Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random crashes


  • This topic is locked This topic is locked
26 replies to this topic

#1 Kirin

Kirin

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 27 June 2011 - 02:34 PM

Hello all. I've gotten myself a new computer I'm pretty happy with a few months ago, around March or so. It came with Windows 7 Home Premium, and I bought and installed Windows 7 Ultimate about a week after I got it. Not too long after that (Roughly a week), my computer started having random crashes. The crashes don't come regularly; they happen, as far as I know, completely randomly. Sometimes my computer would go without a crash for three days, sometimes it crashes many times in a day. It was bad, but not bad enough that I couldn't handle it, until yesterday morning when it crashed roughly four times in two hours. That's when I figured I should probably get some help.

By 'crash', I don't mean a blue screen of death. Basically, the whole computer stops responding. The mouse cursor doesn't move, and pressing the Num Lock key on my keyboard doesn't toggle the light indicator off and on. That's the usual way it crashes. If I'm playing any audio of any sort, such as talking over Skype or listening to music, the audio is horribly distorted and the last second keeps replaying over and over like some kind of static ear destroyer.

I haven't tried formatting my computer yet, but I'm treating it as a worst case scenario. If I'm unable to fix this problem even with your help, I may have to resort to that. Here is my DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_24
Run by Kirin at 5:24:53 on 2011-06-28
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.8175.5650 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX3000.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
D:\Program Files\Free Download Manager\fdm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Kirin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Razer\Arctosa\razerhid.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
D:\Program Files\Fraps\fraps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
D:\Program Files\Fraps\fraps64.dat
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Mega Manager\MegaIEMn.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - D:\Program Files\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ASRockXTU] 
uRun: [zASRockInstantBoot] 
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Kirin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "D:\Program Files\Steam\steam.exe" -silent
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Arctosa] "D:\Program Files\Razer\Arctosa\razerhid.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
StartupFolder: C:\Users\Kirin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kirin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Kirin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JDOWNL~1.LNK - D:\Program Files\JDownloader\JDownloader.exe
StartupFolder: C:\Users\Kirin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - D:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://D:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7B9A5E73-4FCF-4972-81F7-04B32037CB4C} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{B1B9CD90-D6F8-4DE4-8D55-1F1FD3327BE4} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Mega Manager\MegaIEMn.dll
BHO-X64:     MegaIEMn - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Arctosa] "D:\Program Files\Razer\Arctosa\razerhid.exe"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://D:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: D:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-12 42184]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-6-27 67584]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-30 363344]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-10 79360]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-3-10 129440]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys --> C:\Windows\system32\drivers\Mkd2Nadr.sys [?]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-3-10 79360]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-27 18:28:41	--------	d-----w-	C:\Users\Kirin\AppData\Local\{1B8842A8-CC6F-475B-ACFA-55797AFEA4D9}
2011-06-27 18:28:19	--------	d-----w-	C:\Users\Kirin\AppData\Local\{8E337B18-3819-4396-BE72-F4FBDA0B37BE}
2011-06-26 23:40:59	--------	d-----w-	C:\Users\Kirin\AppData\Local\Safe mirror
2011-06-26 23:36:11	--------	d-----w-	C:\Program Files (x86)\Cobian Backup 10
2011-06-26 21:22:26	--------	d-sh--w-	C:\found.004
2011-06-26 16:23:17	--------	d-----w-	C:\Users\Kirin\AppData\Local\{85C027F1-B8B3-4F8D-86CF-C75F1F3390E6}
2011-06-26 16:22:44	--------	d-----w-	C:\Users\Kirin\AppData\Local\{D7DEA596-6B18-4340-AC0A-87328E96D4B5}
2011-06-26 04:22:15	--------	d-----w-	C:\Users\Kirin\AppData\Local\{85481345-6F06-47AE-A7B2-047B4DBC9ECA}
2011-06-26 04:21:42	--------	d-----w-	C:\Users\Kirin\AppData\Local\{A61A9BC9-1DDD-4143-A594-D3A0317B1F85}
2011-06-25 16:20:22	--------	d-----w-	C:\Users\Kirin\AppData\Local\{5D5FF09F-F273-4B8A-AF96-E6CC750D91A6}
2011-06-25 12:28:14	--------	d-----w-	C:\Program Files (x86)\Common Files\Steam
2011-06-25 04:19:48	--------	d-----w-	C:\Users\Kirin\AppData\Local\{BB5816C6-7B47-46A5-A96F-34D92D2F827F}
2011-06-25 04:19:24	--------	d-----w-	C:\Users\Kirin\AppData\Local\{5DC6D453-420D-4736-882B-E899CD126EFF}
2011-06-24 16:23:06	8873296	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55FBCF4C-AFA7-4882-B27B-343E8304170D}\mpengine.dll
2011-06-24 16:19:01	--------	d-----w-	C:\Users\Kirin\AppData\Local\{623A461D-CA52-41AF-8ACA-88D6742990E8}
2011-06-24 16:18:27	--------	d-----w-	C:\Windows\en
2011-06-24 16:18:15	--------	d-----w-	C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-06-24 16:18:04	69464	----a-w-	C:\Windows\SysWow64\XAPOFX1_3.dll
2011-06-24 16:18:04	523088	----a-w-	C:\Windows\System32\d3dx10_42.dll
2011-06-24 16:18:04	515416	----a-w-	C:\Windows\SysWow64\XAudio2_5.dll
2011-06-24 16:18:04	453456	----a-w-	C:\Windows\SysWow64\d3dx10_42.dll
2011-06-24 16:17:55	4398360	----a-w-	C:\Windows\System32\d3dx9_32.dll
2011-06-24 16:17:55	3426072	----a-w-	C:\Windows\SysWow64\d3dx9_32.dll
2011-06-24 16:17:22	15712	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\32e168221cc328a05\MeshBetaRemover.exe
2011-06-24 07:06:39	--------	d-----w-	C:\Users\Kirin\AppData\Local\{134F938E-91B7-4749-BB38-6B4E1AAE9AAC}
2011-06-24 07:06:17	--------	d-----w-	C:\Users\Kirin\AppData\Local\{2E0CD4BB-61B4-4721-98F9-84C4E4B45914}
2011-06-23 19:05:34	--------	d-----w-	C:\Users\Kirin\AppData\Local\{E8CF12EF-1FC2-4EED-A14D-B0801E9AF7AE}
2011-06-23 19:05:12	--------	d-----w-	C:\Users\Kirin\AppData\Local\{6064D6A4-BB99-43CD-9252-AA6E7F38CF89}
2011-06-23 13:29:10	281088	------w-	C:\Windows\SysWow64\lame.ax
2011-06-23 13:11:56	696832	----a-w-	C:\Windows\System32\xvidcore.dll
2011-06-23 13:11:56	645632	----a-w-	C:\Windows\SysWow64\xvidcore.dll
2011-06-23 13:11:56	255488	----a-w-	C:\Windows\System32\xvidvfw.dll
2011-06-23 13:11:56	240640	----a-w-	C:\Windows\SysWow64\xvidvfw.dll
2011-06-23 13:11:56	173568	----a-w-	C:\Windows\System32\xvid.ax
2011-06-23 13:11:56	153088	----a-w-	C:\Windows\SysWow64\xvid.ax
2011-06-23 13:11:56	--------	d-----w-	C:\Program Files (x86)\Xvid
2011-06-23 07:04:42	--------	d-----w-	C:\Users\Kirin\AppData\Local\{659B989D-860A-4B3E-B4E9-1C498E57C5FE}
2011-06-23 07:04:21	--------	d-----w-	C:\Users\Kirin\AppData\Local\{17EFCB6C-4235-42F1-BE58-A356EAC05A5A}
2011-06-22 20:14:41	2106216	----a-w-	C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 20:14:41	1998168	----a-w-	C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-22 19:03:51	--------	d-----w-	C:\Users\Kirin\AppData\Local\{F710A3E0-BDF1-45F8-BCC2-EC0B24064AE9}
2011-06-22 19:03:29	--------	d-----w-	C:\Users\Kirin\AppData\Local\{5EDEA614-1E04-4C7B-8340-DB3375D989A4}
2011-06-22 07:02:59	--------	d-----w-	C:\Users\Kirin\AppData\Local\{956CE9E2-4683-46A3-ABE3-CB7FBAA06884}
2011-06-22 07:02:39	--------	d-----w-	C:\Users\Kirin\AppData\Local\{E0DC64FE-2EA6-4DEF-87C4-C2E83E8EE88B}
2011-06-21 19:02:08	--------	d-----w-	C:\Users\Kirin\AppData\Local\{031F7516-80AF-4880-8DC0-CDC1D543EBCB}
2011-06-21 17:06:02	--------	d-----we	C:\Users\Kirin\AppData\Roaming\.minecraft
2011-06-21 16:45:14	--------	d-----w-	C:\Users\Kirin\AppData\Roaming\.minecraft_2
2011-06-21 16:41:12	--------	d-----w-	C:\Program Files\LinkShellExtension
2011-06-20 19:00:13	--------	d-----w-	C:\Users\Kirin\AppData\Local\{1581E764-D7DB-4FD8-9396-57C490FC35FE}
2011-06-20 18:59:51	--------	d-----w-	C:\Users\Kirin\AppData\Local\{81A1B3D1-8547-4291-98DA-8C2D43171D16}
2011-06-19 18:57:54	--------	d-----w-	C:\Users\Kirin\AppData\Local\{89B99608-554B-4F46-B592-9ADA9BD3E032}
2011-06-19 11:58:52	--------	d-sh--w-	C:\found.003
2011-06-19 06:56:53	--------	d-----w-	C:\Users\Kirin\AppData\Local\{C39CCDCA-BED9-4859-B637-72B980ABE45B}
2011-06-19 04:33:26	--------	d-----w-	C:\Users\Kirin\AppData\Local\Evernote
2011-06-19 04:32:51	--------	d-----w-	C:\Program Files (x86)\Evernote
2011-06-18 18:56:23	--------	d-----w-	C:\Users\Kirin\AppData\Local\{87D1847C-D3EB-4192-849B-1DF9D08A7C08}
2011-06-18 18:56:00	--------	d-----w-	C:\Users\Kirin\AppData\Local\{19397462-CA2B-41EB-A0DC-CC33B9755E1D}
2011-06-18 06:55:30	--------	d-----w-	C:\Users\Kirin\AppData\Local\{03FA42B2-3365-4689-A931-B49FE9472294}
2011-06-18 06:55:09	--------	d-----w-	C:\Users\Kirin\AppData\Local\{64B8B9BC-81C9-41A4-8349-618D2C9DBF18}
2011-06-17 18:54:26	--------	d-----w-	C:\Users\Kirin\AppData\Local\{7C17CB47-A8BF-4680-80B8-BFB39150A3DE}
2011-06-17 18:54:04	--------	d-----w-	C:\Users\Kirin\AppData\Local\{CD52D131-7DFA-464B-899F-244ED7207BB6}
2011-06-17 08:14:30	--------	d-----w-	C:\Users\Kirin\AppData\Roaming\MySQL
2011-06-17 06:53:21	--------	d-----w-	C:\Users\Kirin\AppData\Local\{FE5FE2E7-220E-42B3-BEAA-876D10A3040A}
2011-06-17 06:53:11	--------	d-----w-	C:\Users\Kirin\AppData\Local\{77EDA757-289F-4E01-AB8B-9ABF624B9266}
2011-06-16 18:21:39	--------	d-----w-	C:\Users\Kirin\AppData\Local\{33B552A2-A451-49DA-A783-4C78BE2CAC57}
2011-06-16 18:21:17	--------	d-----w-	C:\Users\Kirin\AppData\Local\{05F68540-763F-4F95-A2F7-5FE40D84118D}
2011-06-16 18:13:53	--------	d-----w-	C:\Users\Kirin\.rs
2011-06-16 06:20:35	--------	d-----w-	C:\Users\Kirin\AppData\Local\{0156CF01-BAD9-42D6-A083-9FEB5DA800BC}
2011-06-16 06:20:14	--------	d-----w-	C:\Users\Kirin\AppData\Local\{AAAAAAA9-94E2-4101-9D18-90D1279129FA}
2011-06-15 18:19:31	--------	d-----w-	C:\Users\Kirin\AppData\Local\{F138438B-A3D8-4B56-B393-0153F2CC44C7}
2011-06-15 18:19:09	--------	d-----w-	C:\Users\Kirin\AppData\Local\{B34F7E19-364B-44EF-8346-51DF7064220C}
2011-06-15 07:26:53	499200	----a-w-	C:\Windows\System32\drivers\afd.sys
2011-06-15 07:26:53	1923968	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2011-06-15 07:26:52	289280	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 07:26:52	158208	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2011-06-15 07:26:52	128000	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-15 07:26:50	3135488	----a-w-	C:\Windows\System32\win32k.sys
2011-06-15 07:26:48	467456	----a-w-	C:\Windows\System32\drivers\srv.sys
2011-06-15 07:26:48	410112	----a-w-	C:\Windows\System32\drivers\srv2.sys
2011-06-15 07:26:48	168448	----a-w-	C:\Windows\System32\drivers\srvnet.sys
2011-06-15 07:26:39	861696	----a-w-	C:\Windows\System32\oleaut32.dll
2011-06-15 07:26:39	571904	----a-w-	C:\Windows\SysWow64\oleaut32.dll
2011-06-15 07:26:37	976896	----a-w-	C:\Windows\System32\inetcomm.dll
2011-06-15 07:26:37	741376	----a-w-	C:\Windows\SysWow64\inetcomm.dll
2011-06-15 06:18:27	--------	d-----w-	C:\Users\Kirin\AppData\Local\{75378485-517A-4DE1-BD7B-AF4596628834}
2011-06-15 06:18:05	--------	d-----w-	C:\Users\Kirin\AppData\Local\{1A1CD648-44DF-43ED-BA12-5660D69570E6}
2011-06-14 18:17:34	--------	d-----w-	C:\Users\Kirin\AppData\Local\{11CAE2EF-C9DD-492D-838A-C437CABC7E75}
2011-06-14 18:17:12	--------	d-----w-	C:\Users\Kirin\AppData\Local\{BE802D4D-A884-4EA7-B460-589087122728}
2011-06-14 06:16:30	--------	d-----w-	C:\Users\Kirin\AppData\Local\{3D67220A-9894-4C7D-9901-07274745065B}
2011-06-14 06:16:08	--------	d-----w-	C:\Users\Kirin\AppData\Local\{36431744-D448-4E4D-B526-8C9F1E412311}
2011-06-13 18:15:38	--------	d-----w-	C:\Users\Kirin\AppData\Local\{675EA2F1-EA75-4BDC-B8E0-A949CE476941}
2011-06-13 18:15:17	--------	d-----w-	C:\Users\Kirin\AppData\Local\{41F2C511-4009-46AD-82F9-0454D6575E61}
2011-06-13 14:14:13	--------	d-----w-	C:\Users\Kirin\AppData\Roaming\VBA-M
2011-06-13 06:14:35	--------	d-----w-	C:\Users\Kirin\AppData\Local\{9DCF1CEE-4126-42B3-9167-BE5992F2FFF7}
2011-06-13 06:14:25	--------	d-----w-	C:\Users\Kirin\AppData\Local\{C5E527D6-6B25-4904-A6B3-9F93A4D3619E}
2011-06-12 16:46:17	--------	d-----w-	C:\Users\Kirin\AppData\Local\{86246B35-2987-4C80-B0E7-5DA3603C022E}
2011-06-12 16:45:55	--------	d-----w-	C:\Users\Kirin\AppData\Local\{7786E2FF-BADC-4B3E-B730-7D4ACF2864F4}
2011-06-12 04:45:25	--------	d-----w-	C:\Users\Kirin\AppData\Local\{2E936DFE-7D3B-4869-BAF6-8BBFF38DC366}
2011-06-12 04:45:03	--------	d-----w-	C:\Users\Kirin\AppData\Local\{C8080182-86E4-47D6-B591-7E970C4EB4FD}
2011-06-11 16:44:33	--------	d-----w-	C:\Users\Kirin\AppData\Local\{2578B001-3559-445C-BEE7-E2962CBFC661}
2011-06-11 16:44:11	--------	d-----w-	C:\Users\Kirin\AppData\Local\{A1A036AE-81F3-48C8-8C39-CE7326493115}
2011-06-11 04:43:08	--------	d-----w-	C:\Users\Kirin\AppData\Local\{B6480EB4-67D8-4232-AB61-D6EDFFF6DA6D}
2011-06-10 16:42:02	--------	d-----w-	C:\Users\Kirin\AppData\Local\{2F81A7BA-285C-40FB-9EBF-FBD218EF0899}
2011-06-10 04:41:30	--------	d-----w-	C:\Users\Kirin\AppData\Local\{F7D7D444-0BA1-40A9-BD15-A17724B012AF}
2011-06-10 04:41:19	--------	d-----w-	C:\Users\Kirin\AppData\Local\{805173E0-CB6C-4E83-BA5D-18EB54E2A8C5}
2011-06-09 16:00:06	--------	d-----w-	C:\Users\Kirin\AppData\Local\{32A88AC7-F677-426D-BE3C-83F5A2877742}
2011-06-09 15:59:42	--------	d-----w-	C:\Users\Kirin\AppData\Local\{713210D8-13B4-4258-8C77-369268AFDA21}
2011-06-09 03:59:09	--------	d-----w-	C:\Users\Kirin\AppData\Local\{EBAAEAC4-E10F-4012-84A7-9DD250D55B1B}
2011-06-09 03:58:45	--------	d-----w-	C:\Users\Kirin\AppData\Local\{64D5FC5D-1644-4E71-9B43-BDAEC414A55C}
2011-06-09 02:36:17	--------	d-----w-	C:\Users\Kirin\AppData\Roaming\Mipony
2011-06-08 15:58:07	--------	d-----w-	C:\Users\Kirin\AppData\Local\{E67E503E-4681-4D76-B07F-FC7176CCC11E}
2011-06-08 15:57:39	--------	d-----w-	C:\Users\Kirin\AppData\Local\{B4F3A773-0670-4091-A097-451FBD88CC84}
2011-06-08 03:56:54	--------	d-----w-	C:\Users\Kirin\AppData\Local\{1335BD35-E7B8-406D-A66C-9ABD3C523A14}
2011-06-08 03:56:30	--------	d-----w-	C:\Users\Kirin\AppData\Local\{37D71266-65A1-42A7-B51A-9CD63ECC15D6}
2011-06-07 15:55:47	--------	d-----w-	C:\Users\Kirin\AppData\Local\{9BFA2E52-D4FE-48F6-B495-0746F84E045D}
2011-06-07 03:54:56	--------	d-----w-	C:\Users\Kirin\AppData\Local\{014A957B-7DAD-47FB-B513-93B2AE7F96BE}
2011-06-06 15:53:42	--------	d-----w-	C:\Users\Kirin\AppData\Local\{FCA920FB-57DF-4394-866C-21FBEDCE885A}
2011-06-06 03:52:49	--------	d-----w-	C:\Users\Kirin\AppData\Local\{1A4639CA-1DF0-4E08-89BB-AC7E3910F77B}
2011-06-06 02:55:30	183696	----a-w-	C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 15:51:56	--------	d-----w-	C:\Users\Kirin\AppData\Local\{FEC0B134-F377-499C-9644-7558A3622189}
2011-06-05 03:51:03	--------	d-----w-	C:\Users\Kirin\AppData\Local\{D3496FA2-9638-403D-B568-57653F7FCC32}
2011-06-04 15:50:32	--------	d-----w-	C:\Users\Kirin\AppData\Local\{045C2176-EED2-4090-AD1F-998BABF62448}
2011-06-04 03:49:40	--------	d-----w-	C:\Users\Kirin\AppData\Local\{AD5360DF-3B7A-438D-B191-20C9368E85FD}
2011-06-04 03:49:18	--------	d-----w-	C:\Users\Kirin\AppData\Local\{93F99DE3-A908-45AC-B125-B70AC977445E}
2011-06-03 15:48:36	--------	d-----w-	C:\Users\Kirin\AppData\Local\{C01DD349-774A-4C5E-8970-CB5E0FE2FD81}
2011-06-03 15:48:02	--------	d-----w-	C:\Users\Kirin\AppData\Local\{A63FB51C-B995-42E3-B22F-36A57C1D1F7A}
2011-06-03 03:47:33	--------	d-----w-	C:\Users\Kirin\AppData\Local\{EEDFF212-A0EB-4CE4-86FF-655D5CBBE8D4}
2011-06-03 03:47:00	--------	d-----w-	C:\Users\Kirin\AppData\Local\{AD13B22B-0CD7-4A8E-AD55-C95FF71B6FB5}
2011-06-02 15:46:30	--------	d-----w-	C:\Users\Kirin\AppData\Local\{51CB4DB3-DDF6-47D2-8476-90F318AD94C4}
2011-06-02 15:45:57	--------	d-----w-	C:\Users\Kirin\AppData\Local\{AD028FB2-8E34-498E-A99B-D005E673B101}
2011-06-02 07:30:51	--------	d-sh--w-	C:\ProgramData\DSS
2011-06-02 07:29:54	--------	d-----w-	C:\Users\Kirin\AppData\Roaming\Lionhead Studios
2011-06-02 07:06:26	74072	----a-w-	C:\Windows\SysWow64\XAPOFX1_4.dll
2011-06-02 07:06:26	528216	----a-w-	C:\Windows\SysWow64\XAudio2_6.dll
2011-06-02 07:06:26	22360	----a-w-	C:\Windows\SysWow64\X3DAudio1_7.dll
2011-06-02 07:06:26	1998168	----a-w-	C:\Windows\SysWow64\D3DX9_43.dll
2011-06-02 07:06:25	81768	----a-w-	C:\Windows\SysWow64\xinput1_3.dll
2011-06-02 07:06:25	1892184	----a-w-	C:\Windows\SysWow64\D3DX9_42.dll
2011-06-02 03:45:26	--------	d-----w-	C:\Users\Kirin\AppData\Local\{7318E86A-6946-4461-8D56-10CCEF325C96}
2011-06-02 03:44:53	--------	d-----w-	C:\Users\Kirin\AppData\Local\{8D15A1AC-FFCF-4B9A-98BF-1BDA713F15A2}
2011-06-01 15:44:05	--------	d-----w-	C:\Users\Kirin\AppData\Local\{EA1E049A-C2EE-4218-9208-1C286F866B63}
2011-06-01 03:43:22	--------	d-----w-	C:\Users\Kirin\AppData\Local\{CCEDCFD4-A817-47A8-A601-54566DF14318}
2011-06-01 03:42:49	--------	d-----w-	C:\Users\Kirin\AppData\Local\{D94FC28A-DC62-4DE3-9DA9-9D8592ED75B7}
2011-05-31 15:42:06	--------	d-----w-	C:\Users\Kirin\AppData\Local\{0B5DF7B0-35EE-4191-B6E4-5E1E1FAB66E1}
2011-05-31 15:41:33	--------	d-----w-	C:\Users\Kirin\AppData\Local\{0D57D294-B3A1-4799-994C-4611E29DCC0E}
2011-05-31 03:40:49	--------	d-----w-	C:\Users\Kirin\AppData\Local\{E9965BD7-C97D-46F4-A6D7-F90849874E31}
2011-05-31 03:40:16	--------	d-----w-	C:\Users\Kirin\AppData\Local\{A3F05C86-1AB3-42E3-B8CA-7B9EE81B29EE}
2011-05-30 15:39:33	--------	d-----w-	C:\Users\Kirin\AppData\Local\{011D307E-D60B-4E72-98F1-27A03C1AECBC}
2011-05-30 15:39:00	--------	d-----w-	C:\Users\Kirin\AppData\Local\{03133E53-DCE8-4EEC-AD24-B51229530BA4}
2011-05-30 03:38:18	--------	d-----w-	C:\Users\Kirin\AppData\Local\{F8783FB9-F789-4251-A875-7CBF2740075A}
2011-05-30 03:37:46	--------	d-----w-	C:\Users\Kirin\AppData\Local\{57D0D121-9301-45FD-954C-5A53ABB2FA77}
2011-05-29 15:37:16	--------	d-----w-	C:\Users\Kirin\AppData\Local\{A5A6B352-8AF9-403B-9F64-C66194BA09B6}
2011-05-29 15:36:42	--------	d-----w-	C:\Users\Kirin\AppData\Local\{C1D1DF21-C70E-4E59-85E5-19E2513F8AF6}
2011-05-29 03:36:11	--------	d-----w-	C:\Users\Kirin\AppData\Local\{1D3D5C3B-4EAD-414A-A29A-61D151B03CD1}
2011-05-29 03:35:38	--------	d-----w-	C:\Users\Kirin\AppData\Local\{4C63DC72-54AC-4FBF-8930-437051EFBCED}
.
==================== Find3M  ====================
.
2011-06-17 12:21:00	404640	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 12:26:46	71680	----a-w-	C:\Windows\System32\frapsv64.dll
2011-05-28 12:26:44	65536	----a-w-	C:\Windows\SysWow64\frapsvid.dll
2011-05-24 09:14:10	270720	------w-	C:\Windows\System32\MpSigStub.exe
2011-05-10 12:10:59	40112	----a-w-	C:\Windows\avastSS.scr
2011-05-10 12:04:08	600920	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2011-05-10 11:59:48	64344	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2011-04-23 01:29:25	2303488	----a-w-	C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56	1797632	----a-w-	C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29	27520	----a-w-	C:\Windows\System32\drivers\Diskdump.sys
2011-04-09 07:02:55	5562240	----a-w-	C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56	142336	----a-w-	C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25	3967872	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25	3912576	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38	123904	----a-w-	C:\Windows\SysWow64\poqexec.exe
2011-04-06 06:26:58	96544	----a-w-	C:\Windows\System32\dnssd.dll
2011-04-06 06:26:58	69408	----a-w-	C:\Windows\System32\jdns_sd.dll
2011-04-06 06:26:58	237856	----a-w-	C:\Windows\System32\dnssdX.dll
2011-04-06 06:26:58	119584	----a-w-	C:\Windows\System32\dns-sd.exe
2011-04-06 06:20:16	91424	----a-w-	C:\Windows\SysWow64\dnssd.dll
2011-04-06 06:20:16	75040	----a-w-	C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 06:20:16	197920	----a-w-	C:\Windows\SysWow64\dnssdX.dll
2011-04-06 06:20:16	107808	----a-w-	C:\Windows\SysWow64\dns-sd.exe
.
============= FINISH:  5:26:27.24 ===============

I actually have to leave my computer tomorrow for a few weeks, so while I may be able to respond to replies using my laptop, I won't have access to my desktop (The computer with the crashing problem). I hope this is enough detail for the moment, and I'll try and add more when I can.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 09 July 2011 - 01:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 12 July 2011 - 12:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 17 July 2011 - 02:42 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 13 August 2011 - 11:38 AM

It has been reopened for you



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Kirin

Kirin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 13 August 2011 - 08:41 PM

I apologize once again for the lateness in replying. Personal circumstances.

This is the contents of the DDS.txt file:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Kirin at 11:32:54 on 2011-08-14
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8175.5040 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k imgsvc
D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX3000.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Kirin\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
D:\Program Files\TeamViewer\Version6\tv_w32.exe
D:\Program Files\TeamViewer\Version6\tv_x64.exe
D:\Program Files\Free Download Manager\fdm.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Kirin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Razer\Arctosa\razerhid.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
D:\Program Files\Fraps\fraps.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Fraps\fraps64.dat
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Mega Manager\MegaIEMn.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - D:\Program Files\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ASRockXTU]
uRun: [zASRockInstantBoot]
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Kirin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "D:\Program Files\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Arctosa] "D:\Program Files\Razer\Arctosa\razerhid.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
StartupFolder: C:\Users\Kirin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kirin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Kirin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - D:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://D:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7B9A5E73-4FCF-4972-81F7-04B32037CB4C} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{B1B9CD90-D6F8-4DE4-8D55-1F1FD3327BE4} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Mega Manager\MegaIEMn.dll
BHO-X64: MegaIEMn - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Arctosa] "D:\Program Files\Razer\Arctosa\razerhid.exe"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://D:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kirin\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: D:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-8 42184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-13 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 TeamViewer6;TeamViewer 6;D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-28 2337144]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-30 363344]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-10 79360]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-3-10 129440]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys --> C:\Windows\system32\drivers\Mkd2Nadr.sys [?]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-3-10 79360]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2097-08-07 01:36:19 -------- d-----w- C:\Users\Kirin\AppData\Local\{BE3FADD6-8FFF-4EF6-A28B-E633F1717510}
2011-08-13 15:55:33 -------- d-----w- C:\Users\Kirin\AppData\Local\{EB57ED85-76C7-471A-ADEC-1670D3D729FA}
2011-08-13 15:55:23 -------- d-----w- C:\Users\Kirin\AppData\Local\{DDAF6556-12A2-45F7-8BE4-33C1A5D0F738}
2011-08-13 15:55:08 -------- d-----w- C:\Users\Kirin\AppData\Local\{1FFC172F-20DB-45C3-B3B9-6BDBE9ECF1FD}
2011-08-13 15:54:46 -------- d-----w- C:\Users\Kirin\AppData\Local\{51482B75-4621-45BB-9475-25AE251C935B}
2011-08-13 13:32:46 1531392 ----a-w- C:\Users\Kirin\AppData\Roaming\tsdnwin.dll
2011-08-13 13:16:01 -------- d-----w- C:\Program Files (x86)\SAMSUNG
2011-08-13 13:15:17 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-08-13 13:15:17 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-08-13 13:15:17 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-08-13 13:15:17 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-08-13 13:15:17 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-08-13 13:15:16 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-08-13 13:15:16 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-08-13 09:12:27 980072 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-08-13 09:12:27 836200 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-08-13 09:12:27 61544 ----a-w- C:\Windows\System32\nvshext.dll
2011-08-13 09:12:27 6136936 ----a-w- C:\Windows\System32\nvcpl.dll
2011-08-13 09:12:27 3021416 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-08-13 09:12:27 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-08-13 09:12:09 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-08-13 03:54:22 -------- d-----w- C:\Users\Kirin\AppData\Local\{A262FA8E-41BB-4BE6-A2F9-ED3169ADC69D}
2011-08-13 03:54:12 -------- d-----w- C:\Users\Kirin\AppData\Local\{C560C087-21CE-4E4C-8FB5-C7C91F603C7E}
2011-08-13 03:53:59 -------- d-----w- C:\Users\Kirin\AppData\Local\{91382F85-2B91-4596-B82E-B12F9A46BD2A}
2011-08-12 14:33:47 -------- d-----w- C:\Users\Kirin\AppData\Local\{84CDEE09-B62F-47D3-A3D2-AA18621D99B2}
2011-08-12 14:33:26 -------- d-----w- C:\Users\Kirin\AppData\Local\{2A2ACA00-25BD-482A-B490-3696B7E3C8E8}
2011-08-12 14:31:44 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8f32b93e1cc58fc02\MeshBetaRemover.exe
2011-08-12 09:14:31 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B06FF3E-5192-46FD-B018-F750E6B75DA0}\mpengine.dll
2011-08-12 09:00:42 -------- d-----w- C:\Users\Kirin\AppData\Local\{928BDF50-D907-43BA-85EE-A57B082D7ABB}
2011-08-12 09:00:32 -------- d-----w- C:\Users\Kirin\AppData\Local\{6063858C-ECB8-423E-9EE6-61E891392BBB}
2011-08-11 21:00:20 -------- d-----w- C:\Users\Kirin\AppData\Local\{807204E6-4895-4445-B3BD-8F9E7A8F84E6}
2011-08-11 21:00:10 -------- d-----w- C:\Users\Kirin\AppData\Local\{C1E0741F-E617-4262-B9E0-98A9DD91C361}
2011-08-11 20:59:56 -------- d-----w- C:\Users\Kirin\AppData\Local\{6533A21A-31A1-428C-884D-760C82658B12}
2011-08-11 07:26:23 -------- d-----w- C:\Users\Kirin\AppData\Local\{AFC0E8CB-292F-4DFA-8715-A1189A8F80D8}
2011-08-11 07:26:14 -------- d-----w- C:\Users\Kirin\AppData\Local\{B3DDAB94-A7D6-484F-967E-C27B6C1806E2}
2011-08-11 07:26:04 -------- d-----w- C:\Users\Kirin\AppData\Local\{6713105D-8589-455C-9E4F-30ED4BF8CBE9}
2011-08-11 03:31:44 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-11 03:31:42 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-10 15:47:41 -------- d-----w- C:\Users\Kirin\AppData\Local\{AA27A4D9-E7D8-42F8-81DC-176D7162064D}
2011-08-10 15:47:32 -------- d-----w- C:\Users\Kirin\AppData\Local\{05D5C27D-B83B-4020-804B-195AC0B1D58C}
2011-08-10 15:47:22 -------- d-----w- C:\Users\Kirin\AppData\Local\{D0168B01-E385-4764-84FB-70371801771B}
2011-08-10 15:47:00 -------- d-----w- C:\Users\Kirin\AppData\Local\{AF7364E2-6BBB-4F40-9338-889994B4EBBC}
2011-08-10 03:46:49 -------- d-----w- C:\Users\Kirin\AppData\Local\{302EA443-A024-43E6-965A-0E1D27828D5B}
2011-08-10 03:46:40 -------- d-----w- C:\Users\Kirin\AppData\Local\{CB5F36FE-ED31-4F08-AF0A-84BDFAF00279}
2011-08-10 03:46:29 -------- d-----w- C:\Users\Kirin\AppData\Local\{9647D98B-6C59-4E86-8CF1-8634BE50B7E0}
2011-08-10 03:46:19 -------- d-----w- C:\Users\Kirin\AppData\Local\{05324B30-81FC-424B-A200-E6F35642FE77}
2011-08-09 12:11:11 -------- d-----w- C:\Users\Kirin\AppData\Local\{B631D9E2-6217-4820-B3FF-B2A3B29DBD71}
2011-08-09 12:11:01 -------- d-----w- C:\Users\Kirin\AppData\Local\{3B700986-B152-4374-B896-334AB6CE5B4E}
2011-08-09 12:10:51 -------- d-----w- C:\Users\Kirin\AppData\Local\{8CFC822E-7B65-4D97-A2A4-E174F1D6017F}
2011-08-09 00:10:19 -------- d-----w- C:\Users\Kirin\AppData\Local\{061AB62D-7827-4201-AB5B-16213FAF54FA}
2011-08-09 00:10:09 -------- d-----w- C:\Users\Kirin\AppData\Local\{000D5B42-1F75-4AFF-9ADF-28928DEF616E}
2011-08-09 00:09:59 -------- d-----w- C:\Users\Kirin\AppData\Local\{BB35B4FC-BEBE-4CEA-A065-428B36C8231D}
2011-08-09 00:09:40 -------- d-----w- C:\Users\Kirin\AppData\Local\{ED456180-E63B-4331-8A70-5155700552B2}
2011-08-08 06:46:52 -------- d-----w- C:\Users\Kirin\AppData\Local\{4725E901-A6C8-4493-A2A3-0459AF52E6FB}
2011-08-08 06:46:42 -------- d-----w- C:\Users\Kirin\AppData\Local\{C4589D66-A009-4C1D-849A-238606AC6A57}
2011-08-08 06:46:32 -------- d-----w- C:\Users\Kirin\AppData\Local\{9A84E823-3843-4625-95C3-4866D232ED84}
2011-08-07 13:46:15 -------- d-----w- C:\Users\Kirin\AppData\Local\{E5CAFD5A-B064-40F2-A78D-33A6CBB6A605}
2011-08-07 13:46:05 -------- d-----w- C:\Users\Kirin\AppData\Local\{A19788C0-F0E2-4D0A-9335-AF0534646966}
2011-08-07 13:45:54 -------- d-----w- C:\Users\Kirin\AppData\Local\{E59ABB90-7C33-4F59-AF27-7B77BFE8A0CD}
2011-08-07 13:45:43 -------- d-----w- C:\Users\Kirin\AppData\Local\{71AB4AB0-2A88-4EB1-BC07-439BC6AB20CA}
2011-08-07 01:45:31 -------- d-----w- C:\Users\Kirin\AppData\Local\{6212F798-E360-4DE5-B891-3FC0FA9117F9}
2011-08-07 01:45:21 -------- d-----w- C:\Users\Kirin\AppData\Local\{0206CB47-77B4-4B1F-93AF-3A81CC68EA83}
2011-08-07 01:45:11 -------- d-----w- C:\Users\Kirin\AppData\Local\{549734DA-7725-4ADB-B998-85F9D1E30DE8}
2011-08-07 01:43:07 -------- d-----w- C:\Windows\en
2011-08-07 01:40:40 -------- d-----w- C:\Users\Kirin\AppData\Local\{79B8DC82-5589-4591-9A80-F9D933C1A9B4}
2011-08-07 01:40:30 -------- d-----w- C:\Users\Kirin\AppData\Local\{34D67E03-C81A-40E6-A8D2-C726454E2355}
2011-08-06 14:13:57 -------- d-----w- C:\Users\Kirin\AppData\Local\{45764636-8DB7-4228-9401-37A99845BF78}
2011-08-06 14:13:46 -------- d-----w- C:\Users\Kirin\AppData\Local\{9E428E28-9034-448D-B602-F954CFC1E407}
2011-08-06 02:14:02 -------- d-----w- C:\Users\Kirin\AppData\Local\{C6CBA160-406E-49C4-BC01-061F73385B7D}
2011-08-06 02:13:52 -------- d-----w- C:\Users\Kirin\AppData\Local\{F713077D-ABC0-488B-AC70-2FF73CD57BCD}
2011-08-06 02:13:42 -------- d-----w- C:\Users\Kirin\AppData\Local\{6B4B54EE-9647-4BEB-9CBF-3F7E7C6896E4}
2011-08-06 02:13:32 -------- d-----w- C:\Users\Kirin\AppData\Local\{3271AC4E-9611-4651-924C-6A561B6E15B5}
2011-08-05 14:52:31 -------- d-----w- C:\Users\Kirin\AppData\Local\{D8BE531E-E90F-4208-96B8-117A0C24232F}
2011-08-05 14:52:21 -------- d-----w- C:\Users\Kirin\AppData\Local\{25D66EF7-D719-49F9-9F87-54ACA2A5A792}
2011-08-05 02:52:26 -------- d-----w- C:\Users\Kirin\AppData\Local\{4768E79B-57F1-41B2-B13D-4A26A46B150F}
2011-08-05 02:52:06 -------- d-----w- C:\Users\Kirin\AppData\Local\{435DC91A-B7B4-401F-873D-A0D6B313659D}
2011-08-04 10:04:30 -------- d-----w- C:\Users\Kirin\AppData\Local\{0DCDE8D2-CE99-4B15-9928-1C1EFDBFE8C6}
2011-08-03 10:03:34 -------- d-----w- C:\Users\Kirin\AppData\Local\{4198B5E6-8DE4-4D94-8F48-71A8351E8950}
2011-08-02 22:02:59 -------- d-----w- C:\Users\Kirin\AppData\Local\{3500C696-76A9-49BF-AC91-D522EBF0FD12}
2011-08-02 17:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-08-02 10:02:37 -------- d-----w- C:\Users\Kirin\AppData\Local\{6BD57DF2-46A8-4061-A368-A99311D4E3DC}
2011-08-01 22:02:02 -------- d-----w- C:\Users\Kirin\AppData\Local\{0AD67CD6-4F00-4702-81B8-F2236B32DAE6}
2011-08-01 10:01:39 -------- d-----w- C:\Users\Kirin\AppData\Local\{012EC496-3CC2-42D5-86D9-B60B3A6E735A}
2011-07-31 22:01:16 -------- d-----w- C:\Users\Kirin\AppData\Local\{8293A3E0-11FF-423C-B16C-CED489787681}
2011-07-30 04:29:27 -------- d-----w- C:\Users\Kirin\AppData\Local\{B120AE98-A73F-4E27-B4FF-7098F959EFA7}
2011-07-29 04:28:41 -------- d-----w- C:\Users\Kirin\AppData\Local\{FA5C9E96-B361-4DB7-A11A-F18A5E8B3DEB}
2011-07-28 07:14:58 -------- d-----w- C:\Users\Kirin\AppData\Local\{82565674-21CF-48D5-9FC6-60F6A1D7A60C}
2011-07-27 19:14:23 -------- d-----w- C:\Users\Kirin\AppData\Local\{2F1445CD-859C-43C7-9F7A-9BB429F3C3CE}
2011-07-27 07:14:01 -------- d-----w- C:\Users\Kirin\AppData\Local\{82708CD5-D981-4FCB-8533-FE6617B91503}
2011-07-26 19:13:19 -------- d-----w- C:\Users\Kirin\AppData\Local\{B9DF54D4-326F-44E7-843A-76A9B20AC391}
2011-07-26 07:12:28 -------- d-----w- C:\Users\Kirin\AppData\Local\{8E4880EF-BD17-41DB-8025-5CDF71EA0BEE}
2011-07-26 07:12:06 -------- d-----w- C:\Users\Kirin\AppData\Local\{2C843F9A-2DD0-4B08-9778-B217B14E3D37}
2011-07-25 19:11:11 -------- d-----w- C:\Users\Kirin\AppData\Local\{95ED9F1B-DD1B-420C-9A15-35FA0C7BA5A7}
2011-07-25 19:11:01 -------- d-----w- C:\Users\Kirin\AppData\Local\{0DB28118-AAFD-48CA-962E-594DBB504FFD}
2011-07-25 07:10:49 -------- d-----w- C:\Users\Kirin\AppData\Local\{0C1C6B66-B91F-431F-B5C3-9E5F1664B6A6}
2011-07-25 07:10:29 -------- d-----w- C:\Users\Kirin\AppData\Local\{207569DA-EB26-4D48-89B3-160178F12860}
2011-07-24 13:20:57 -------- d-----w- C:\Users\Kirin\AppData\Local\{2B46B2B5-7142-40E6-8BB6-FC5DB286FD00}
2011-07-24 13:20:47 -------- d-----w- C:\Users\Kirin\AppData\Local\{CD83D473-AF3B-4BCA-B4DD-F0B5F5FBD632}
2011-07-23 18:10:20 -------- d-----w- C:\Users\Kirin\AppData\Local\{62D92E8C-BA4D-433A-948F-4C2858F309B3}
2011-07-23 18:09:59 -------- d-----w- C:\Users\Kirin\AppData\Local\{86341DF1-A811-46E0-B9B7-48E9505BD40A}
2011-07-23 06:09:16 -------- d-----w- C:\Users\Kirin\AppData\Local\{BAF7F2BA-9727-4242-A178-5F768D7C9F27}
2011-07-23 06:08:53 -------- d-----w- C:\Users\Kirin\AppData\Local\{CCB4F52F-7599-4377-B828-FB6E1B751CF9}
2011-07-22 18:08:22 -------- d-----w- C:\Users\Kirin\AppData\Local\{E55D0D12-A069-4920-B500-00B66C09BE78}
2011-07-22 18:08:12 -------- d-----w- C:\Users\Kirin\AppData\Local\{96E07794-8282-48F8-8D95-A67228B0263C}
2011-07-22 06:07:43 -------- d-----w- C:\Users\Kirin\AppData\Local\{4C448FD3-6BD1-4B5F-ADBE-7618938FA958}
2011-07-22 06:07:21 -------- d-----w- C:\Users\Kirin\AppData\Local\{28680FA5-D965-4FA7-8F71-A2975F30C435}
2011-07-21 18:06:38 -------- d-----w- C:\Users\Kirin\AppData\Local\{3810ED49-502C-45A4-A024-8635DD699DAE}
2011-07-21 18:06:16 -------- d-----w- C:\Users\Kirin\AppData\Local\{F31F6F8C-56C4-4354-A0D7-9A198E7E7AC1}
2011-07-21 06:05:34 -------- d-----w- C:\Users\Kirin\AppData\Local\{B0FE0E37-FC62-4860-928F-A158F8F23761}
2011-07-21 06:05:13 -------- d-----w- C:\Users\Kirin\AppData\Local\{E6A51437-AC15-4C59-AE56-F6DADE74DB7A}
2011-07-20 18:04:42 -------- d-----w- C:\Users\Kirin\AppData\Local\{546FE39B-6604-4BE5-B3BF-CBA4B50A9B7F}
2011-07-20 18:04:20 -------- d-----w- C:\Users\Kirin\AppData\Local\{706CFC00-1F54-4341-85E7-DEC990B2D2BD}
2011-07-20 06:03:49 -------- d-----w- C:\Users\Kirin\AppData\Local\{582D7DA6-DBE4-4BC1-9ECC-936ABF35384D}
2011-07-20 06:03:27 -------- d-----w- C:\Users\Kirin\AppData\Local\{5702D568-A42B-40CC-802F-24600358D621}
2011-07-19 18:02:56 -------- d-----w- C:\Users\Kirin\AppData\Local\{40174129-F54B-4C40-9BE1-3D61F298A03A}
2011-07-19 18:02:34 -------- d-----w- C:\Users\Kirin\AppData\Local\{26E263BE-AE12-41D0-BE1A-0B5B7F40AE80}
2011-07-19 08:03:35 -------- d-----w- C:\Users\Kirin\AppData\Local\Google
2011-07-19 06:06:00 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-19 06:01:50 -------- d-----w- C:\Users\Kirin\AppData\Local\{218F6D2E-A3C2-4F71-BF1A-7BC25B14DF6D}
2011-07-19 06:01:39 -------- d-----w- C:\Users\Kirin\AppData\Local\{D73B2D72-967D-4520-B136-4114E2E99E27}
.
==================== Find3M ====================
.
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-17 12:21:00 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-30 13:42:51 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-05-30 13:42:35 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-05-28 12:26:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2011-05-28 12:26:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-24 09:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-23 09:52:08 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-05-23 07:49:41 173568 ----a-w- C:\Windows\System32\xvid.ax
2011-05-23 07:46:31 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-05-23 07:45:39 696832 ----a-w- C:\Windows\System32\xvidcore.dll
.
============= FINISH: 11:34:22.17 ===============


This is the contents of the Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/03/2011 5:43:30 PM
System Uptime: 13/08/2011 11:39:23 PM (12 hours ago)
.
Motherboard: ASRock | | P67 Pro
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 64.816 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 284.189 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 188.017 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0001
Manufacturer: Hotspot Shield
Name: HTC Remote NDIS based Device - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0001
Service: HssDrv
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0002
Manufacturer: Hotspot Shield
Name: Realtek PCIe GBE Family Controller - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0002
Service: HssDrv
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0003
Manufacturer: Hotspot Shield
Name: WAN Miniport (IP) - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0003
Service: HssDrv
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0004
Manufacturer: Hotspot Shield
Name: WAN Miniport (Network Monitor) - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0004
Service: HssDrv
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0005
Manufacturer: Hotspot Shield
Name: WAN Miniport (IPv6) - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0005
Service: HssDrv
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0006
Manufacturer: Hotspot Shield
Name: Anchorfree HSS Adapter - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0006
Service: HssDrv
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Anchorfree HSS Adapter
Device ID: ROOT\NET\0001
Manufacturer: Anchorfree HSS Adapter
Name: Anchorfree HSS Adapter
PNP Device ID: ROOT\NET\0001
Service: taphss
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0000
Manufacturer: Hotspot Shield
Name: Microsoft Loopback Adapter - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0000
Service: HssDrv
.
==== System Restore Points ===================
.
RP246: 13/08/2011 11:15:54 PM - Installed FW LiveUpdate
RP247: 13/08/2011 11:46:06 PM - Windows Backup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
.sol Editor 1.1.0.1
3DMark 11
3Dカスタム少女
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.0)
AhnLab Online Security
Alarm Clock of Justice
Android Sync Manager WiFi
Apple Application Support
Apple Software Update
ASRock eXtreme Tuner v0.1.27
ASRock InstantBoot v1.26
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Canon MP Navigator EX 1.2
CDisplayEx 1.8
Cheat Engine 6.0
Combined Community Codec Pack 2010-10-10
D3DX10
DAEMON Tools Lite
Dropbox
Evernote v. 4.4
Fable III
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.5.0
Francesco's leveled creatures-items mod 4.5b
Francesco's optional new items/creatures 4.5
Fraps (remove only)
Free Download Manager 3.0
Futuremark SystemInfo
FW LiveUpdate
Google Chrome
Img2Ozf Version 3
ImgBurn
Insaniquarium Deluxe
Intel® Management Engine Components
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 24
JDownloader
Junk Mail filter update
Malwarebytes' Anti-Malware
Mamba Firmware Updater 1.13
MapleStorySEA version v1.04
Mass Effect
Master
Mega Manager
Messenger Plus! 5
Microsoft Corporation
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mount&Blade Warband
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NNDD - v1.27.6
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
Oblivion - Construction Set
Oblivion - Horse Armor Pack
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.12
PCSX2 - Playstation 2 Emulator
PDF Settings CS5
Prototype™
Python 2.6 comtypes-0.6.2
Python 2.6 psyco-1.6
Python 2.6 pywin32-214
Python 2.6.5
QuickTime
Rainmeter
Razer Arctosa
Real Alternative 2.0.2
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype? 5.3
Sound Blaster X-Fi MB
Steam
System Requirements Lab
Team Fortress 2
TeamViewer 6
The KMPlayer (remove only)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Virus Guard - powered by BitDefender
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMP Tag Plus 1.2
Wrye Bash
wxPython 2.8.11.0 (ansi) for Python 2.6
XFastUsb
Xiph.Org Open Codecs 0.85.17777
Xvid Video Codec
μTorrent
カスタムメイド3D
むすめーかー
むすめとごはん
.
==== Event Viewer Messages From Past Week ========
.
14/08/2011 12:59:08 AM, Error: volsnap [9] - The flush and hold writes operation on volume C: timed out while waiting for file system cleanup.
14/08/2011 12:59:08 AM, Error: volsnap [9] - The flush and hold writes operation on volume \\?\Volume{30549064-4ae1-11e0-82ed-806e6f6e6963} timed out while waiting for file system cleanup.
13/08/2011 8:45:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
13/08/2011 3:14:16 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
13/08/2011 3:14:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
13/08/2011 2:04:11 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
13/08/2011 11:42:39 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
13/08/2011 11:42:39 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
13/08/2011 11:41:51 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: MBAMService is not a valid Win32 application.
13/08/2011 11:41:51 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: MBAMProtector is not a valid Win32 application.
13/08/2011 11:40:51 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Kirin\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
13/08/2011 10:14:48 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/08/2011 5:42:12 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\c:\users\kirin\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================


Here is a list of some of the issues I am experiencing (These did not happen during the execution of defogger.exe and dds.scr, just during normal use):

Computer randomly stops responding completely, hangs at a certain point in time.

Windows Live Messenger constantly shows every contact as being offline, even when they are online. All contacts see me as being offline. WLM works perfectly fine on my laptop. Uninstalling and reinstalling does not fix the problem.

On rebooting after a crash, some files are corrupted; most can be fixed by another reboot. Examples include not being able to access DVD Drive, errors upon opening Windows Live Mail and so on.

Reboot and Select a proper Boot device occassionally after crash.

Long time at Processor screen (Press F2 or DEL to run UEFI Setup, Press F6 for Instant Flash, Press F11 for Boot Menu, Press Tab to Switch Screen) upon reboot, although it still progress to the next screen.

((I hope I've done everything correctly so far))

Edited by Kirin, 13 August 2011 - 08:41 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 13 August 2011 - 09:01 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Kirin

Kirin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 14 August 2011 - 04:44 AM

Upon finishing up, ComboFix restarted my computer. However, at the ASRock P67 Pro Logo screen at startup, the computer seemed to stall again. I used the Reset button on my tower to restart it again after waiting for ten minutes.

After doing that, it stalled at the logo screen again for 20 seconds, then gave me the <Reboot and Select Proper Boot device or Insert Boot Media in selected Boot device and press a key> screen. Hard restarted again.

Same thing after second reset. Turned off system using main power switch for five minutes, then turned it back on.

Starts up normally after five minutes. Strange graphical glitch just before login screen, on "Starting Windows" screen. Upon signing in, get a Corrupt File Error from TeamViewer.exe and pev.cfxxe telling me to run chkdsk. Log created successfully by ComboFix.

Restarted my computer since I cannot open Google Chrome to post the log, and it starts CHKDSK automatically. Posting from my laptop. Will edit post with log and any issues once CHKDSK is complete.

Upon completion of CHKDSK, computer restarted and booted up without any issues. Upon logging into Windows, I opened up My Computer. My DVD Drive was there, so I right clicked it and clicked Properties. However, doing that caused the entire computer to stall. Mouse and keyboard still worked, but nothing responsed. Another reset.

This time, no errors while booting up (Except for the graphical glitch at the Starting Windows screen just before the login screen).

ComboFix Log:

ComboFix 11-08-14.02 - Kirin 8/2011 Sun 19:06:06.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8175.5875 [GMT 10:00]
Running from: c:\users\Kirin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Kirin\AppData\Roaming\tsdnwin.dll
d:\program files\Steam\Steam.exe
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-13 13:16 . 2011-08-13 13:16 -------- d-----w- c:\program files (x86)\SAMSUNG
2011-08-13 13:15 . 2004-04-18 13:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-08-13 13:15 . 2004-04-18 13:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-08-13 13:15 . 2004-04-18 13:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-08-13 13:15 . 2004-04-18 13:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-08-13 13:15 . 2004-04-18 13:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-08-13 13:15 . 2011-08-13 13:15 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-08-13 13:15 . 2011-08-13 13:15 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-08-13 09:13 . 2011-08-14 09:01 -------- d-----w- c:\users\UpdatusUser
2011-08-13 09:12 . 2011-08-14 09:32 -------- d-----w- c:\programdata\NVIDIA
2011-08-13 09:12 . 2011-08-03 11:50 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-13 09:12 . 2011-08-03 11:50 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-13 09:12 . 2011-08-03 11:50 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-13 09:12 . 2011-08-03 11:50 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-13 09:12 . 2011-08-03 11:50 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-13 09:12 . 2011-08-03 11:50 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-13 09:12 . 2011-08-13 09:12 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-12 14:31 . 2011-08-12 14:31 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8f32b93e1cc58fc02\MeshBetaRemover.exe
2011-08-12 09:14 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B06FF3E-5192-46FD-B018-F750E6B75DA0}\mpengine.dll
2011-08-11 03:31 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 03:31 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-07 01:43 . 2011-08-07 01:43 -------- d-----w- c:\windows\en
2011-08-07 01:42 . 2011-08-07 01:42 -------- d-----w- c:\program files\Windows Live
2011-08-02 17:31 . 2011-08-02 17:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-19 08:03 . 2011-07-19 08:03 -------- d-----w- c:\users\Kirin\AppData\Local\Google
2011-07-19 06:06 . 2011-06-03 06:56 421888 ----a-w- c:\windows\system32\KernelBase.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-07 01:42 . 2010-06-24 00:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-04 11:43 . 2011-03-10 16:19 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-03-10 16:19 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-03-10 16:19 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-10 16:19 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-03-10 16:19 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-03-10 16:19 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-03-10 16:19 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-03-10 16:19 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-03-10 16:19 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-17 12:21 . 2011-05-16 02:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-19 06:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-01 11:21 . 2011-06-01 11:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-01 11:21 . 2011-06-01 11:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-01 11:21 . 2011-06-01 11:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-01 11:21 . 2011-06-01 11:21 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-01 11:21 . 2011-06-01 11:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-01 11:21 . 2011-06-01 11:21 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-01 11:21 . 2011-06-01 11:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-01 11:21 . 2011-06-01 11:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-01 11:21 . 2011-06-01 11:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-01 11:21 . 2011-06-01 11:21 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-01 11:21 . 2011-06-01 11:21 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-01 11:21 . 2011-06-01 11:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-01 11:21 . 2011-06-01 11:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-01 11:21 . 2011-06-01 11:21 448512 ----a-w- c:\windows\system32\html.iec
2011-06-01 11:21 . 2011-06-01 11:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-01 11:21 . 2011-06-01 11:21 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-01 11:21 . 2011-06-01 11:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-01 11:21 . 2011-06-01 11:21 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-01 11:21 . 2011-06-01 11:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-01 11:21 . 2011-06-01 11:21 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-01 11:21 . 2011-06-01 11:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-01 11:21 . 2011-06-01 11:21 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-01 11:21 . 2011-06-01 11:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-01 11:21 . 2011-06-01 11:21 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-01 11:21 . 2011-06-01 11:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-01 11:21 . 2011-06-01 11:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-01 11:21 . 2011-06-01 11:21 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-01 11:21 . 2011-06-01 11:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-01 11:21 . 2011-06-01 11:21 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-01 11:21 . 2011-06-01 11:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-01 11:21 . 2011-06-01 11:21 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-01 11:21 . 2011-06-01 11:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-01 11:21 . 2011-06-01 11:21 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-01 11:21 . 2011-06-01 11:21 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-01 11:21 . 2011-06-01 11:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-01 11:21 . 2011-06-01 11:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-30 13:42 . 2011-06-23 13:11 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-05-30 13:42 . 2011-06-23 13:11 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-28 12:26 . 2011-05-28 12:26 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:26 . 2011-05-28 12:26 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-24 11:42 . 2011-06-28 18:39 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-28 18:39 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-28 18:39 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-28 18:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-28 18:39 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-24 09:14 . 2011-03-10 07:48 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 09:52 . 2011-06-23 13:11 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2011-05-23 07:49 . 2011-06-23 13:11 173568 ----a-w- c:\windows\system32\xvid.ax
2011-05-23 07:46 . 2011-06-23 13:11 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-05-23 07:45 . 2011-06-23 13:11 696832 ----a-w- c:\windows\system32\xvidcore.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-29 399736]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Free Download Manager"="d:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Arctosa"="d:\program files\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-7 100352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 1 (0x1)
"EnableLUA"= 1 (0x1)
"EnableSecureUIAPaths"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 1 (0x1)
"PromptOnSecureDesktop"= 1 (0x1)
"ValidateAdminCodeSignatures"= 0 (0x0)
"dontdisplaylastusername"= 0 (0x0)
"scforceoption"= 0 (0x0)
"shutdownwithoutlogon"= 1 (0x1)
"undockwithoutlogon"= 1 (0x1)
"FilterAdministratorToken"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDrives"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDrives"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-03-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-10 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-03-10 79360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-02 379496]
S2 TeamViewer6;TeamViewer 6;d:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-157572909-2806731198-1341399877-1000Core.job
- c:\users\Kirin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 08:03]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-157572909-2806731198-1341399877-1000UA.job
- c:\users\Kirin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 08:03]
.
2011-03-10 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files (x86)\Microsoft LifeCam\LifeExp.exe [2010-05-20 04:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2011-05-14 11:11 458952 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2011-05-14 11:11 458952 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2011-05-14 11:11 458952 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - d:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all with Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://d:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Kirin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Kirin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Kirin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-Steam - d:\program files\Steam\steam.exe
AddRemove-pcsx2-r4600 - d:\games\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-Steam App 440 - d:\program files\Steam\steam.exe
AddRemove-{8BCC552D-5E01-494A-B503-0915384F048C}_is1 - d:\games\CelinoSEA\unins000.exe
AddRemove-Dropbox - c:\users\Kirin\AppData\Roaming\Dropbox\bin\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-157572909-2806731198-1341399877-1000\Software\KISS\ォ0ケ0ソ0・・、0ノ03*D*]
"InstallPath"="d:\\Games\\KISS\\カスタムメイド3D"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ォ0ケ0ソ0・・、0ノ03*D*]
"DisplayName"="カスタムメイド3D"
"UninstallString"="d:\\Games\\KISS\\カスタムメイド3D\\Installer.exe /luninst1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
d:\program files\TeamViewer\Version6\TeamViewer.exe
d:\program files\TeamViewer\Version6\tv_w32.exe
.
**************************************************************************
.
Completion time: 2011-08-14 19:38:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-14 09:38
.
Pre-Run: 68,901,679,104 bytes free
Post-Run: 73,088,495,616 bytes free
.
- - End Of File - - 359714CDBB6F9E586CDB98DDFBF6DF66

Edited by Kirin, 14 August 2011 - 04:56 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 14 August 2011 - 05:11 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Kirin

Kirin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 14 August 2011 - 05:23 AM

No reboot was required. Steam now doesn't work at all since ComboFix removed Steam.exe. DVD Drive still works for a while (Managed to install a game from a DVD), then randomly disappears from My Computer and Device Manager completely after a while.

TDSSKiller Log file:

2011/08/14 20:23:12.0214 5464 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/14 20:23:12.0924 5464 ================================================================================
2011/08/14 20:23:12.0924 5464 SystemInfo:
2011/08/14 20:23:12.0924 5464
2011/08/14 20:23:12.0924 5464 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/14 20:23:12.0924 5464 Product type: Workstation
2011/08/14 20:23:12.0924 5464 ComputerName: KIRINHUB
2011/08/14 20:23:12.0924 5464 UserName: Kirin
2011/08/14 20:23:12.0924 5464 Windows directory: C:\Windows
2011/08/14 20:23:12.0924 5464 System windows directory: C:\Windows
2011/08/14 20:23:12.0924 5464 Running under WOW64
2011/08/14 20:23:12.0924 5464 Processor architecture: Intel x64
2011/08/14 20:23:12.0924 5464 Number of processors: 8
2011/08/14 20:23:12.0924 5464 Page size: 0x1000
2011/08/14 20:23:12.0924 5464 Boot type: Normal boot
2011/08/14 20:23:12.0924 5464 ================================================================================
2011/08/14 20:23:13.0122 5464 Initialize success
2011/08/14 20:23:33.0332 4576 ================================================================================
2011/08/14 20:23:33.0332 4576 Scan started
2011/08/14 20:23:33.0332 4576 Mode: Manual;
2011/08/14 20:23:33.0332 4576 ================================================================================
2011/08/14 20:23:34.0112 4576 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/14 20:23:34.0152 4576 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/14 20:23:34.0182 4576 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/14 20:23:34.0232 4576 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/14 20:23:34.0272 4576 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/14 20:23:34.0302 4576 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/14 20:23:34.0352 4576 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/14 20:23:34.0392 4576 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/14 20:23:34.0422 4576 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/14 20:23:34.0452 4576 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/14 20:23:34.0482 4576 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/14 20:23:34.0522 4576 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/14 20:23:34.0552 4576 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/14 20:23:34.0583 4576 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/14 20:23:34.0614 4576 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/14 20:23:34.0645 4576 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/14 20:23:34.0677 4576 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/14 20:23:34.0708 4576 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/14 20:23:34.0755 4576 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
2011/08/14 20:23:34.0786 4576 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/14 20:23:34.0817 4576 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/14 20:23:34.0848 4576 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/08/14 20:23:34.0895 4576 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/08/14 20:23:34.0926 4576 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/08/14 20:23:34.0957 4576 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/08/14 20:23:34.0989 4576 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/14 20:23:35.0020 4576 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/14 20:23:35.0067 4576 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/14 20:23:35.0098 4576 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/14 20:23:35.0129 4576 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/14 20:23:35.0176 4576 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/14 20:23:35.0207 4576 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/14 20:23:35.0238 4576 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/14 20:23:35.0285 4576 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/14 20:23:35.0316 4576 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/14 20:23:35.0347 4576 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/14 20:23:35.0379 4576 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/14 20:23:35.0394 4576 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/14 20:23:35.0425 4576 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/14 20:23:35.0488 4576 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/14 20:23:35.0503 4576 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/14 20:23:35.0550 4576 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/14 20:23:35.0581 4576 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/14 20:23:35.0644 4576 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/14 20:23:35.0675 4576 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/14 20:23:35.0706 4576 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/14 20:23:35.0737 4576 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/14 20:23:35.0769 4576 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/14 20:23:35.0815 4576 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/14 20:23:35.0847 4576 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/14 20:23:35.0893 4576 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys
2011/08/14 20:23:35.0940 4576 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/14 20:23:35.0971 4576 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/14 20:23:36.0003 4576 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/14 20:23:36.0049 4576 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/14 20:23:36.0081 4576 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/14 20:23:36.0174 4576 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/14 20:23:36.0252 4576 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/14 20:23:36.0283 4576 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/14 20:23:36.0330 4576 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/14 20:23:36.0346 4576 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/14 20:23:36.0377 4576 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/14 20:23:36.0424 4576 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/14 20:23:36.0455 4576 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/14 20:23:36.0471 4576 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/14 20:23:36.0502 4576 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/14 20:23:36.0533 4576 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
2011/08/14 20:23:36.0580 4576 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
2011/08/14 20:23:36.0611 4576 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/14 20:23:36.0642 4576 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/14 20:23:36.0673 4576 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/14 20:23:36.0705 4576 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/14 20:23:36.0720 4576 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/14 20:23:36.0751 4576 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/14 20:23:36.0783 4576 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/14 20:23:36.0814 4576 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/14 20:23:36.0845 4576 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/14 20:23:36.0861 4576 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/14 20:23:36.0892 4576 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/14 20:23:36.0939 4576 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/14 20:23:36.0970 4576 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/14 20:23:37.0001 4576 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/08/14 20:23:37.0048 4576 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/14 20:23:37.0079 4576 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/14 20:23:37.0110 4576 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/14 20:23:37.0157 4576 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/14 20:23:37.0188 4576 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/14 20:23:37.0251 4576 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/14 20:23:37.0297 4576 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/14 20:23:37.0313 4576 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/14 20:23:37.0344 4576 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/14 20:23:37.0391 4576 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/14 20:23:37.0422 4576 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/14 20:23:37.0453 4576 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/14 20:23:37.0485 4576 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/14 20:23:37.0516 4576 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/14 20:23:37.0563 4576 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/14 20:23:37.0594 4576 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/14 20:23:37.0625 4576 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/14 20:23:37.0656 4576 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/14 20:23:37.0687 4576 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/14 20:23:37.0734 4576 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/14 20:23:37.0781 4576 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/14 20:23:37.0797 4576 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/14 20:23:37.0843 4576 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/14 20:23:37.0875 4576 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/14 20:23:37.0906 4576 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/14 20:23:37.0937 4576 MBAMProtector (3a8cdb3c1e5f5caf61a488ea18a428ed) C:\Windows\system32\drivers\mbam.sys
2011/08/14 20:23:37.0968 4576 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/14 20:23:37.0999 4576 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/14 20:23:38.0031 4576 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/08/14 20:23:38.0077 4576 Mkd2Nadr (b6ccdc7f88354f2d053a8adf13dd3aab) C:\Windows\system32\drivers\Mkd2Nadr.sys
2011/08/14 20:23:38.0109 4576 Mkd3kfNt (28630c95d8f1cc313e80b8ef376648f2) C:\Windows\system32\drivers\Mkd3kfNt.sys
2011/08/14 20:23:38.0140 4576 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/14 20:23:38.0171 4576 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/14 20:23:38.0218 4576 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/14 20:23:38.0249 4576 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/14 20:23:38.0280 4576 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/14 20:23:38.0311 4576 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/14 20:23:38.0343 4576 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/14 20:23:38.0374 4576 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/14 20:23:38.0405 4576 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/14 20:23:38.0436 4576 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/14 20:23:38.0467 4576 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/14 20:23:38.0499 4576 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/14 20:23:38.0545 4576 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/14 20:23:38.0592 4576 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/14 20:23:38.0623 4576 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/14 20:23:38.0639 4576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/14 20:23:38.0670 4576 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/14 20:23:38.0701 4576 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys
2011/08/14 20:23:38.0733 4576 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/14 20:23:38.0764 4576 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/14 20:23:38.0795 4576 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/14 20:23:38.0826 4576 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/14 20:23:38.0857 4576 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/14 20:23:38.0889 4576 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/14 20:23:38.0904 4576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/14 20:23:38.0951 4576 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/14 20:23:38.0998 4576 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/14 20:23:39.0029 4576 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/14 20:23:39.0060 4576 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/14 20:23:39.0091 4576 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/14 20:23:39.0123 4576 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/14 20:23:39.0154 4576 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/14 20:23:39.0185 4576 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/14 20:23:39.0216 4576 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/14 20:23:39.0263 4576 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/14 20:23:39.0310 4576 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/14 20:23:39.0341 4576 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/14 20:23:39.0388 4576 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/14 20:23:39.0435 4576 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/08/14 20:23:39.0466 4576 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/14 20:23:39.0497 4576 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
2011/08/14 20:23:39.0669 4576 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/14 20:23:39.0793 4576 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/14 20:23:39.0825 4576 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/14 20:23:39.0856 4576 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/14 20:23:39.0903 4576 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/14 20:23:39.0934 4576 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/14 20:23:39.0965 4576 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/14 20:23:39.0996 4576 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/14 20:23:40.0027 4576 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/14 20:23:40.0059 4576 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/14 20:23:40.0090 4576 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/14 20:23:40.0121 4576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/14 20:23:40.0199 4576 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
2011/08/14 20:23:40.0230 4576 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/14 20:23:40.0261 4576 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/14 20:23:40.0293 4576 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/14 20:23:40.0339 4576 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/14 20:23:40.0386 4576 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/14 20:23:40.0417 4576 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/14 20:23:40.0449 4576 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/14 20:23:40.0480 4576 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/14 20:23:40.0511 4576 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/14 20:23:40.0542 4576 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/14 20:23:40.0573 4576 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/14 20:23:40.0589 4576 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/14 20:23:40.0620 4576 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/14 20:23:40.0651 4576 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/14 20:23:40.0683 4576 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/14 20:23:40.0714 4576 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/14 20:23:40.0745 4576 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/14 20:23:40.0776 4576 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/14 20:23:40.0807 4576 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/14 20:23:40.0839 4576 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/14 20:23:40.0885 4576 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/14 20:23:40.0917 4576 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/14 20:23:40.0948 4576 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/14 20:23:40.0995 4576 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/14 20:23:41.0026 4576 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/14 20:23:41.0057 4576 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/14 20:23:41.0088 4576 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/14 20:23:41.0119 4576 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/14 20:23:41.0151 4576 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/14 20:23:41.0197 4576 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/14 20:23:41.0229 4576 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/14 20:23:41.0260 4576 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/14 20:23:41.0275 4576 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/14 20:23:41.0307 4576 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/14 20:23:41.0338 4576 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/14 20:23:41.0353 4576 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/14 20:23:41.0400 4576 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/14 20:23:41.0463 4576 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/14 20:23:41.0494 4576 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/14 20:23:41.0525 4576 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/14 20:23:41.0572 4576 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/14 20:23:41.0603 4576 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/14 20:23:41.0634 4576 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/14 20:23:41.0665 4576 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/14 20:23:41.0759 4576 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/14 20:23:41.0837 4576 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/14 20:23:41.0884 4576 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/14 20:23:41.0931 4576 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/14 20:23:41.0962 4576 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/14 20:23:41.0993 4576 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/14 20:23:42.0040 4576 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/14 20:23:42.0102 4576 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/14 20:23:42.0133 4576 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/14 20:23:42.0196 4576 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/14 20:23:42.0227 4576 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/14 20:23:42.0258 4576 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/14 20:23:42.0305 4576 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/14 20:23:42.0336 4576 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/14 20:23:42.0352 4576 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/14 20:23:42.0383 4576 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/14 20:23:42.0430 4576 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/08/14 20:23:42.0461 4576 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/14 20:23:42.0492 4576 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/14 20:23:42.0523 4576 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/08/14 20:23:42.0555 4576 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/14 20:23:42.0586 4576 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/08/14 20:23:42.0617 4576 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/14 20:23:42.0633 4576 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/14 20:23:42.0664 4576 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/14 20:23:42.0711 4576 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/08/14 20:23:42.0742 4576 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/14 20:23:42.0789 4576 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/14 20:23:42.0820 4576 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/14 20:23:42.0851 4576 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/14 20:23:42.0913 4576 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/14 20:23:42.0945 4576 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/14 20:23:42.0991 4576 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/14 20:23:43.0023 4576 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/14 20:23:43.0054 4576 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/14 20:23:43.0069 4576 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/14 20:23:43.0116 4576 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/14 20:23:43.0147 4576 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/14 20:23:43.0179 4576 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/14 20:23:43.0241 4576 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
2011/08/14 20:23:43.0303 4576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/14 20:23:43.0319 4576 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/14 20:23:43.0350 4576 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/14 20:23:43.0397 4576 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/14 20:23:43.0428 4576 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/14 20:23:43.0475 4576 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/14 20:23:43.0506 4576 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/14 20:23:43.0584 4576 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/08/14 20:23:43.0615 4576 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/14 20:23:43.0647 4576 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/14 20:23:43.0678 4576 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/14 20:23:43.0709 4576 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/14 20:23:43.0756 4576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/14 20:23:43.0771 4576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/08/14 20:23:43.0771 4576 Boot (0x1200) (165e67d692211ccd97ea6629b1493ce4) \Device\Harddisk0\DR0\Partition0
2011/08/14 20:23:43.0787 4576 Boot (0x1200) (7d50cfdb6c15d42b2e1e10292dac2b48) \Device\Harddisk0\DR0\Partition1
2011/08/14 20:23:43.0787 4576 Boot (0x1200) (a7ca890902653128e401481b9e96bedc) \Device\Harddisk1\DR1\Partition0
2011/08/14 20:23:43.0787 4576 ================================================================================
2011/08/14 20:23:43.0787 4576 Scan finished
2011/08/14 20:23:43.0787 4576 ================================================================================
2011/08/14 20:23:43.0803 4868 Detected object count: 0
2011/08/14 20:23:43.0803 4868 Actual detected object count: 0

Edited by Kirin, 14 August 2011 - 07:59 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 17 August 2011 - 10:34 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Kirin

Kirin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 18 August 2011 - 08:50 AM

Crashes have reduced in number, although they still happen rarely.

aswMBR log:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-18 23:46:01
-----------------------------
23:46:01.058 OS Version: Windows x64 6.1.7601 Service Pack 1
23:46:01.058 Number of processors: 8 586 0x2A07
23:46:01.059 ComputerName: KIRINHUB UserName: Kirin
23:46:01.366 Initialize success
23:46:01.442 AVAST engine defs: 11081701
23:46:10.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:46:10.395 Disk 0 Vendor: KINGSTON_SV100S2128G D100811a Size: 122104MB BusType: 3
23:46:10.400 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
23:46:10.404 Disk 1 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
23:46:10.409 Disk 0 MBR read successfully
23:46:10.413 Disk 0 MBR scan
23:46:10.417 Disk 0 Windows 7 default MBR code
23:46:10.422 Service scanning
23:46:11.632 Modules scanning
23:46:11.637 Disk 0 trace - called modules:
23:46:11.644 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:46:12.016 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007227790]
23:46:12.023 3 CLASSPNP.SYS[fffff880019a643f] -> nt!IofCallDriver -> [0xfffffa8006d16520]
23:46:12.028 5 ACPI.sys[fffff88000ebf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006cf1060]
23:46:12.192 AVAST engine scan C:\Windows
23:46:12.648 AVAST engine scan C:\Windows\system32
23:46:30.231 AVAST engine scan C:\Windows\system32\drivers
23:46:31.890 AVAST engine scan C:\Users\Kirin
23:48:20.461 AVAST engine scan C:\ProgramData
23:48:32.444 Scan finished successfully
23:49:17.966 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
23:49:17.970 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 18 August 2011 - 12:52 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Kirin

Kirin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 19 August 2011 - 03:42 AM

Had one crash since the last posting. DVD Drive still doesn't show up in My Computer sometimes.

Contents of OTL.txt:

OTL logfile created on: 19/08/2011 6:18:06 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Kirin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 58.94% Memory free
15.96 Gb Paging File | 12.35 Gb Available in Paging File | 77.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 66.56 Gb Free Space | 55.87% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 293.25 Gb Free Space | 31.48% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 76.94 Gb Free Space | 8.26% Space Free | Partition Type: FAT32

Computer Name: KIRINHUB | User Name: Kirin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kirin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\Kirin\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Users\Kirin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - D:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - D:\Program Files\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}\components\RadioWMPCoreGecko6.dll ()
MOD - C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll ()
MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll ()
MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detoured.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Program Files\Combined Community Codec Pack\Filters\Haali\mp4.dll ()
MOD - D:\Program Files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll ()
MOD - D:\Program Files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - D:\Program Files\Free Download Manager\iefdm2.dll ()
MOD - D:\Program Files\Free Download Manager\FUM\fumcore.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (Mkd3kfNt) -- C:\Windows\SysNative\drivers\mkd3kfnt.sys (AhnLab, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (msloop) -- C:\Windows\SysNative\drivers\loop.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Mkd2Nadr) -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-157572909-2806731198-1341399877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-157572909-2806731198-1341399877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-157572909-2806731198-1341399877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 48 B7 AE 0B 0D CC 01 [binary data]
IE - HKU\S-1-5-21-157572909-2806731198-1341399877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-157572909-2806731198-1341399877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ClixSense.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kirin\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kirin\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/17 17:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/17 17:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/17 17:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/08 11:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Extensions
[2011/08/18 17:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions
[2011/06/28 16:45:39 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2011/06/27 05:35:20 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/06/04 04:25:21 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/06/10 01:12:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/08/01 17:11:45 | 000,000,000 | ---D | M] (ClixSense.com Community Toolbar) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}
[2011/07/09 20:47:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/02 16:48:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/30 13:32:23 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/07/19 16:52:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\foxmarks@kei.com
[2011/06/28 16:56:10 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\rikaichan-jpen@polarcloud.com
[2011/06/28 16:56:06 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\rikaichan-jpnames@polarcloud.com
[2011/06/13 23:51:04 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\screencaptureelite@plugin
[2011/08/19 17:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\staged
[2011/06/23 06:14:42 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\support@lastpass.com
[2011/07/28 07:58:31 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\extensions\TooManyTabs@visibotech.com
[2011/05/23 13:40:39 | 000,000,456 | ---- | M] () -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\searchplugins\demonoid.xml
[2011/05/08 11:48:49 | 000,001,666 | ---- | M] () -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\searchplugins\firefox-addons.xml
[2011/06/11 22:10:54 | 000,001,098 | ---- | M] () -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\searchplugins\gamefaqs.xml
[2011/05/08 11:49:07 | 000,001,512 | ---- | M] () -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\searchplugins\tvtropes.xml
[2011/05/08 11:51:53 | 000,000,988 | ---- | M] () -- C:\Users\Kirin\AppData\Roaming\Mozilla\Firefox\Profiles\f0xvjjtg.default\searchplugins\youtube.xml
[2011/07/07 00:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{76CD4188-5046-11DC-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{C2D0E930-64DE-11DB-BD13-0800200C9A66}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\COMPACTMENUCE@MERCI.CHAO.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\MYTUBE@ASHISHMISHRA.IN.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\OMNIBAR@AJITK.COM.XPI
() (No name found) -- C:\USERS\KIRIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0XVJJTG.DEFAULT\EXTENSIONS\OPENINBROWSER@WWW.SPASCHE.NET.XPI
[2011/08/17 17:52:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/14 19:32:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Arctosa] D:\Program Files\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-157572909-2806731198-1341399877-1000..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-157572909-2806731198-1341399877-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-157572909-2806731198-1341399877-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-157572909-2806731198-1341399877-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-157572909-2806731198-1341399877-1002..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Kirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kirin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-157572909-2806731198-1341399877-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-157572909-2806731198-1341399877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-157572909-2806731198-1341399877-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Download all with Free Download Manager - D:\Program Files\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - D:\Program Files\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - D:\Program Files\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - D:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - D:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - D:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - D:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - D:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2097/08/07 11:36:19 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{BE3FADD6-8FFF-4EF6-A28B-E633F1717510}
[2011/08/19 18:16:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Kirin\Desktop\OTL.exe
[2011/08/19 14:06:47 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{C5D47999-3720-4F85-B229-68B1DB56C302}
[2011/08/19 14:06:38 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{76475EEB-85A5-4DF1-A5A6-6242BCFEE76D}
[2011/08/19 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{FD4812D9-7554-46FA-819C-EF1C4B3C6B65}
[2011/08/19 14:06:07 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{DF76ACD0-9E1F-4AAA-B5A0-5918BD568F91}
[2011/08/19 02:05:56 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{5DA790FC-EE11-4E0A-8407-648D0CFB46AF}
[2011/08/19 02:05:46 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{FD36EBCB-777D-4E76-9BD8-781DD2B04163}
[2011/08/19 02:05:34 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{695AE7CA-5237-4A55-ACC4-EC4ED45A5E9B}
[2011/08/19 02:05:10 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{5B8B9FA0-B60F-482F-88CF-5F80A633E451}
[2011/08/18 21:13:51 | 000,000,000 | ---D | C] -- C:\Users\Kirin\Desktop\iji_yyg
[2011/08/18 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{E48088AB-5290-4133-9820-5C0B51B4ED4E}
[2011/08/18 14:04:49 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{63F8C767-0E21-4261-9555-3DFF96C8A809}
[2011/08/18 14:04:39 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{9B565AB0-D2FC-4D48-BF09-B0E5F722BDF7}
[2011/08/18 14:04:17 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{F2E65558-DFC6-4696-9711-831FB4122442}
[2011/08/18 02:04:04 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{AF5E9BA0-7891-462D-B776-ECD22BF1FC72}
[2011/08/18 02:03:54 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{FFD9D096-4D07-46B5-ACE0-39BD8BEC5758}
[2011/08/18 02:03:44 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{82EAA386-3939-4F62-92CD-CFF98286EA12}
[2011/08/18 02:03:21 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{444CA2BF-CFFB-4BBB-A18B-C795D32D4DF5}
[2011/08/17 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{24A4F7EC-30AB-4B19-A3DC-52A8C8914F91}
[2011/08/17 14:03:01 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{47DF563E-9B1B-4D65-A0B2-944835D57AE6}
[2011/08/17 14:02:50 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{E9C9719B-C397-4D62-9537-40EE2EF76F7A}
[2011/08/17 14:02:28 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{7FED3339-B38A-431E-9613-B4B0C5CBE542}
[2011/08/17 02:02:04 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6A24A943-F4E9-4C30-B485-EDAB75C5D94D}
[2011/08/17 02:01:52 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{7BA00E95-62D4-489C-A058-40654D7EEBAD}
[2011/08/17 02:01:40 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6079AEC4-D945-45CD-AA78-12AB3610D69E}
[2011/08/17 02:01:17 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{0C1966B2-5DA4-4E0C-A0CB-3CB05C38AF2D}
[2011/08/16 14:00:52 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{ED499359-1D0A-4DF9-8192-4BB39F7C795B}
[2011/08/16 14:00:42 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{BFF39581-DFD2-49D7-B4F5-D83ED159C81D}
[2011/08/16 14:00:29 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{C098556B-139B-4207-8546-8B5FDB963979}
[2011/08/16 01:59:52 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{46C7DCF9-7D67-4242-83C5-9ACE9E695125}
[2011/08/16 01:59:41 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{44CB94BA-3402-4BED-872D-58D3B8158B8D}
[2011/08/16 01:59:28 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{61F84A1B-DEF7-4B5D-B2A1-C1938C0D03F8}
[2011/08/16 01:59:03 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{94720822-726C-4994-A1AB-E7B68B56B615}
[2011/08/15 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{C14BD8F2-8167-4B4E-8A17-F7545C9B82AC}
[2011/08/15 13:58:29 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{63904405-556A-4781-A51A-40BF47694369}
[2011/08/15 13:57:51 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{06ADB564-3354-4B08-996A-895748A57DB9}
[2011/08/15 01:57:38 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{D6081EE5-416C-49BF-BAA4-D646EFEE1D91}
[2011/08/15 01:57:28 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{4F38236D-55C7-41CE-B7D4-F2B520076141}
[2011/08/15 01:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6859658D-169C-4E0A-91F2-B621E006888A}
[2011/08/15 01:56:50 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{968D2F7D-2417-4007-8008-0B1AC7C476E2}
[2011/08/14 22:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kirin\Desktop\Call of Pripyat Mods
[2011/08/14 20:21:27 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/08/14 20:21:27 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/08/14 20:21:27 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/08/14 20:21:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/08/14 20:21:27 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/08/14 20:21:25 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/08/14 20:21:25 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/08/14 20:21:25 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/08/14 20:21:25 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/08/14 20:21:24 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/08/14 20:21:23 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/08/14 20:21:23 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/08/14 20:21:22 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/08/14 20:21:22 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/08/14 20:21:22 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/08/14 20:21:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/08/14 20:21:22 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/08/14 20:21:22 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/08/14 20:21:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/08/14 20:21:21 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/08/14 20:21:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/08/14 20:21:20 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/08/14 20:21:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/08/14 20:21:20 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/08/14 20:21:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/08/14 20:21:19 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/08/14 20:21:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/08/14 20:21:19 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/08/14 20:21:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/08/14 20:21:19 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/08/14 20:21:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/08/14 20:21:18 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/08/14 20:21:18 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/08/14 20:21:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/08/14 20:21:18 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/08/14 20:21:18 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/08/14 20:21:18 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/08/14 20:21:18 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/08/14 20:21:18 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/08/14 20:21:18 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/08/14 20:21:18 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/08/14 20:21:16 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/08/14 20:21:16 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/08/14 20:21:16 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/08/14 20:21:16 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/08/14 20:21:16 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/08/14 20:21:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/08/14 20:21:15 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/08/14 20:21:15 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/08/14 20:21:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/08/14 20:21:15 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/08/14 20:21:15 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/08/14 20:21:15 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/08/14 20:21:13 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/08/14 20:21:13 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/08/14 20:21:12 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/08/14 20:21:12 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/08/14 20:21:12 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/08/14 20:21:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/08/14 20:21:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/08/14 20:21:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/08/14 20:21:11 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/08/14 20:21:11 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/08/14 20:21:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/08/14 20:21:11 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/08/14 20:21:11 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/08/14 20:21:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/08/14 20:21:10 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/08/14 20:21:10 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/08/14 20:21:10 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/08/14 20:21:10 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/08/14 20:21:10 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/08/14 20:21:10 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/08/14 20:21:09 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/08/14 20:21:09 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/08/14 20:21:08 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/08/14 20:21:08 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/08/14 20:21:08 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/08/14 20:21:08 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/08/14 20:21:07 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/08/14 20:21:07 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/08/14 20:21:07 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/08/14 20:21:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/08/14 20:21:07 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/08/14 20:21:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/08/14 20:21:07 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/08/14 20:21:07 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/08/14 20:21:06 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/08/14 20:21:06 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/08/14 20:21:06 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/08/14 20:21:06 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/08/14 20:21:06 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/08/14 20:21:06 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/08/14 20:21:06 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/08/14 20:21:06 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/08/14 20:21:06 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/08/14 20:21:06 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/08/14 20:21:05 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/08/14 20:21:05 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/08/14 20:21:05 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/08/14 20:21:05 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/08/14 20:21:05 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/08/14 20:21:04 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/08/14 20:21:04 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/08/14 20:21:04 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/08/14 20:21:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/08/14 20:21:04 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/08/14 20:21:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/08/14 20:21:04 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/08/14 20:21:04 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/08/14 20:21:03 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/08/14 20:21:03 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/08/14 20:21:03 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/08/14 20:21:03 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/08/14 20:21:03 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/08/14 20:21:03 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/08/14 20:21:03 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/08/14 20:21:03 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/08/14 20:21:02 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/08/14 20:21:02 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/08/14 20:21:02 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/08/14 20:21:02 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/08/14 20:21:02 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/08/14 20:21:02 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/08/14 20:21:02 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/08/14 20:21:02 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/08/14 20:21:01 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/08/14 20:21:01 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/08/14 20:21:01 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/08/14 20:21:01 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/08/14 20:20:58 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/08/14 20:20:58 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/08/14 20:20:58 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/08/14 20:20:58 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/08/14 20:20:58 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/08/14 20:20:58 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/08/14 20:20:56 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/08/14 20:20:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/08/14 20:20:55 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/08/14 20:20:55 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/08/14 20:20:54 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/08/14 20:20:54 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/08/14 20:20:54 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/08/14 20:20:54 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/08/14 20:20:53 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/08/14 20:20:53 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/08/14 20:20:52 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/08/14 20:20:52 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/08/14 20:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bitComposer Games
[2011/08/14 20:18:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\S.T.A.L.K.E.R. - Call of Pripyat
[2011/08/14 19:46:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/14 19:13:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/14 19:05:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/14 19:05:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/14 19:05:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/14 19:05:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/14 19:05:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/14 19:03:07 | 004,171,976 | R--- | C] (Swearware) -- C:\Users\Kirin\Desktop\ComboFix.exe
[2011/08/14 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\Kirin\Desktop\eBooks
[2011/08/14 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{DB0E0993-9D6F-426D-A475-F5A5F04DD404}
[2011/08/14 13:56:17 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{8988F9BB-C2DB-413E-A4E6-93715DED2F8E}
[2011/08/14 13:56:07 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{F1400B6D-D671-4F86-BAB8-991BCCA327BE}
[2011/08/14 13:55:45 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{AE2C0F37-1178-4FD1-BA6B-DC4FBB7C46B3}
[2011/08/14 01:55:33 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{EB57ED85-76C7-471A-ADEC-1670D3D729FA}
[2011/08/14 01:55:23 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{DDAF6556-12A2-45F7-8BE4-33C1A5D0F738}
[2011/08/14 01:55:08 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{1FFC172F-20DB-45C3-B3B9-6BDBE9ECF1FD}
[2011/08/14 01:54:46 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{51482B75-4621-45BB-9475-25AE251C935B}
[2011/08/13 23:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SAMSUNG
[2011/08/13 23:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODD Firmware LiveUpdate
[2011/08/13 19:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/08/13 19:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/08/13 19:12:27 | 006,136,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/08/13 19:12:27 | 003,021,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/08/13 19:12:27 | 000,836,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/08/13 19:12:27 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/08/13 19:12:27 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/08/13 19:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/08/13 19:11:22 | 024,692,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/08/13 19:11:22 | 022,470,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/08/13 19:11:22 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/08/13 19:11:22 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/08/13 19:11:22 | 015,064,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/08/13 19:11:22 | 012,636,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/08/13 19:11:22 | 008,355,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/08/13 19:11:22 | 007,254,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/08/13 19:11:22 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/08/13 19:11:22 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/08/13 19:11:22 | 002,758,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/08/13 19:11:22 | 002,532,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/08/13 19:11:22 | 002,412,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/08/13 19:11:22 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/08/13 19:11:22 | 002,222,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/08/13 19:11:22 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/08/13 19:11:22 | 001,519,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/08/13 19:11:22 | 001,453,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/08/13 19:11:22 | 001,426,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco642040.dll
[2011/08/13 19:11:22 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/08/13 19:11:22 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/08/13 19:11:22 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/08/13 19:11:22 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/08/13 13:54:22 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{A262FA8E-41BB-4BE6-A2F9-ED3169ADC69D}
[2011/08/13 13:54:12 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{C560C087-21CE-4E4C-8FB5-C7C91F603C7E}
[2011/08/13 13:53:59 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{91382F85-2B91-4596-B82E-B12F9A46BD2A}
[2011/08/13 00:33:47 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{84CDEE09-B62F-47D3-A3D2-AA18621D99B2}
[2011/08/13 00:33:26 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{2A2ACA00-25BD-482A-B490-3696B7E3C8E8}
[2011/08/12 19:00:42 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{928BDF50-D907-43BA-85EE-A57B082D7ABB}
[2011/08/12 19:00:32 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6063858C-ECB8-423E-9EE6-61E891392BBB}
[2011/08/12 07:00:20 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{807204E6-4895-4445-B3BD-8F9E7A8F84E6}
[2011/08/12 07:00:10 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{C1E0741F-E617-4262-B9E0-98A9DD91C361}
[2011/08/12 06:59:56 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6533A21A-31A1-428C-884D-760C82658B12}
[2011/08/11 23:30:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/11 23:30:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/11 23:30:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/11 23:30:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/11 23:30:23 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/11 23:30:23 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/11 23:30:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/11 23:30:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/11 23:30:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/11 17:26:23 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{AFC0E8CB-292F-4DFA-8715-A1189A8F80D8}
[2011/08/11 17:26:14 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{B3DDAB94-A7D6-484F-967E-C27B6C1806E2}
[2011/08/11 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6713105D-8589-455C-9E4F-30ED4BF8CBE9}
[2011/08/11 13:31:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/11 01:47:41 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{AA27A4D9-E7D8-42F8-81DC-176D7162064D}
[2011/08/11 01:47:32 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{05D5C27D-B83B-4020-804B-195AC0B1D58C}
[2011/08/11 01:47:22 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{D0168B01-E385-4764-84FB-70371801771B}
[2011/08/11 01:47:00 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{AF7364E2-6BBB-4F40-9338-889994B4EBBC}
[2011/08/10 13:46:49 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{302EA443-A024-43E6-965A-0E1D27828D5B}
[2011/08/10 13:46:40 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{CB5F36FE-ED31-4F08-AF0A-84BDFAF00279}
[2011/08/10 13:46:29 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{9647D98B-6C59-4E86-8CF1-8634BE50B7E0}
[2011/08/10 13:46:19 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{05324B30-81FC-424B-A200-E6F35642FE77}
[2011/08/09 22:11:11 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{B631D9E2-6217-4820-B3FF-B2A3B29DBD71}
[2011/08/09 22:11:01 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{3B700986-B152-4374-B896-334AB6CE5B4E}
[2011/08/09 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{8CFC822E-7B65-4D97-A2A4-E174F1D6017F}
[2011/08/09 10:10:19 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{061AB62D-7827-4201-AB5B-16213FAF54FA}
[2011/08/09 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{000D5B42-1F75-4AFF-9ADF-28928DEF616E}
[2011/08/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{BB35B4FC-BEBE-4CEA-A065-428B36C8231D}
[2011/08/09 10:09:40 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{ED456180-E63B-4331-8A70-5155700552B2}
[2011/08/08 16:46:52 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{4725E901-A6C8-4493-A2A3-0459AF52E6FB}
[2011/08/08 16:46:42 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{C4589D66-A009-4C1D-849A-238606AC6A57}
[2011/08/08 16:46:32 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{9A84E823-3843-4625-95C3-4866D232ED84}
[2011/08/07 23:46:15 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{E5CAFD5A-B064-40F2-A78D-33A6CBB6A605}
[2011/08/07 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{A19788C0-F0E2-4D0A-9335-AF0534646966}
[2011/08/07 23:45:54 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{E59ABB90-7C33-4F59-AF27-7B77BFE8A0CD}
[2011/08/07 23:45:43 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{71AB4AB0-2A88-4EB1-BC07-439BC6AB20CA}
[2011/08/07 11:45:31 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6212F798-E360-4DE5-B891-3FC0FA9117F9}
[2011/08/07 11:45:21 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{0206CB47-77B4-4B1F-93AF-3A81CC68EA83}
[2011/08/07 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{549734DA-7725-4ADB-B998-85F9D1E30DE8}
[2011/08/07 11:43:07 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/07 11:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/07 11:40:40 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{79B8DC82-5589-4591-9A80-F9D933C1A9B4}
[2011/08/07 11:40:30 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{34D67E03-C81A-40E6-A8D2-C726454E2355}
[2011/08/07 00:13:57 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{45764636-8DB7-4228-9401-37A99845BF78}
[2011/08/07 00:13:46 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{9E428E28-9034-448D-B602-F954CFC1E407}
[2011/08/06 12:14:02 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{C6CBA160-406E-49C4-BC01-061F73385B7D}
[2011/08/06 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{F713077D-ABC0-488B-AC70-2FF73CD57BCD}
[2011/08/06 12:13:42 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6B4B54EE-9647-4BEB-9CBF-3F7E7C6896E4}
[2011/08/06 12:13:32 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{3271AC4E-9611-4651-924C-6A561B6E15B5}
[2011/08/06 00:52:31 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{D8BE531E-E90F-4208-96B8-117A0C24232F}
[2011/08/06 00:52:21 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{25D66EF7-D719-49F9-9F87-54ACA2A5A792}
[2011/08/05 12:52:26 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{4768E79B-57F1-41B2-B13D-4A26A46B150F}
[2011/08/05 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{435DC91A-B7B4-401F-873D-A0D6B313659D}
[2011/08/04 20:04:30 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{0DCDE8D2-CE99-4B15-9928-1C1EFDBFE8C6}
[2011/08/03 20:03:34 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{4198B5E6-8DE4-4D94-8F48-71A8351E8950}
[2011/08/03 08:02:59 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{3500C696-76A9-49BF-AC91-D522EBF0FD12}
[2011/08/02 20:02:37 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{6BD57DF2-46A8-4061-A368-A99311D4E3DC}
[2011/08/02 08:02:02 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{0AD67CD6-4F00-4702-81B8-F2236B32DAE6}
[2011/08/01 20:01:39 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{012EC496-3CC2-42D5-86D9-B60B3A6E735A}
[2011/08/01 08:01:16 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{8293A3E0-11FF-423C-B16C-CED489787681}
[2011/07/30 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{B120AE98-A73F-4E27-B4FF-7098F959EFA7}
[2011/07/29 14:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{FA5C9E96-B361-4DB7-A11A-F18A5E8B3DEB}
[2011/07/28 17:14:58 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{82565674-21CF-48D5-9FC6-60F6A1D7A60C}
[2011/07/28 05:14:23 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{2F1445CD-859C-43C7-9F7A-9BB429F3C3CE}
[2011/07/27 17:14:01 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{82708CD5-D981-4FCB-8533-FE6617B91503}
[2011/07/27 05:13:19 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{B9DF54D4-326F-44E7-843A-76A9B20AC391}
[2011/07/26 17:12:28 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{8E4880EF-BD17-41DB-8025-5CDF71EA0BEE}
[2011/07/26 17:12:06 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{2C843F9A-2DD0-4B08-9778-B217B14E3D37}
[2011/07/26 05:11:11 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{95ED9F1B-DD1B-420C-9A15-35FA0C7BA5A7}
[2011/07/26 05:11:01 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{0DB28118-AAFD-48CA-962E-594DBB504FFD}
[2011/07/25 19:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Sync Manager WiFi
[2011/07/25 17:10:49 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{0C1C6B66-B91F-431F-B5C3-9E5F1664B6A6}
[2011/07/25 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{207569DA-EB26-4D48-89B3-160178F12860}
[2011/07/24 23:20:57 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{2B46B2B5-7142-40E6-8BB6-FC5DB286FD00}
[2011/07/24 23:20:47 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{CD83D473-AF3B-4BCA-B4DD-F0B5F5FBD632}
[2011/07/24 04:10:20 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{62D92E8C-BA4D-433A-948F-4C2858F309B3}
[2011/07/24 04:09:59 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{86341DF1-A811-46E0-B9B7-48E9505BD40A}
[2011/07/23 21:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/23 16:09:16 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{BAF7F2BA-9727-4242-A178-5F768D7C9F27}
[2011/07/23 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{CCB4F52F-7599-4377-B828-FB6E1B751CF9}
[2011/07/23 04:08:22 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{E55D0D12-A069-4920-B500-00B66C09BE78}
[2011/07/23 04:08:12 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{96E07794-8282-48F8-8D95-A67228B0263C}
[2011/07/22 16:07:43 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{4C448FD3-6BD1-4B5F-ADBE-7618938FA958}
[2011/07/22 16:07:21 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{28680FA5-D965-4FA7-8F71-A2975F30C435}
[2011/07/22 04:06:38 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{3810ED49-502C-45A4-A024-8635DD699DAE}
[2011/07/22 04:06:16 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{F31F6F8C-56C4-4354-A0D7-9A198E7E7AC1}
[2011/07/21 16:05:34 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{B0FE0E37-FC62-4860-928F-A158F8F23761}
[2011/07/21 16:05:13 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{E6A51437-AC15-4C59-AE56-F6DADE74DB7A}
[2011/07/21 04:04:42 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{546FE39B-6604-4BE5-B3BF-CBA4B50A9B7F}
[2011/07/21 04:04:20 | 000,000,000 | ---D | C] -- C:\Users\Kirin\AppData\Local\{706CFC00-1F54-4341-85E7-DEC990B2D2BD}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/19 18:16:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Kirin\Desktop\OTL.exe
[2011/08/19 18:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-157572909-2806731198-1341399877-1000UA.job
[2011/08/19 03:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-157572909-2806731198-1341399877-1000Core.job
[2011/08/17 15:19:26 | 001,813,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/17 15:19:26 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/17 15:19:26 | 000,415,714 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2011/08/17 15:19:26 | 000,392,010 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/08/17 15:19:26 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2011/08/17 15:19:26 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/17 15:19:26 | 000,114,028 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/08/17 12:14:29 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 12:14:29 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 12:11:07 | 000,000,450 | ---- | M] () -- C:\Users\Kirin\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/08/17 12:07:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 12:07:09 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 11:49:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/16 22:46:49 | 000,121,038 | ---- | M] () -- C:\Users\Kirin\Desktop\Mom 21st Aug Melb - Laun Itinerary.pdf
[2011/08/16 22:45:37 | 000,057,812 | ---- | M] () -- C:\Users\Kirin\Desktop\Mom 21st Aug Melb - Laun.pdf
[2011/08/15 21:06:46 | 000,006,595 | ---- | M] () -- C:\Users\Public\Documents\s.t.a.l.k.e.r.ltx
[2011/08/15 08:39:40 | 000,001,224 | ---- | M] () -- C:\Users\Kirin\Desktop\Stalker-COP.exe - Shortcut.lnk
[2011/08/14 19:32:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/14 19:03:58 | 004,171,976 | R--- | M] (Swearware) -- C:\Users\Kirin\Desktop\ComboFix.exe
[2011/08/14 16:59:43 | 006,704,900 | ---- | M] () -- C:\Users\Kirin\Desktop\【オルゴール】ココロ×ココロ・キセキ.mp3
[2011/08/12 18:42:33 | 001,796,078 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/06 12:19:28 | 001,898,726 | ---- | M] () -- C:\Users\Kirin\Desktop\mybb_1604.zip
[2011/08/03 21:50:00 | 024,692,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/08/03 21:50:00 | 022,470,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/08/03 21:50:00 | 017,193,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/08/03 21:50:00 | 016,595,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/08/03 21:50:00 | 015,064,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/08/03 21:50:00 | 012,636,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/08/03 21:50:00 | 008,355,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/08/03 21:50:00 | 007,254,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/08/03 21:50:00 | 006,613,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/08/03 21:50:00 | 006,136,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/08/03 21:50:00 | 005,404,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/08/03 21:50:00 | 003,021,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/08/03 21:50:00 | 002,758,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/08/03 21:50:00 | 002,532,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/08/03 21:50:00 | 002,412,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/08/03 21:50:00 | 002,391,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/08/03 21:50:00 | 002,222,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/08/03 21:50:00 | 002,090,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/08/03 21:50:00 | 001,519,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/08/03 21:50:00 | 001,453,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/08/03 21:50:00 | 000,836,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/08/03 21:50:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/08/03 21:50:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/08/03 21:50:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/08/03 21:50:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/08/03 21:50:00 | 000,007,383 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/08/03 03:31:54 | 000,311,912 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/31 15:08:17 | 002,654,558 | ---- | M] () -- C:\Users\Kirin\Desktop\ForCam.zip
[2011/07/30 01:06:17 | 000,010,558 | ---- | M] () -- C:\Users\Kirin\AppData\Roaming\AlarmClock.xml
[2011/07/29 00:38:14 | 000,001,456 | ---- | M] () -- C:\Users\Kirin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/07/25 19:15:01 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\Android Sync Manager WiFi.lnk
[2011/07/25 00:11:45 | 000,000,000 | ---- | M] () -- C:\Users\Kirin\Desktop\Personal Timetable Semester 2 2011.pdf
[2011/07/22 15:42:23 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/07/22 15:35:31 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/07/22 15:33:41 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/07/22 15:32:49 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/07/22 15:30:55 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/07/22 12:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/07/22 12:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/07/22 12:44:42 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/07/22 12:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/16 22:47:10 | 000,121,038 | ---- | C] () -- C:\Users\Kirin\Desktop\Mom 21st Aug Melb - Laun Itinerary.pdf
[2011/08/16 22:45:50 | 000,057,812 | ---- | C] () -- C:\Users\Kirin\Desktop\Mom 21st Aug Melb - Laun.pdf
[2011/08/15 08:39:40 | 000,001,224 | ---- | C] () -- C:\Users\Kirin\Desktop\Stalker-COP.exe - Shortcut.lnk
[2011/08/14 19:05:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/14 19:05:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/14 19:05:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/14 19:05:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/14 19:05:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/14 16:59:20 | 006,704,900 | ---- | C] () -- C:\Users\Kirin\Desktop\【オルゴール】ココロ×ココロ・キセキ.mp3
[2011/08/14 15:16:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/13 23:16:20 | 000,000,450 | ---- | C] () -- C:\Users\Kirin\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/08/13 19:11:22 | 000,007,383 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/08/13 00:33:04 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/08/06 12:19:23 | 001,898,726 | ---- | C] () -- C:\Users\Kirin\Desktop\mybb_1604.zip
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/29 00:38:28 | 002,654,558 | ---- | C] () -- C:\Users\Kirin\Desktop\ForCam.zip
[2011/07/25 19:15:01 | 000,000,750 | ---- | C] () -- C:\Users\Public\Desktop\Android Sync Manager WiFi.lnk
[2011/07/25 00:11:45 | 000,000,000 | ---- | C] () -- C:\Users\Kirin\Desktop\Personal Timetable Semester 2 2011.pdf
[2011/07/19 22:20:32 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/06/23 23:11:56 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/23 23:11:56 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/08 11:47:10 | 000,007,601 | ---- | C] () -- C:\Users\Kirin\AppData\Local\Resmon.ResmonCfg
[2011/06/02 16:19:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
[2011/05/23 14:11:30 | 000,000,281 | ---- | C] () -- C:\Users\Kirin\AppData\Roaming\Network Meter_Settings.ini
[2011/05/15 00:10:01 | 000,001,456 | ---- | C] () -- C:\Users\Kirin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/22 06:42:32 | 000,010,558 | ---- | C] () -- C:\Users\Kirin\AppData\Roaming\AlarmClock.xml
[2011/04/05 23:02:55 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/21 19:17:15 | 001,796,078 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/20 19:05:09 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2011/03/20 19:05:09 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2011/03/11 16:37:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/10 17:43:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011/03/10 16:52:23 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011/03/10 16:52:23 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011/03/10 16:52:23 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011/03/10 16:52:13 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/03/10 16:52:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/03/10 16:49:08 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/10/14 00:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/05/20 14:26:30 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

< End of report >

Edit: Just for notification. Computer just auto-rebooted itself while playing Mass Effect.

Edit: Another crash, this time while playing Prototype. Computer just froze with static coming out of the speakers. Hard reboot via tower button.

Computer seems to crash while under stress. Having a Skype call, Mozilla Firefox and a game running together seem to be the main culprit.

Explorer settings seem to have reset sometime ago, not sure exactly when. Hidden files and folders should be shown but aren't, and the same goes for file extensions. Edited the settings manually (Tools > Folder Options > View Tab).

Edited by Kirin, 19 August 2011 - 05:58 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 20 August 2011 - 12:20 PM

Hello


It is not looking like it is malware related but maybe hardware could be windows but sounds like hardware - I am going to continue with the cleanup but I don't think it will find anything


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users