94.pf

[2012/09/16 08:06:22 | 000,047,380 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-52E8CA1D.pf

[2012/09/16 07:52:52 | 000,033,376 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-5449B04D.pf

[2012/09/16 07:53:05 | 000,026,074 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-5FC5E81E.pf

[2012/09/16 08:18:43 | 000,036,370 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-68223C59.pf

[2012/09/16 07:52:39 | 000,033,378 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-7EF2D70D.pf

[2012/09/16 07:55:05 | 000,032,336 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-85C6555D.pf

[2012/09/16 07:53:04 | 000,034,100 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-9E418AC1.pf

[2012/09/16 07:53:33 | 000,025,882 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-A3C758FA.pf

[2012/09/16 08:04:59 | 000,032,384 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-C7A2637E.pf

[2012/09/16 06:53:57 | 000,033,394 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-C7B991E1.pf

[2012/09/16 08:20:35 | 000,018,088 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf

[2012/09/16 08:09:10 | 000,030,694 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-E056FB71.pf

[2012/09/16 07:53:25 | 000,024,684 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-EFA6F44A.pf

[2012/09/16 08:04:13 | 000,032,298 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-EFB37361.pf

[2012/09/16 07:54:15 | 000,032,346 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-F7940581.pf

[2012/09/16 07:52:48 | 000,024,486 | ---- | M] () -- c:\Windows\Prefetch\RUNDLL32.EXE-FE0DF881.pf

[2009/07/13 20:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe

[2009/07/13 21:09:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\en-US\rundll32.exe.mui

[2009/07/13 19:49:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ja-JP\rundll32.exe.mui

[2009/07/13 23:56:14 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4ca1d8e3fab85182

[2012/04/21 14:20:51 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7b72211ab7fe50e2

[2009/07/13 21:37:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855

[2009/07/13 21:29:22 | 000,002,254 | ---- | M] () -- c:\Windows\winsxs\Manifests\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4ca1d8e3fab85182.manifest

[2009/07/13 21:09:32 | 000,002,254 | ---- | M] () -- c:\Windows\winsxs\Manifests\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7b72211ab7fe50e2.manifest

[2009/07/13 20:51:09 | 000,004,109 | ---- | M] () -- c:\Windows\winsxs\Manifests\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855.manifest

[2009/07/13 21:09:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- c:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4ca1d8e3fab85182\rundll32.exe.mui

[2009/07/13 19:49:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- c:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7b72211ab7fe50e2\rundll32.exe.mui

[2009/07/13 20:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- c:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

What is the main use of this computer ? Do you mainly use it for gaming? or is it used for business purposes ?

What antivirus program is installed ? and has it been kept current at all times?

It would seem that last summer at some point it had no antivirus, and then at some point it had MS Security Essentials.

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :otl
    O4 - HKCU..\Run: [babylon] rundll32.exe "C:\Users\Jose Luis Jr\AppData\Local\Microsoft Games\Babylon\uhnlvpwm.dll",DllRegisterServerW
    :files
    c:\Windows\Prefetch\RUNDLL32.EXE-0724304B.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-10FACE59.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-1D6A79E2.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-2BC6C34F.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-319EBDCC.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-5295EB94.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-52E8CA1D.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-5449B04D.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-5FC5E81E.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-68223C59.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-7EF2D70D.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-85C6555D.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-9E418AC1.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-A3C758FA.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-C7A2637E.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-C7B991E1.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-E056FB71.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-EFA6F44A.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-EFB37361.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-F7940581.pf
    c:\Windows\Prefetch\RUNDLL32.EXE-FE0DF881.pf
    recycler /alldrives
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Babylon"=-
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Step 4

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Step 5

  • Please download CKScanner from >>Here<<
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe & select Run as administrator to start.
  • then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Copy/paste the contents of CKFiles.txt in your next reply.

Edited by Maurice Naggar
Link to post
Share on other sites

Well use of this computer is pretty much as a powerhorse. I do gaming, work, video editing, multimedia...pretty much a little bit of everything.

Here are the reports!

OTL Report:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Babylon deleted successfully.

File move failed. C:\Windows\System32\rundll32.exe scheduled to be moved on reboot.

========== FILES ==========

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-0724304B.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-10FACE59.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-1D6A79E2.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-2BC6C34F.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-319EBDCC.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-5295EB94.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-52E8CA1D.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-5449B04D.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-5FC5E81E.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-68223C59.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-7EF2D70D.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-85C6555D.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-9E418AC1.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-A3C758FA.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-C7A2637E.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-C7B991E1.pf not found.

c:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf moved successfully.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-E056FB71.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-EFA6F44A.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-EFB37361.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-F7940581.pf not found.

File\Folder c:\Windows\Prefetch\RUNDLL32.EXE-FE0DF881.pf not found.

recycler not found in C:\

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Babylon not found.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jose Luis Jr

->Temp folder emptied: 119907868 bytes

->Temporary Internet Files folder emptied: 2227435 bytes

->Java cache emptied: 510740 bytes

->FireFox cache emptied: 380647202 bytes

->Flash cache emptied: 30146 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1187198 bytes

RecycleBin emptied: 904140 bytes

Total Files Cleaned = 482.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jose Luis Jr

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jose Luis Jr

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.61.3 log created on 09192012_003740

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\rundll32.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Security Check Report:

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java™ 7 Update 5

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Mozilla Firefox (15.0.1)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Farbar Recovery Tool Report:

Farbar Service Scanner Version: 06-08-2012

Ran by Jose Luis Jr (administrator) on 19-09-2012 at 00:57:15

Running from "C:\Users\Jose Luis Jr\Downloads"

Microsoft Windows 7 Alienware 2010 Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.

Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2012-09-12 10:42] - [2012-08-22 12:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Dr. Webcureit Report:

overlay.js;C:\Documents and Settings\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com\conten;Adware.Plugin.8;Incurable.Moved.;

overlay.js;C:\Documents and Settings\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com\c;Adware.Plugin.8;Incurable.Moved.;

overlay.js;C:\Documents and Settings\Jose Luis Jr\Application Data\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com\conte;Adware.Plugin.8;Invalid path to file ;

overlay.js;C:\Documents and Settings\Jose Luis Jr\Application Data\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com\;Adware.Plugin.8;Invalid path to file ;

InboxEmailNotifierSetup.exe;C:\Documents and Settings\Jose Luis Jr\Downloads;Adware.InboxCom.2;Invalid path to file ;

n.vir;C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6;Trojan.Winlock.6713;Incurable.Moved.;

00000004.@.vir;C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U;BackDoor.Siggen.47782;Incurable.Moved.;

00000008.@.vir;C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U;Tool.BtcMine.26;Incurable.Moved.;

n.vir;C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-845778531-2913447589-3389831647-1000\$f2089992f43978e2f9f3fce4ad6145b6;Trojan.Winlock.6713;Incurable.Moved.;

esuier.dll.vir;C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\AppData\Roaming;Probably Trojan.Packed;Incurable.Moved.;

xsecva.exe.vir;C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\AppData\Roaming\xsecva;BackDoor.Xse.3;Deleted.;

syshost.exe.vir;C:\Qoobox\Quarantine\C\Windows\Installer\{F40C7DAC-D40B-E334-2B81-C7480B64E20A};Trojan.Click2.33315;Deleted.;

tsk0000.dta;C:\TDSSKiller_Quarantine\08.09.2012_03.25.40\rtkt0000\svc0000;Trojan.Rodricter.1;Cured.;

overlay.js;C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com\content;Adware.Plugin.8;Invalid path to file ;

overlay.js;C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com\content;Adware.Plugin.8;Invalid path to file ;

overlay.js;C:\Documents and Settings\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com\conten;Adware.Plugin.8;Invalid path to file ;

overlay.js;C:\Documents and Settings\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com\c;Adware.Plugin.8;Invalid path to file ;

overlay.js;C:\Documents and Settings\Jose Luis Jr\Application Data\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com\conte;Adware.Plugin.8;Invalid path to file ;

overlay.js;C:\Documents and Settings\Jose Luis Jr\Application Data\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com\;Adware.Plugin.8;Invalid path to file ;

00000004.@.vir;C:\Documents and Settings\Jose Luis Jr\DoctorWeb\Quarantine;BackDoor.Siggen.47782;Incurable.Moved.;

n.vir;C:\Documents and Settings\Jose Luis Jr\DoctorWeb\Quarantine;Trojan.Winlock.6713;Incurable.Moved.;

n______0.vir;C:\Documents and Settings\Jose Luis Jr\DoctorWeb\Quarantine;Trojan.Winlock.6713;Incurable.Moved.;

InboxEmailNotifierSetup.exe;C:\Documents and Settings\Jose Luis Jr\Downloads;Adware.InboxCom.2 - read error;Invalid path to file ;

00000008.@.vir;C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$f2089992f43978e2f9f3fce4ad6145b6\U;Tool.BtcMine.26;Invalid path to file ;

esuier.dll.vir;C:\Qoobox\Quarantine\C\Users\Jose Luis Jr\AppData\Roaming;Probably Trojan.Packed;Invalid path to file ;

overlay.js;C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com\content;Adware.Plugin.8;Invalid path to file ;

overlay.js;C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com\content;Adware.Plugin.8;Invalid path to file ;

CKScanner Report:

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt

c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg

c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg

c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg

c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae

c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh

c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae

c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds

c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds

c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae

c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh

c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae

c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh

c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat

c:\program files\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py

c:\program files\tera\client\s1game\cookedpc\art_data\packages\bg\extension_01\original\ex01_blackcrack_obj.gpk

c:\program files\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_bigstone.gpk

c:\program files\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_bigstone_ani.gpk

c:\program files\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\black_crack_wall.gpk

scanner sequence 3.ZZ.11.CVAPIC

----- EOF -----

Link to post
Share on other sites

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here
    or >> from here <<
    and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
    ( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

2

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

3

Please download AdwCleaner from >>here<< and save it on your Desktop.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Edited by Maurice Naggar
Link to post
Share on other sites

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 19:06:40

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Jose Luis Jr - JOSELUISJR-PC

# Boot Mode : Normal

# Running from : C:\Users\Jose Luis Jr\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

Folder Found : C:\Program Files\Inbox

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Jose Luis Jr\AppData\Local\Babylon

Folder Found : C:\Users\Jose Luis Jr\AppData\Roaming\Babylon

Folder Found : C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\extensions\plugin@yontoo.com

Folder Found : C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Found : HKCU\Software\CToolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Found : HKLM\SOFTWARE\Classes\ctbcommon.Buttons

Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Client

Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Script

Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Server

Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}

Key Found : HKLM\Software\CToolbar

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default [Profil par défaut]

File : C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\iohkau5y.default\prefs.js

[OK] File is clean.

Profile name : JL

File : C:\Users\Jose Luis Jr\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JL\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3392 octets] - [19/09/2012 19:06:40]

########## EOF - C:\AdwCleaner[R1].txt - [3452 octets] ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.