Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with possible rootkey, google chrome redirects along with advertisements


  • This topic is locked This topic is locked
25 replies to this topic

#1 Delphy

Delphy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 17 May 2012 - 10:31 PM

Google Chrome has been consistently redirecting me at various links along with ads that appear near the bottom of my screen. Ads include yellowbook, searchfinder and many others.
thank you very much for taking a look at this problem


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by General at 22:23:06 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.6049.3879 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\notepad.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\General\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-2269P.exe" /REG /REGSVRMODE
StartupFolder: C:\Users\General\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8FCF8247-614A-49C7-BF06-1CF3AADF3B91} : DhcpNameServer = 128.8.76.2 128.8.74.2
TCP: Interfaces\{A6772663-2119-4135-A90E-8BB86DC7CD18} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A6772663-2119-4135-A90E-8BB86DC7CD18}\130383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A6772663-2119-4135-A90E-8BB86DC7CD18}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{A6772663-2119-4135-A90E-8BB86DC7CD18}\57D646D2375636572756 : DhcpNameServer = 128.8.76.2 128.8.74.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-2269P.exe" /REG /REGSVRMODE
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 DMAgent;IntelR PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-4 652360]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-6 2656280]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
R2 WiMAXAppSrv;IntelR PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-18 02:09:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16A1FC41-0A06-4032-81FB-A3C3F7D8B784}\offreg.dll
2012-05-18 02:00:05 711240 ----a-w- C:\Windows\is-2269P.exe
2012-05-15 17:22:09 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16A1FC41-0A06-4032-81FB-A3C3F7D8B784}\mpengine.dll
2012-05-03 16:43:51 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-02 21:53:31 -------- d-----w- C:\Users\General\AppData\Local\SniperV2 Demo
2012-04-23 07:13:18 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-23 07:12:45 -------- d-----w- C:\Users\General\AppData\Roaming\uTorrent
2012-04-22 18:17:33 98816 ----a-w- C:\Windows\sed.exe
2012-04-22 18:17:33 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-22 18:17:33 256000 ----a-w- C:\Windows\PEV.exe
2012-04-22 18:17:33 208896 ----a-w- C:\Windows\MBR.exe
2012-04-22 18:12:17 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-05-13 23:15:55 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-05-03 16:43:30 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:23:22.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:28 PM

Posted 18 May 2012 - 12:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Delphy

Delphy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 18 May 2012 - 02:34 PM

Here is the combofix log

ComboFix 12-05-18.03 - General 8/2012 Fri 15:17:34.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.6049.3880 [GMT -4:00]
Running from: c:\users\General\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 19:25 . 2012-05-18 19:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-18 19:25 . 2012-05-18 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 17:01 . 2012-05-18 17:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C05552EB-1163-49A8-86C8-AEA903208187}\offreg.dll
2012-05-18 16:56 . 2012-05-18 19:10 -------- d-----w- c:\program files (x86)\Bucksbee Loyalty Plugin - Guppy Media
2012-05-18 16:11 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C05552EB-1163-49A8-86C8-AEA903208187}\mpengine.dll
2012-05-18 02:00 . 2012-05-18 02:00 711240 ----a-w- c:\windows\is-2269P.exe
2012-05-14 14:02 . 2012-05-14 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-14 14:02 . 2012-05-14 14:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-03 16:43 . 2012-05-03 16:43 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 21:53 . 2012-05-02 21:54 -------- d-----w- c:\users\General\AppData\Local\SniperV2 Demo
2012-04-23 07:13 . 2012-05-10 20:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-04-23 07:12 . 2012-05-07 15:26 -------- d-----w- c:\users\General\AppData\Roaming\uTorrent
2012-04-22 18:12 . 2012-04-22 18:12 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 23:21 . 2011-08-28 23:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-13 23:15 . 2011-07-05 08:45 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-03 16:43 . 2011-07-11 01:42 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2011-07-05 08:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 06:46 . 2012-04-11 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 14:18 . 2011-07-05 09:04 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[-] 2009-07-14 . 2A0FB672A494B2D598247939C6F66E49 . 2868224 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-05-18_02.12.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-04 15:12 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-18 16:56 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-04 15:12 8896512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-18 16:56 8896512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-18 16:56 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-04 15:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-13 107000]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-05-10 38704]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-24 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"InnoSetupRegFile.0000000001"="c:\windows\is-2269P.exe" [2012-05-18 711240]
.
c:\users\General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-7-6 12862]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\General\AppData\Local\Temp\00527BA.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 DMAgent;IntelR PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
S2 WiMAXAppSrv;IntelR PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 78513073
*Deregistered* - 78513073
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000Core.job
- c:\users\General\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 08:58]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000UA.job
- c:\users\General\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 08:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\General\AppData\Local\Temp\00527BA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-18 15:27:28
ComboFix-quarantined-files.txt 2012-05-18 19:27
ComboFix2.txt 2012-05-18 02:15
ComboFix3.txt 2012-05-04 23:51
ComboFix4.txt 2012-05-03 16:57
ComboFix5.txt 2012-05-18 19:16
.
Pre-Run: 277,678,223,360 bytes free
Post-Run: 277,611,974,656 bytes free
.
- - End Of File - - 3486230365EEBD2CC4AABD4755C1EF3F


Right now, whenever I use google chrome, the contents that I click on a website would occasionally redirect me to advertisements like Yellow Pages and search using keywords on websites that I have recently browsed. For example, if I am looking on a website about cars, the redirect would sometimes redirect me to yellow page or a search engine that give me results using the words "cars" or "automobile insurance".
Also, there would be a little box popping up on the bottom right corner in the shape of an iphone with advertisements or a video box saying I was missing a plugin where there shouldn't be. It's trying to make me download Livid Video player too.
This is a personal laptop, and right now it is mostly an annoyance. Malwarebyte doesn't seem to work, and my anti-virus programs don't work either. I've tried reinstalling chrome and deleteing cookies and temporary internet files, but it hasn't helped or the problem has come back. I can do a clean system reinstall if it is necessary.
thank you very much gringo, I see you helping a lot of people in their threads and you really are an expert :)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:28 PM

Posted 18 May 2012 - 02:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Delphy

Delphy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 18 May 2012 - 03:06 PM

TDSSKiller report

15:56:08.0723 0864 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
15:56:08.0963 0864 ============================================================
15:56:08.0963 0864 Current date / time: 2012/05/18 15:56:08.0963
15:56:08.0963 0864 SystemInfo:
15:56:08.0963 0864
15:56:08.0963 0864 OS Version: 6.1.7601 ServicePack: 1.0
15:56:08.0963 0864 Product type: Workstation
15:56:08.0963 0864 ComputerName: COMPUTER_NAME
15:56:08.0963 0864 UserName: General
15:56:08.0963 0864 Windows directory: C:\Windows
15:56:08.0963 0864 System windows directory: C:\Windows
15:56:08.0963 0864 Running under WOW64
15:56:08.0963 0864 Processor architecture: Intel x64
15:56:08.0963 0864 Number of processors: 4
15:56:08.0963 0864 Page size: 0x1000
15:56:08.0963 0864 Boot type: Normal boot
15:56:08.0963 0864 ============================================================
15:56:09.0363 0864 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:56:09.0373 0864 ============================================================
15:56:09.0373 0864 \Device\Harddisk0\DR0:
15:56:09.0373 0864 MBR partitions:
15:56:09.0373 0864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x476572B0
15:56:09.0373 0864 ============================================================
15:56:09.0413 0864 C: <-> \Device\Harddisk0\DR0\Partition0
15:56:09.0413 0864 ============================================================
15:56:09.0413 0864 Initialize success
15:56:09.0413 0864 ============================================================
15:56:11.0274 8776 ============================================================
15:56:11.0274 8776 Scan started
15:56:11.0274 8776 Mode: Manual;
15:56:11.0274 8776 ============================================================
15:56:12.0184 8776 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:56:12.0184 8776 1394ohci - ok
15:56:12.0234 8776 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:56:12.0244 8776 ACPI - ok
15:56:12.0264 8776 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:56:12.0264 8776 AcpiPmi - ok
15:56:12.0384 8776 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:12.0384 8776 AdobeARMservice - ok
15:56:12.0474 8776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:56:12.0484 8776 adp94xx - ok
15:56:12.0544 8776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:56:12.0544 8776 adpahci - ok
15:56:12.0594 8776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:56:12.0594 8776 adpu320 - ok
15:56:12.0634 8776 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:56:12.0634 8776 AeLookupSvc - ok
15:56:12.0714 8776 AFBAgent (6e79a119b0ce418fe44e0c824bf3f039) C:\Windows\system32\FBAgent.exe
15:56:12.0714 8776 AFBAgent - ok
15:56:12.0824 8776 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:56:12.0824 8776 AFD - ok
15:56:12.0874 8776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:56:12.0874 8776 agp440 - ok
15:56:12.0904 8776 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:56:12.0904 8776 ALG - ok
15:56:12.0934 8776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:56:12.0934 8776 aliide - ok
15:56:12.0954 8776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:56:12.0954 8776 amdide - ok
15:56:12.0984 8776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:56:12.0984 8776 AmdK8 - ok
15:56:12.0994 8776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:56:12.0994 8776 AmdPPM - ok
15:56:13.0044 8776 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:56:13.0044 8776 amdsata - ok
15:56:13.0094 8776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:56:13.0094 8776 amdsbs - ok
15:56:13.0124 8776 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:56:13.0124 8776 amdxata - ok
15:56:13.0184 8776 AmUStor (92a848f962da91c631147d566414bb7e) C:\Windows\system32\drivers\AmUStor.SYS
15:56:13.0184 8776 AmUStor - ok
15:56:13.0224 8776 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:56:13.0224 8776 AppID - ok
15:56:13.0264 8776 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:56:13.0264 8776 AppIDSvc - ok
15:56:13.0284 8776 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:56:13.0284 8776 Appinfo - ok
15:56:13.0384 8776 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:56:13.0384 8776 Apple Mobile Device - ok
15:56:13.0434 8776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:56:13.0434 8776 arc - ok
15:56:13.0474 8776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:56:13.0474 8776 arcsas - ok
15:56:13.0574 8776 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:56:13.0574 8776 ASLDRService - ok
15:56:13.0604 8776 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:56:13.0604 8776 ASMMAP64 - ok
15:56:13.0664 8776 asmthub3 (718692fff22d6af47eba0a741a924921) C:\Windows\system32\DRIVERS\asmthub3.sys
15:56:13.0664 8776 asmthub3 - ok
15:56:13.0714 8776 asmtxhci (bad70a5ac534c108f680a33c654bc626) C:\Windows\system32\DRIVERS\asmtxhci.sys
15:56:13.0714 8776 asmtxhci - ok
15:56:13.0854 8776 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:56:13.0854 8776 aspnet_state - ok
15:56:13.0904 8776 assd (06f30358a657cba22115c4368b4001f9) C:\Windows\system32\drivers\assd.sys
15:56:13.0904 8776 assd - ok
15:56:13.0934 8776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:13.0934 8776 AsyncMac - ok
15:56:13.0984 8776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:56:13.0984 8776 atapi - ok
15:56:14.0144 8776 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
15:56:14.0144 8776 athr - ok
15:56:14.0234 8776 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:56:14.0234 8776 ATKGFNEXSrv - ok
15:56:14.0264 8776 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:56:14.0264 8776 ATKWMIACPIIO - ok
15:56:14.0484 8776 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:56:14.0484 8776 AudioEndpointBuilder - ok
15:56:14.0484 8776 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:56:14.0494 8776 AudioSrv - ok
15:56:14.0534 8776 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:56:14.0534 8776 AxInstSV - ok
15:56:14.0734 8776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:56:14.0734 8776 b06bdrv - ok
15:56:14.0794 8776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:14.0794 8776 b57nd60a - ok
15:56:14.0864 8776 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:56:14.0864 8776 BDESVC - ok
15:56:14.0874 8776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:56:14.0874 8776 Beep - ok
15:56:14.0964 8776 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:56:14.0974 8776 BFE - ok
15:56:15.0064 8776 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:56:15.0074 8776 BITS - ok
15:56:15.0134 8776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:15.0134 8776 blbdrive - ok
15:56:15.0234 8776 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:56:15.0234 8776 Bonjour Service - ok
15:56:15.0304 8776 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:56:15.0314 8776 bowser - ok
15:56:15.0354 8776 bpenum (597fffac47605337b1c719b4975238f0) C:\Windows\system32\DRIVERS\bpenum.sys
15:56:15.0354 8776 bpenum - ok
15:56:15.0404 8776 bpmp (f66c6ad105ef5a899207f4907366e2e2) C:\Windows\system32\DRIVERS\bpmp.sys
15:56:15.0404 8776 bpmp - ok
15:56:15.0434 8776 bpusb (ae6751f004dfebe0a7548265ccf432ce) C:\Windows\system32\Drivers\bpusb.sys
15:56:15.0434 8776 bpusb - ok
15:56:15.0454 8776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:56:15.0454 8776 BrFiltLo - ok
15:56:15.0484 8776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:56:15.0484 8776 BrFiltUp - ok
15:56:15.0524 8776 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:56:15.0524 8776 BridgeMP - ok
15:56:15.0584 8776 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:56:15.0594 8776 Browser - ok
15:56:15.0634 8776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:56:15.0634 8776 Brserid - ok
15:56:15.0644 8776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:15.0644 8776 BrSerWdm - ok
15:56:15.0654 8776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:15.0654 8776 BrUsbMdm - ok
15:56:15.0664 8776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:15.0664 8776 BrUsbSer - ok
15:56:15.0724 8776 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:56:15.0724 8776 BthEnum - ok
15:56:15.0754 8776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:56:15.0754 8776 BTHMODEM - ok
15:56:15.0774 8776 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:56:15.0774 8776 BthPan - ok
15:56:15.0864 8776 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:56:15.0864 8776 BTHPORT - ok
15:56:15.0914 8776 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:56:15.0914 8776 bthserv - ok
15:56:15.0944 8776 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:56:15.0944 8776 BTHUSB - ok
15:56:15.0984 8776 catchme - ok
15:56:16.0024 8776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:56:16.0024 8776 cdfs - ok
15:56:16.0064 8776 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:56:16.0064 8776 cdrom - ok
15:56:16.0114 8776 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:56:16.0114 8776 CertPropSvc - ok
15:56:16.0134 8776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:56:16.0134 8776 circlass - ok
15:56:16.0204 8776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:56:16.0204 8776 CLFS - ok
15:56:16.0284 8776 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:16.0284 8776 clr_optimization_v2.0.50727_32 - ok
15:56:16.0344 8776 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:16.0344 8776 clr_optimization_v2.0.50727_64 - ok
15:56:16.0474 8776 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:16.0474 8776 clr_optimization_v4.0.30319_32 - ok
15:56:16.0514 8776 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:16.0514 8776 clr_optimization_v4.0.30319_64 - ok
15:56:16.0554 8776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:16.0554 8776 CmBatt - ok
15:56:16.0574 8776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:56:16.0574 8776 cmdide - ok
15:56:16.0654 8776 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:56:16.0664 8776 CNG - ok
15:56:16.0714 8776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:56:16.0714 8776 Compbatt - ok
15:56:16.0724 8776 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:56:16.0724 8776 CompositeBus - ok
15:56:16.0744 8776 COMSysApp - ok
15:56:16.0764 8776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:56:16.0764 8776 crcdisk - ok
15:56:16.0814 8776 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:56:16.0814 8776 CryptSvc - ok
15:56:16.0854 8776 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
15:56:16.0854 8776 dc3d - ok
15:56:16.0944 8776 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:56:16.0954 8776 DcomLaunch - ok
15:56:17.0004 8776 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:56:17.0004 8776 defragsvc - ok
15:56:17.0044 8776 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:56:17.0044 8776 DfsC - ok
15:56:17.0094 8776 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:56:17.0094 8776 Dhcp - ok
15:56:17.0134 8776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:56:17.0134 8776 discache - ok
15:56:17.0184 8776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:56:17.0184 8776 Disk - ok
15:56:17.0314 8776 DMAgent (fd6780d8e79a4a0037dbcb339582f091) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
15:56:17.0314 8776 DMAgent - ok
15:56:17.0374 8776 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:56:17.0374 8776 Dnscache - ok
15:56:17.0444 8776 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:56:17.0454 8776 dot3svc - ok
15:56:17.0484 8776 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:56:17.0494 8776 DPS - ok
15:56:17.0544 8776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:56:17.0544 8776 drmkaud - ok
15:56:17.0644 8776 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:56:17.0654 8776 DXGKrnl - ok
15:56:17.0674 8776 EagleX64 - ok
15:56:17.0704 8776 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:56:17.0704 8776 EapHost - ok
15:56:17.0954 8776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:56:17.0964 8776 ebdrv - ok
15:56:18.0124 8776 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:56:18.0124 8776 EFS - ok
15:56:18.0244 8776 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:56:18.0244 8776 ehRecvr - ok
15:56:18.0284 8776 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:56:18.0284 8776 ehSched - ok
15:56:18.0404 8776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:56:18.0404 8776 elxstor - ok
15:56:18.0424 8776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:56:18.0424 8776 ErrDev - ok
15:56:18.0494 8776 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:56:18.0494 8776 EventSystem - ok
15:56:18.0734 8776 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:56:18.0744 8776 EvtEng - ok
15:56:18.0934 8776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:56:18.0934 8776 exfat - ok
15:56:18.0974 8776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:56:18.0974 8776 fastfat - ok
15:56:19.0054 8776 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:56:19.0054 8776 Fax - ok
15:56:19.0084 8776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:56:19.0094 8776 fdc - ok
15:56:19.0124 8776 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:56:19.0124 8776 fdPHost - ok
15:56:19.0134 8776 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:56:19.0134 8776 FDResPub - ok
15:56:19.0174 8776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:56:19.0174 8776 FileInfo - ok
15:56:19.0194 8776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:56:19.0194 8776 Filetrace - ok
15:56:19.0214 8776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:56:19.0214 8776 flpydisk - ok
15:56:19.0255 8776 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:56:19.0265 8776 FltMgr - ok
15:56:19.0395 8776 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:56:19.0395 8776 FontCache - ok
15:56:19.0475 8776 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:56:19.0475 8776 FontCache3.0.0.0 - ok
15:56:19.0515 8776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:56:19.0515 8776 FsDepends - ok
15:56:19.0565 8776 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:56:19.0565 8776 fssfltr - ok
15:56:19.0795 8776 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:56:19.0805 8776 fsssvc - ok
15:56:19.0955 8776 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:56:19.0955 8776 Fs_Rec - ok
15:56:20.0015 8776 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:56:20.0015 8776 fvevol - ok
15:56:20.0055 8776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:56:20.0055 8776 gagp30kx - ok
15:56:20.0085 8776 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:56:20.0095 8776 GEARAspiWDM - ok
15:56:20.0185 8776 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:56:20.0185 8776 gpsvc - ok
15:56:20.0225 8776 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:56:20.0225 8776 hamachi - ok
15:56:20.0475 8776 Hamachi2Svc (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:56:20.0485 8776 Hamachi2Svc - ok
15:56:20.0655 8776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:56:20.0655 8776 hcw85cir - ok
15:56:20.0705 8776 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:56:20.0715 8776 HdAudAddService - ok
15:56:20.0775 8776 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:56:20.0775 8776 HDAudBus - ok
15:56:20.0775 8776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:56:20.0775 8776 HidBatt - ok
15:56:20.0795 8776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:56:20.0805 8776 HidBth - ok
15:56:20.0815 8776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:56:20.0815 8776 HidIr - ok
15:56:20.0845 8776 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:56:20.0845 8776 hidserv - ok
15:56:20.0875 8776 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:56:20.0875 8776 HidUsb - ok
15:56:20.0915 8776 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:56:20.0915 8776 hkmsvc - ok
15:56:20.0955 8776 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:56:20.0965 8776 HomeGroupListener - ok
15:56:21.0015 8776 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:56:21.0015 8776 HomeGroupProvider - ok
15:56:21.0055 8776 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:56:21.0055 8776 HpSAMD - ok
15:56:21.0145 8776 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:56:21.0145 8776 HTTP - ok
15:56:21.0195 8776 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:56:21.0195 8776 hwpolicy - ok
15:56:21.0225 8776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:56:21.0225 8776 i8042prt - ok
15:56:21.0295 8776 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
15:56:21.0295 8776 iaStor - ok
15:56:21.0365 8776 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:56:21.0365 8776 iaStorV - ok
15:56:21.0535 8776 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:56:21.0545 8776 idsvc - ok
15:56:22.0255 8776 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:56:22.0315 8776 igfx - ok
15:56:22.0605 8776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:56:22.0605 8776 iirsp - ok
15:56:22.0915 8776 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:56:22.0915 8776 IKEEXT - ok
15:56:22.0975 8776 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
15:56:22.0975 8776 intaud_WaveExtensible - ok
15:56:23.0215 8776 IntcAzAudAddService (7d24e44761ee029680bd8da23fab8fb4) C:\Windows\system32\drivers\RTKVHD64.sys
15:56:23.0225 8776 IntcAzAudAddService - ok
15:56:23.0525 8776 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:56:23.0525 8776 IntcDAud - ok
15:56:23.0555 8776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:56:23.0555 8776 intelide - ok
15:56:23.0585 8776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:56:23.0585 8776 intelppm - ok
15:56:23.0625 8776 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:56:23.0625 8776 IPBusEnum - ok
15:56:23.0665 8776 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:23.0665 8776 IpFilterDriver - ok
15:56:23.0745 8776 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:56:23.0745 8776 iphlpsvc - ok
15:56:23.0775 8776 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:56:23.0775 8776 IPMIDRV - ok
15:56:23.0795 8776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:56:23.0795 8776 IPNAT - ok
15:56:23.0945 8776 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
15:56:23.0945 8776 iPod Service - ok
15:56:23.0995 8776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:56:23.0995 8776 IRENUM - ok
15:56:24.0015 8776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:56:24.0015 8776 isapnp - ok
15:56:24.0055 8776 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:56:24.0065 8776 iScsiPrt - ok
15:56:24.0095 8776 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
15:56:24.0095 8776 iwdbus - ok
15:56:24.0125 8776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:24.0125 8776 kbdclass - ok
15:56:24.0165 8776 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:24.0165 8776 kbdhid - ok
15:56:24.0195 8776 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:56:24.0195 8776 kbfiltr - ok
15:56:24.0245 8776 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:24.0245 8776 KeyIso - ok
15:56:24.0265 8776 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:56:24.0265 8776 KSecDD - ok
15:56:24.0295 8776 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:56:24.0295 8776 KSecPkg - ok
15:56:24.0325 8776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:56:24.0325 8776 ksthunk - ok
15:56:24.0375 8776 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:56:24.0385 8776 KtmRm - ok
15:56:24.0435 8776 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:56:24.0435 8776 L1C - ok
15:56:24.0515 8776 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:56:24.0525 8776 LanmanServer - ok
15:56:24.0585 8776 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:56:24.0585 8776 LanmanWorkstation - ok
15:56:24.0645 8776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:56:24.0645 8776 lltdio - ok
15:56:24.0705 8776 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:56:24.0705 8776 lltdsvc - ok
15:56:24.0735 8776 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:56:24.0735 8776 lmhosts - ok
15:56:24.0865 8776 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:56:24.0865 8776 LMS - ok
15:56:24.0935 8776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:56:24.0935 8776 LSI_FC - ok
15:56:24.0975 8776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:56:24.0975 8776 LSI_SAS - ok
15:56:25.0015 8776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:56:25.0015 8776 LSI_SAS2 - ok
15:56:25.0065 8776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:56:25.0065 8776 LSI_SCSI - ok
15:56:25.0115 8776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:56:25.0115 8776 luafv - ok
15:56:25.0195 8776 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:56:25.0195 8776 MBAMProtector - ok
15:56:25.0305 8776 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:56:25.0315 8776 MBAMService - ok
15:56:25.0345 8776 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:56:25.0345 8776 Mcx2Svc - ok
15:56:25.0365 8776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:56:25.0365 8776 megasas - ok
15:56:25.0425 8776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:56:25.0435 8776 MegaSR - ok
15:56:25.0465 8776 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:56:25.0465 8776 MEIx64 - ok
15:56:25.0535 8776 Microsoft SharePoint Workspace Audit Service - ok
15:56:25.0575 8776 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:56:25.0575 8776 MMCSS - ok
15:56:25.0585 8776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:56:25.0585 8776 Modem - ok
15:56:25.0625 8776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:56:25.0625 8776 monitor - ok
15:56:25.0655 8776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:56:25.0655 8776 mouclass - ok
15:56:25.0715 8776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:56:25.0715 8776 mouhid - ok
15:56:25.0745 8776 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:56:25.0745 8776 mountmgr - ok
15:56:25.0775 8776 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:56:25.0775 8776 mpio - ok
15:56:25.0795 8776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:56:25.0795 8776 mpsdrv - ok
15:56:25.0895 8776 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:56:25.0895 8776 MpsSvc - ok
15:56:25.0945 8776 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:56:25.0945 8776 MRxDAV - ok
15:56:25.0985 8776 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:25.0985 8776 mrxsmb - ok
15:56:26.0065 8776 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:26.0065 8776 mrxsmb10 - ok
15:56:26.0105 8776 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:26.0105 8776 mrxsmb20 - ok
15:56:26.0135 8776 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:56:26.0135 8776 msahci - ok
15:56:26.0165 8776 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:56:26.0165 8776 msdsm - ok
15:56:26.0205 8776 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:56:26.0205 8776 MSDTC - ok
15:56:26.0225 8776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:56:26.0225 8776 Msfs - ok
15:56:26.0265 8776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:56:26.0265 8776 mshidkmdf - ok
15:56:26.0285 8776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:56:26.0285 8776 msisadrv - ok
15:56:26.0335 8776 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:56:26.0335 8776 MSiSCSI - ok
15:56:26.0335 8776 msiserver - ok
15:56:26.0375 8776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:56:26.0375 8776 MSKSSRV - ok
15:56:26.0375 8776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:26.0375 8776 MSPCLOCK - ok
15:56:26.0385 8776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:56:26.0385 8776 MSPQM - ok
15:56:26.0445 8776 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:56:26.0445 8776 MsRPC - ok
15:56:26.0485 8776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:56:26.0485 8776 mssmbios - ok
15:56:26.0505 8776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:56:26.0505 8776 MSTEE - ok
15:56:26.0505 8776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:56:26.0505 8776 MTConfig - ok
15:56:26.0525 8776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:56:26.0525 8776 Mup - ok
15:56:26.0625 8776 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:56:26.0625 8776 MyWiFiDHCPDNS - ok
15:56:26.0705 8776 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:56:26.0705 8776 napagent - ok
15:56:26.0795 8776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:56:26.0805 8776 NativeWifiP - ok
15:56:26.0965 8776 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:56:26.0965 8776 NDIS - ok
15:56:27.0025 8776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:56:27.0025 8776 NdisCap - ok
15:56:27.0055 8776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:27.0055 8776 NdisTapi - ok
15:56:27.0075 8776 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:27.0075 8776 Ndisuio - ok
15:56:27.0105 8776 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:27.0105 8776 NdisWan - ok
15:56:27.0135 8776 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:56:27.0135 8776 NDProxy - ok
15:56:27.0145 8776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:56:27.0145 8776 NetBIOS - ok
15:56:27.0175 8776 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:56:27.0185 8776 NetBT - ok
15:56:27.0225 8776 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:27.0225 8776 Netlogon - ok
15:56:27.0285 8776 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:56:27.0285 8776 Netman - ok
15:56:27.0405 8776 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:27.0405 8776 NetMsmqActivator - ok
15:56:27.0415 8776 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:27.0415 8776 NetPipeActivator - ok
15:56:27.0475 8776 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:56:27.0485 8776 netprofm - ok
15:56:27.0505 8776 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:27.0505 8776 NetTcpActivator - ok
15:56:27.0505 8776 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:27.0505 8776 NetTcpPortSharing - ok
15:56:28.0055 8776 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:56:28.0085 8776 NETwNs64 - ok
15:56:28.0235 8776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:56:28.0235 8776 nfrd960 - ok
15:56:28.0306 8776 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:56:28.0306 8776 NlaSvc - ok
15:56:28.0336 8776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:56:28.0336 8776 Npfs - ok
15:56:28.0346 8776 npggsvc - ok
15:56:28.0346 8776 NPPTNT2 - ok
15:56:28.0366 8776 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:56:28.0366 8776 nsi - ok
15:56:28.0376 8776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:56:28.0376 8776 nsiproxy - ok
15:56:28.0526 8776 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:56:28.0536 8776 Ntfs - ok
15:56:28.0706 8776 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:56:28.0706 8776 NuidFltr - ok
15:56:28.0726 8776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:56:28.0726 8776 Null - ok
15:56:28.0776 8776 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:56:28.0776 8776 nvraid - ok
15:56:28.0826 8776 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:56:28.0826 8776 nvstor - ok
15:56:28.0866 8776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:56:28.0866 8776 nv_agp - ok
15:56:28.0886 8776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:56:28.0886 8776 ohci1394 - ok
15:56:28.0996 8776 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:28.0996 8776 ose - ok
15:56:29.0376 8776 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:56:29.0396 8776 osppsvc - ok
15:56:29.0556 8776 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:56:29.0556 8776 p2pimsvc - ok
15:56:29.0646 8776 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:56:29.0646 8776 p2psvc - ok
15:56:29.0706 8776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:56:29.0706 8776 Parport - ok
15:56:29.0756 8776 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:56:29.0756 8776 partmgr - ok
15:56:29.0796 8776 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:56:29.0796 8776 PcaSvc - ok
15:56:29.0856 8776 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:56:29.0866 8776 pci - ok
15:56:29.0886 8776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:56:29.0886 8776 pciide - ok
15:56:29.0926 8776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:56:29.0926 8776 pcmcia - ok
15:56:29.0956 8776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:56:29.0956 8776 pcw - ok
15:56:30.0026 8776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:56:30.0026 8776 PEAUTH - ok
15:56:30.0146 8776 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:56:30.0146 8776 PerfHost - ok
15:56:30.0356 8776 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:56:30.0366 8776 pla - ok
15:56:30.0446 8776 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:56:30.0446 8776 PlugPlay - ok
15:56:30.0506 8776 PnkBstrA - ok
15:56:30.0516 8776 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:56:30.0516 8776 PNRPAutoReg - ok
15:56:30.0556 8776 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:56:30.0566 8776 PNRPsvc - ok
15:56:30.0636 8776 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:56:30.0636 8776 Point64 - ok
15:56:30.0716 8776 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:56:30.0716 8776 PolicyAgent - ok
15:56:30.0766 8776 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:56:30.0766 8776 Power - ok
15:56:30.0826 8776 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:56:30.0826 8776 PptpMiniport - ok
15:56:30.0946 8776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:56:30.0946 8776 Processor - ok
15:56:30.0986 8776 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:56:30.0986 8776 ProfSvc - ok
15:56:31.0036 8776 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:31.0036 8776 ProtectedStorage - ok
15:56:31.0066 8776 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:56:31.0066 8776 Psched - ok
15:56:31.0226 8776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:56:31.0236 8776 ql2300 - ok
15:56:31.0379 8776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:56:31.0379 8776 ql40xx - ok
15:56:31.0431 8776 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:56:31.0433 8776 QWAVE - ok
15:56:31.0440 8776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:56:31.0440 8776 QWAVEdrv - ok
15:56:31.0449 8776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:56:31.0449 8776 RasAcd - ok
15:56:31.0492 8776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:56:31.0493 8776 RasAgileVpn - ok
15:56:31.0517 8776 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:56:31.0518 8776 RasAuto - ok
15:56:31.0545 8776 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:31.0546 8776 Rasl2tp - ok
15:56:31.0583 8776 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:56:31.0585 8776 RasMan - ok
15:56:31.0625 8776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:31.0625 8776 RasPppoe - ok
15:56:31.0644 8776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:56:31.0645 8776 RasSstp - ok
15:56:31.0682 8776 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:56:31.0684 8776 rdbss - ok
15:56:31.0699 8776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:56:31.0700 8776 rdpbus - ok
15:56:31.0732 8776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:31.0732 8776 RDPCDD - ok
15:56:31.0746 8776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:56:31.0746 8776 RDPENCDD - ok
15:56:31.0764 8776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:56:31.0765 8776 RDPREFMP - ok
15:56:31.0817 8776 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:56:31.0818 8776 RDPWD - ok
15:56:31.0891 8776 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:56:31.0892 8776 rdyboost - ok
15:56:32.0045 8776 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:56:32.0049 8776 RegSrvc - ok
15:56:32.0111 8776 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:56:32.0112 8776 RemoteAccess - ok
15:56:32.0155 8776 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:56:32.0157 8776 RemoteRegistry - ok
15:56:32.0260 8776 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:56:32.0261 8776 RFCOMM - ok
15:56:32.0283 8776 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:56:32.0285 8776 RpcEptMapper - ok
15:56:32.0296 8776 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:56:32.0297 8776 RpcLocator - ok
15:56:32.0359 8776 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:56:32.0362 8776 RpcSs - ok
15:56:32.0418 8776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:56:32.0419 8776 rspndr - ok
15:56:32.0451 8776 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:32.0452 8776 SamSs - ok
15:56:32.0476 8776 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:56:32.0477 8776 sbp2port - ok
15:56:32.0506 8776 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:56:32.0508 8776 SCardSvr - ok
15:56:32.0559 8776 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:56:32.0560 8776 scfilter - ok
15:56:32.0653 8776 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:56:32.0659 8776 Schedule - ok
15:56:32.0738 8776 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:56:32.0739 8776 SCPolicySvc - ok
15:56:32.0789 8776 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
15:56:32.0789 8776 ScreamBAudioSvc - ok
15:56:32.0819 8776 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:56:32.0821 8776 SDRSVC - ok
15:56:32.0885 8776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:56:32.0886 8776 secdrv - ok
15:56:32.0897 8776 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:56:32.0898 8776 seclogon - ok
15:56:32.0913 8776 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:56:32.0915 8776 SENS - ok
15:56:32.0931 8776 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:56:32.0933 8776 SensrSvc - ok
15:56:32.0956 8776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:56:32.0956 8776 Serenum - ok
15:56:32.0985 8776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:56:32.0986 8776 Serial - ok
15:56:32.0991 8776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:56:32.0991 8776 sermouse - ok
15:56:33.0080 8776 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:56:33.0081 8776 SessionEnv - ok
15:56:33.0084 8776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:56:33.0085 8776 sffdisk - ok
15:56:33.0089 8776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:56:33.0089 8776 sffp_mmc - ok
15:56:33.0128 8776 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:56:33.0128 8776 sffp_sd - ok
15:56:33.0148 8776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:56:33.0148 8776 sfloppy - ok
15:56:33.0218 8776 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:56:33.0228 8776 SharedAccess - ok
15:56:33.0308 8776 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:56:33.0308 8776 ShellHWDetection - ok
15:56:33.0328 8776 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:56:33.0338 8776 SiSGbeLH - ok
15:56:33.0358 8776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:56:33.0358 8776 SiSRaid2 - ok
15:56:33.0378 8776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:56:33.0378 8776 SiSRaid4 - ok
15:56:33.0418 8776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:56:33.0418 8776 Smb - ok
15:56:33.0468 8776 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:56:33.0468 8776 SNMPTRAP - ok
15:56:33.0478 8776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:56:33.0478 8776 spldr - ok
15:56:33.0538 8776 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:56:33.0548 8776 Spooler - ok
15:56:33.0778 8776 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:56:33.0788 8776 sppsvc - ok
15:56:33.0918 8776 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:56:33.0918 8776 sppuinotify - ok
15:56:34.0008 8776 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:56:34.0008 8776 srv - ok
15:56:34.0059 8776 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:56:34.0061 8776 srv2 - ok
15:56:34.0092 8776 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:56:34.0093 8776 srvnet - ok
15:56:34.0133 8776 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:56:34.0135 8776 SSDPSRV - ok
15:56:34.0154 8776 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:56:34.0155 8776 SstpSvc - ok
15:56:34.0294 8776 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
15:56:34.0296 8776 StarWindServiceAE - ok
15:56:34.0319 8776 Steam Client Service - ok
15:56:34.0353 8776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:56:34.0353 8776 stexstor - ok
15:56:34.0443 8776 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:56:34.0447 8776 stisvc - ok
15:56:34.0457 8776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:56:34.0457 8776 swenum - ok
15:56:34.0525 8776 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:56:34.0529 8776 swprv - ok
15:56:34.0675 8776 SynTP (f0d7c68cda9784689caa72c17af393b2) C:\Windows\system32\DRIVERS\SynTP.sys
15:56:34.0682 8776 SynTP - ok
15:56:35.0079 8776 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:56:35.0089 8776 SysMain - ok
15:56:35.0339 8776 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:56:35.0339 8776 TabletInputService - ok
15:56:35.0389 8776 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:56:35.0389 8776 TapiSrv - ok
15:56:35.0409 8776 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:56:35.0409 8776 TBS - ok
15:56:35.0639 8776 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:56:35.0649 8776 Tcpip - ok
15:56:36.0179 8776 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:56:36.0189 8776 TCPIP6 - ok
15:56:36.0549 8776 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:56:36.0549 8776 tcpipreg - ok
15:56:36.0579 8776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:56:36.0579 8776 TDPIPE - ok
15:56:36.0609 8776 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:56:36.0609 8776 TDTCP - ok
15:56:36.0639 8776 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:56:36.0639 8776 tdx - ok
15:56:36.0669 8776 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:56:36.0669 8776 TermDD - ok
15:56:36.0769 8776 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:56:36.0779 8776 TermService - ok
15:56:36.0819 8776 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:56:36.0819 8776 Themes - ok
15:56:36.0859 8776 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:56:36.0859 8776 THREADORDER - ok
15:56:36.0889 8776 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:56:36.0889 8776 TrkWks - ok
15:56:36.0949 8776 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:56:36.0949 8776 TrustedInstaller - ok
15:56:36.0979 8776 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:56:36.0979 8776 tssecsrv - ok
15:56:37.0019 8776 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:56:37.0019 8776 TsUsbFlt - ok
15:56:37.0029 8776 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:56:37.0039 8776 TsUsbGD - ok
15:56:37.0059 8776 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:56:37.0059 8776 tunnel - ok
15:56:37.0099 8776 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
15:56:37.0099 8776 TurboB - ok
15:56:37.0179 8776 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:56:37.0179 8776 TurboBoost - ok
15:56:37.0219 8776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:56:37.0219 8776 uagp35 - ok
15:56:37.0269 8776 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:56:37.0269 8776 udfs - ok
15:56:37.0309 8776 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:56:37.0309 8776 UI0Detect - ok
15:56:37.0339 8776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:56:37.0339 8776 uliagpkx - ok
15:56:37.0369 8776 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:56:37.0369 8776 umbus - ok
15:56:37.0399 8776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:56:37.0399 8776 UmPass - ok
15:56:37.0689 8776 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:56:37.0699 8776 UNS - ok
15:56:37.0759 8776 UnsignedThemes (8f387a1cc015a3f5020700c657a0fc85) C:\Windows\UnsignedThemesSvc.exe
15:56:37.0759 8776 UnsignedThemes - ok
15:56:37.0913 8776 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:56:37.0915 8776 upnphost - ok
15:56:37.0986 8776 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:56:37.0987 8776 USBAAPL64 - ok
15:56:38.0033 8776 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:56:38.0034 8776 usbccgp - ok
15:56:38.0076 8776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:56:38.0077 8776 usbcir - ok
15:56:38.0096 8776 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:56:38.0097 8776 usbehci - ok
15:56:38.0140 8776 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:56:38.0142 8776 usbhub - ok
15:56:38.0165 8776 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:56:38.0166 8776 usbohci - ok
15:56:38.0195 8776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:56:38.0195 8776 usbprint - ok
15:56:38.0231 8776 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:56:38.0232 8776 USBSTOR - ok
15:56:38.0245 8776 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:56:38.0246 8776 usbuhci - ok
15:56:38.0293 8776 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:56:38.0294 8776 usbvideo - ok
15:56:38.0359 8776 uxpatch (297ee9c666fc8bb96a232db0ddba1e49) C:\Windows\system32\drivers\uxpatch.sys
15:56:38.0359 8776 uxpatch - ok
15:56:38.0389 8776 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:56:38.0390 8776 UxSms - ok
15:56:38.0429 8776 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:56:38.0430 8776 VaultSvc - ok
15:56:38.0448 8776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:56:38.0448 8776 vdrvroot - ok
15:56:38.0507 8776 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:56:38.0511 8776 vds - ok
15:56:38.0556 8776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:56:38.0556 8776 vga - ok
15:56:38.0569 8776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:56:38.0569 8776 VgaSave - ok
15:56:38.0589 8776 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:56:38.0591 8776 vhdmp - ok
15:56:38.0594 8776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:56:38.0595 8776 viaide - ok
15:56:38.0629 8776 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:56:38.0629 8776 volmgr - ok
15:56:38.0684 8776 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:56:38.0686 8776 volmgrx - ok
15:56:38.0730 8776 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:56:38.0732 8776 volsnap - ok
15:56:38.0783 8776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:56:38.0784 8776 vsmraid - ok
15:56:38.0979 8776 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:56:38.0987 8776 VSS - ok
15:56:39.0210 8776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:56:39.0210 8776 vwifibus - ok
15:56:39.0225 8776 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:56:39.0226 8776 vwififlt - ok
15:56:39.0237 8776 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:56:39.0238 8776 vwifimp - ok
15:56:39.0294 8776 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:56:39.0297 8776 W32Time - ok
15:56:39.0332 8776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:56:39.0332 8776 WacomPen - ok
15:56:39.0372 8776 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:39.0372 8776 WANARP - ok
15:56:39.0382 8776 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:39.0382 8776 Wanarpv6 - ok
15:56:39.0542 8776 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:56:39.0552 8776 WatAdminSvc - ok
15:56:39.0718 8776 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:56:39.0726 8776 wbengine - ok
15:56:39.0893 8776 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:56:39.0897 8776 WbioSrvc - ok
15:56:39.0955 8776 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:56:39.0959 8776 wcncsvc - ok
15:56:39.0981 8776 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:56:39.0983 8776 WcsPlugInService - ok
15:56:40.0030 8776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:56:40.0031 8776 Wd - ok
15:56:40.0091 8776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:56:40.0095 8776 Wdf01000 - ok
15:56:40.0139 8776 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:56:40.0140 8776 WdiServiceHost - ok
15:56:40.0143 8776 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:56:40.0146 8776 WdiSystemHost - ok
15:56:40.0179 8776 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
15:56:40.0180 8776 wdkmd - ok
15:56:40.0212 8776 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:56:40.0215 8776 WebClient - ok
15:56:40.0284 8776 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:56:40.0287 8776 Wecsvc - ok
15:56:40.0306 8776 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:56:40.0307 8776 wercplsupport - ok
15:56:40.0340 8776 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:56:40.0342 8776 WerSvc - ok
15:56:40.0388 8776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:56:40.0388 8776 WfpLwf - ok
15:56:40.0556 8776 WiMAXAppSrv (49f06c7d5517de53d848f38b9ae86a7c) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
15:56:40.0560 8776 WiMAXAppSrv - ok
15:56:40.0586 8776 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:56:40.0587 8776 WimFltr - ok
15:56:40.0607 8776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:56:40.0608 8776 WIMMount - ok
15:56:40.0660 8776 WinDefend - ok
15:56:40.0666 8776 WinHttpAutoProxySvc - ok
15:56:40.0754 8776 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:56:40.0756 8776 Winmgmt - ok
15:56:40.0939 8776 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:56:40.0950 8776 WinRM - ok
15:56:41.0138 8776 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:56:41.0138 8776 WinUsb - ok
15:56:41.0237 8776 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:56:41.0243 8776 Wlansvc - ok
15:56:41.0345 8776 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:56:41.0346 8776 wlcrasvc - ok
15:56:41.0545 8776 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:56:41.0556 8776 wlidsvc - ok
15:56:41.0677 8776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:56:41.0677 8776 WmiAcpi - ok
15:56:41.0747 8776 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:56:41.0757 8776 wmiApSrv - ok
15:56:41.0847 8776 WMPNetworkSvc - ok
15:56:41.0877 8776 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:56:41.0877 8776 WPCSvc - ok
15:56:41.0897 8776 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:56:41.0907 8776 WPDBusEnum - ok
15:56:41.0917 8776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:56:41.0917 8776 ws2ifsl - ok
15:56:41.0937 8776 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:56:41.0937 8776 wscsvc - ok
15:56:41.0947 8776 WSearch - ok
15:56:42.0167 8776 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:56:42.0177 8776 wuauserv - ok
15:56:42.0337 8776 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:56:42.0337 8776 WudfPf - ok
15:56:42.0377 8776 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:42.0377 8776 WUDFRd - ok
15:56:42.0407 8776 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:56:42.0407 8776 wudfsvc - ok
15:56:42.0447 8776 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:56:42.0457 8776 WwanSvc - ok
15:56:42.0547 8776 X6va005 - ok
15:56:42.0597 8776 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:56:42.0987 8776 \Device\Harddisk0\DR0 - ok
15:56:42.0987 8776 Boot (0x1200) (703e02317361aba11724fc24db7a8742) \Device\Harddisk0\DR0\Partition0
15:56:42.0987 8776 \Device\Harddisk0\DR0\Partition0 - ok
15:56:42.0987 8776 ============================================================
15:56:42.0987 8776 Scan finished
15:56:42.0987 8776 ============================================================
15:56:42.0997 8680 Detected object count: 0
15:56:42.0997 8680 Actual detected object count: 0



and here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 15:58:37
-----------------------------
15:58:37.546 OS Version: Windows x64 6.1.7601 Service Pack 1
15:58:37.546 Number of processors: 4 586 0x2A07
15:58:37.547 ComputerName: COMPUTER_NAME UserName: General
15:58:39.069 Initialize success
15:59:21.736 AVAST engine defs: 12051800
15:59:53.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:59:53.865 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
15:59:53.882 Disk 0 MBR read successfully
15:59:53.888 Disk 0 MBR scan
15:59:53.893 Disk 0 Windows 7 default MBR code
15:59:53.895 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
15:59:53.910 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 584878 MB offset 52430848
15:59:53.930 Disk 0 scanning C:\Windows\system32\drivers
16:00:02.052 Service scanning
16:00:25.470 Modules scanning
16:00:25.470 Disk 0 trace - called modules:
16:00:25.850 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:00:25.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ec1060]
16:00:25.860 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> [0xfffffa8006c3ae40]
16:00:25.860 5 ACPI.sys[fffff88000f4e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006c3e050]
16:00:28.071 AVAST engine scan C:\Windows
16:00:31.798 AVAST engine scan C:\Windows\system32
16:00:39.024 File: C:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
16:03:36.400 File: C:\Windows\assembly\tmp\6JDWMQTO\policy.1.0.cli_ure.dll **SUSPICIOUS**
16:03:36.423 File: C:\Windows\assembly\tmp\7UAV2HAX\cli_basetypes.dll **SUSPICIOUS**
16:03:36.454 File: C:\Windows\assembly\tmp\9AAF9C1U\policy.1.0.cli_uretypes.dll **SUSPICIOUS**
16:03:36.475 File: C:\Windows\assembly\tmp\A4HJYJKH\policy.1.0.cli_basetypes.dll **SUSPICIOUS**
16:03:36.490 File: C:\Windows\assembly\tmp\A4HJYJKH\ZT1OXXL8 **SUSPICIOUS**
16:03:36.511 File: C:\Windows\assembly\tmp\B2OMWJY9\policy.1.0.cli_ure.dll **SUSPICIOUS**
16:03:36.530 File: C:\Windows\assembly\tmp\EEMZGAHB\policy.1.0.cli_uretypes.dll **SUSPICIOUS**
16:03:36.562 File: C:\Windows\assembly\tmp\IJ8MXUKJ\cli_uretypes.dll **SUSPICIOUS**
16:03:36.600 File: C:\Windows\assembly\tmp\OLXZ6T0G\cli_ure.dll **SUSPICIOUS**
16:03:36.638 File: C:\Windows\assembly\tmp\T6L567S8\cli_ure.dll **SUSPICIOUS**
16:03:36.669 File: C:\Windows\assembly\tmp\TILJLIV7\cli_basetypes.dll **SUSPICIOUS**
16:03:36.706 File: C:\Windows\assembly\tmp\UIIWME71\cli_uretypes.dll **SUSPICIOUS**
16:03:36.744 File: C:\Windows\assembly\tmp\X8OOQCL2\policy.1.0.cli_basetypes.dll **SUSPICIOUS**
16:03:36.756 File: C:\Windows\assembly\tmp\X8OOQCL2\ROZH0JRV **SUSPICIOUS**
16:03:38.190 AVAST engine scan C:\Windows\system32\drivers
16:03:49.120 AVAST engine scan C:\Users\General
16:05:14.637 Disk 0 MBR has been saved successfully to "C:\Users\General\Desktop\MBR.dat"
16:05:14.637 The log file has been saved successfully to "C:\Users\General\Desktop\aswMBR.txt"



thanks again

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:28 PM

Posted 18 May 2012 - 04:57 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Delphy

Delphy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 18 May 2012 - 07:43 PM

here is the FRST64 log:

Scan result of Farbar Recovery Scan Tool Version: 18-05-2012 02
Ran by SYSTEM at 18-05-2012 20:37:18
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2207848 2011-03-20] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1605632 2010-11-14] (Intelョ Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [369 2012-05-18] ()
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1955208 2011-08-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2011-12-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\General\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\General\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\General\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-08-12] (Siber Systems)
HKU\General\...\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized [38704 2012-05-10] (NCSoft)
HKU\General\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\General\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22465104 2012-02-07] (ooVoo LLC)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 DMAgent; "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe" [499200 2010-11-07] (Red Bend Ltd.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
3 npggsvc; C:\Windows\SysWow64\GameMon.des -service [3804120 2011-08-07] (INCA Internet Co., Ltd.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-09-29] ()
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)
2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [869376 2010-11-07] (Intel® Corporation)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 asmthub3; C:\Windows\System32\Drivers\asmthub3.sys [125416 2011-01-27] (ASMedia Technology Inc)
3 asmtxhci; C:\Windows\System32\Drivers\asmtxhci.sys [385512 2011-01-27] (ASMedia Technology Inc)
0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
3 bpenum; C:\Windows\System32\Drivers\bpenum.sys [75264 2010-10-25] (Intel Corporation)
3 bpmp; C:\Windows\System32\Drivers\bpmp.sys [173568 2010-10-25] (Intel Corporation)
3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [81408 2010-10-25] (Intel Corporation)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12306848 2011-08-31] (Intel Corporation)
3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [34200 2011-03-24] (Intel Corporation)
3 iwdbus; C:\Windows\System32\Drivers\iwdbus.sys [25496 2011-03-24] (Intel Corporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8593920 2011-05-01] (Intel Corporation)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45416 2011-08-01] (Microsoft Corporation)
3 ScreamBAudioSvc; C:\Windows\System32\drivers\ScreamingBAudio64.sys [38992 2010-07-01] (Screaming Bee LLC)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] ()
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [42392 2011-03-24] (Intel Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va005; \??\C:\Users\General\AppData\Local\Temp\00527BA.tmp [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-18 14:24 - 2012-05-18 14:24 - 1392839 ____A C:\Users\General\Downloads\FRST64.exe
2012-05-18 13:19 - 2012-05-18 13:20 - 0000000 ____D C:\Users\General\AppData\Roaming\ooVoo Details
2012-05-18 13:19 - 2012-05-18 13:19 - 0001859 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-05-18 13:19 - 2012-05-18 13:19 - 0000000 ____D C:\Program Files (x86)\ooVoo
2012-05-18 13:18 - 2012-05-18 13:18 - 1633360 ____A (ooVoo LLC) C:\Users\General\Downloads\ooVooSetup.exe
2012-05-18 12:15 - 2012-05-18 12:15 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-18 12:05 - 2012-05-18 12:05 - 0003184 ____A C:\Users\General\Desktop\aswMBR.txt
2012-05-18 12:05 - 2012-05-18 12:05 - 0000512 ____A C:\Users\General\Desktop\MBR.dat
2012-05-18 11:56 - 2012-05-18 13:08 - 0131948 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_15.56.08_log.txt
2012-05-18 11:56 - 2012-05-18 11:56 - 4731392 ____A (AVAST Software) C:\Users\General\Downloads\aswMBR.exe
2012-05-18 11:27 - 2012-05-18 11:27 - 0022109 ____A C:\ComboFix.txt
2012-05-18 11:14 - 2012-05-18 11:14 - 0879714 ____A C:\Users\General\Downloads\SecurityCheck.exe
2012-05-18 08:56 - 2012-05-18 11:10 - 0000000 ____D C:\Program Files (x86)\Bucksbee Loyalty Plugin - Guppy Media
2012-05-18 08:56 - 2012-05-18 08:56 - 0603136 ____A C:\Users\General\Downloads\fbflicker_211749_042712222049_nn.exe
2012-05-18 08:51 - 2012-05-18 08:51 - 0556472 ____A C:\Users\General\Downloads\musicsaved_211750_042012212419_nn.exe
2012-05-17 19:24 - 2012-05-17 19:24 - 0003135 ____A C:\Users\General\Desktop\ark.txt
2012-05-17 18:40 - 2012-05-17 18:40 - 0294216 ____A C:\Users\General\Downloads\gmer.zip
2012-05-17 18:40 - 2012-05-17 18:40 - 0000000 ____D C:\Users\General\Downloads\gmer
2012-05-17 18:24 - 2012-05-17 18:24 - 0302592 ____A C:\Users\General\Downloads\093snv40.exe
2012-05-17 18:24 - 2012-05-17 18:24 - 0026647 ____A C:\Users\General\Desktop\DDS.txt
2012-05-17 18:24 - 2012-05-17 18:24 - 0007234 ____A C:\Users\General\Desktop\Attach.txt
2012-05-17 18:23 - 2012-05-17 18:23 - 0607260 ____R (Swearware) C:\Users\General\Downloads\dds.com
2012-05-17 18:21 - 2012-05-17 18:21 - 0050477 ____A C:\Users\General\Downloads\Defogger.exe
2012-05-17 18:21 - 2012-05-17 18:21 - 0000544 ____A C:\Users\General\Downloads\defogger_disable.log
2012-05-17 18:21 - 2012-05-17 18:21 - 0000196 ____A C:\Users\General\defogger_reenable
2012-05-17 18:00 - 2012-05-17 18:00 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-17 17:58 - 2012-05-17 17:59 - 0131962 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_21.58.57_log.txt
2012-05-17 17:58 - 2012-05-17 17:58 - 2107843 ____A C:\Users\General\Downloads\tdsskiller.zip
2012-05-17 17:58 - 2012-05-17 17:58 - 0000350 ____A C:\TDSSKiller.2.7.31.0_17.05.2012_21.58.29_log.txt
2012-05-15 10:56 - 2012-05-15 10:56 - 0014205 ____A C:\Users\General\Documents\sally.docx
2012-05-15 10:21 - 2012-05-15 10:21 - 0045284 ____A C:\Users\General\Downloads\distrgradessp2012.docx
2012-05-14 17:22 - 2012-05-14 17:22 - 0001150 ____A C:\Users\General\Downloads\favicon (2).ico
2012-05-14 17:22 - 2012-05-14 17:22 - 0001150 ____A C:\Users\General\Downloads\favicon (1).ico
2012-05-14 16:32 - 2012-05-14 16:32 - 0001150 ____A C:\Users\General\Downloads\favicon.ico
2012-05-14 15:10 - 2012-05-14 15:10 - 0029184 ____A C:\Users\General\Downloads\221 Exam 3 Answer Keys Spring 2012.doc
2012-05-14 11:18 - 2012-05-14 11:18 - 0026624 ____A C:\Users\General\Downloads\221 Room Assignments Ex 3 (1).doc
2012-05-14 11:17 - 2012-05-14 11:18 - 0026624 ____A C:\Users\General\Downloads\221 Room Assignments Ex 3.doc
2012-05-14 06:02 - 2012-05-14 06:02 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 06:02 - 2012-05-14 06:02 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 13:19 - 2012-05-13 13:19 - 0000000 ____D C:\Users\General\Downloads\heghog
2012-05-13 13:18 - 2012-05-13 13:18 - 1786511 ____A C:\Users\General\Downloads\heghog.zip
2012-05-13 13:15 - 2012-05-13 13:16 - 0283806 ____A C:\Users\General\Documents\SANECHEDEGHAG.png
2012-05-13 10:41 - 2012-05-13 10:41 - 0070525 ____A C:\Users\General\Downloads\1336929447209.png
2012-05-12 13:26 - 2012-05-12 13:26 - 0159232 ____A C:\Users\General\Downloads\Sheet.docx
2012-05-12 12:24 - 2012-05-12 12:24 - 0471841 ____A C:\Users\General\Downloads\Final Exam Review Presentation.pptx
2012-05-12 06:33 - 2012-05-12 06:33 - 0212947 ____A C:\Users\General\Documents\buySAFE guarantee for headphones.png
2012-05-11 21:44 - 2012-05-11 21:44 - 0016526 ____A C:\Users\General\Downloads\1336797957277.png
2012-05-11 20:58 - 2012-05-11 20:58 - 0009762 ____A C:\Users\General\Downloads\1336736033188.jpg
2012-05-11 16:55 - 2012-05-11 16:55 - 0679192 ____A C:\Users\General\Downloads\cWsjs.jpg
2012-05-11 02:54 - 2012-05-11 02:54 - 0175662 ____A C:\Users\General\Downloads\HSID.pdf
2012-05-10 12:23 - 2012-05-10 12:23 - 0000331 ____A C:\Windows\SysWOW64\LauncherMetadata.xml
2012-05-10 10:07 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 10:07 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-10 10:07 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-10 10:07 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 10:07 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 10:07 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 10:07 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 10:07 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 23:10 - 2012-05-09 23:10 - 0146908 ____A C:\Users\General\Downloads\NeoSpeech.swf
2012-05-07 18:35 - 2012-05-07 18:35 - 0054879 ____A C:\Users\General\Downloads\ranggers.jpg
2012-05-07 17:51 - 2012-05-07 22:07 - 0019342 ____A C:\Users\General\Downloads\Extra Credit - The Difference between Health Insurance and Broccoli.docx
2012-05-06 12:07 - 2012-05-06 12:07 - 0069163 ____A C:\Users\General\Downloads\1336333518785.jpg
2012-05-05 21:00 - 2012-05-05 21:00 - 3083657 ____A C:\Users\General\Downloads\1336278407207.gif
2012-05-05 19:13 - 2012-05-05 19:13 - 0033737 ____A C:\Users\General\Downloads\1336272941838.gif
2012-05-05 19:12 - 2012-05-05 19:12 - 0933111 ____A C:\Users\General\Downloads\1336272603514.gif
2012-05-05 17:20 - 2012-05-05 17:20 - 0086512 ____A C:\Users\General\Downloads\1323028063892.jpg
2012-05-04 22:52 - 2012-05-04 22:52 - 0000341 ____A C:\Users\General\Documents\pastas.txt
2012-05-04 17:51 - 2012-05-05 07:04 - 0000000 ____D C:\Users\General\Downloads\Touhou 10.5 ~ Scarlet Weather Rhapsody
2012-05-04 17:50 - 2012-05-04 17:50 - 0014134 ____A C:\Users\General\Downloads\Doom_3_and_Resurrection_of_Evil_1_3_1_and_open_co_op_(lan_playable)-((Demonoid.me))_9783516.2644.torrent
2012-05-04 08:50 - 2012-05-04 08:50 - 0040960 ____A C:\Users\General\Downloads\221 TA Office Hours Spr 12.xls
2012-05-04 06:54 - 2012-05-04 06:54 - 0019716 ____A C:\Users\General\Downloads\formal paperblahalbha.odt
2012-05-03 10:34 - 2012-05-03 10:35 - 0131462 ____A C:\TDSSKiller.2.7.31.0_03.05.2012_14.34.12_log.txt
2012-05-03 08:43 - 2012-05-03 08:43 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-03 08:43 - 2012-05-03 08:43 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-03 08:43 - 2012-05-03 08:43 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-03 08:43 - 2012-05-03 08:43 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-03 08:42 - 2012-05-03 08:42 - 0909088 ____A (Sun Microsystems, Inc.) C:\Users\General\Downloads\chromeinstall.exe
2012-05-02 13:53 - 2012-05-02 13:54 - 0000000 ____D C:\Users\General\AppData\Local\SniperV2 Demo
2012-05-01 18:05 - 2012-05-01 18:05 - 0135063 ____A C:\Users\General\Downloads\1335923122897.gif
2012-05-01 15:59 - 2012-05-01 15:59 - 0181422 ____A C:\Users\General\Downloads\1335914950186.gif
2012-04-30 20:36 - 2012-04-30 20:36 - 0013012 ____A C:\Users\General\Documents\brazzers-logo-mem.png
2012-04-30 20:29 - 2012-04-30 20:29 - 0949095 ____A C:\Users\General\Documents\brazzers1.png
2012-04-30 17:38 - 2012-04-30 17:52 - 85950536 ____A C:\Users\General\Downloads\Mod_v._C.2.1.zip
2012-04-30 17:38 - 2012-04-30 17:44 - 18297726 ____A C:\Users\General\Downloads\Maps_v._C.2.2.zip
2012-04-30 14:47 - 2012-04-30 14:47 - 0117234 ____A C:\Users\General\Downloads\1335825878891.png
2012-04-29 17:22 - 2012-04-29 17:22 - 0000000 ____D C:\Users\General\Downloads\Overmind_v1.02
2012-04-29 11:16 - 2012-04-29 11:16 - 0001516 ____A C:\Users\General\Desktop\StarCraft II - Shortcut.lnk
2012-04-29 00:58 - 2012-04-29 00:58 - 0222868 ____A C:\Users\General\Downloads\1335671503956.png
2012-04-28 16:37 - 2012-04-28 16:37 - 0186984 ____A C:\Users\General\Downloads\1335652444827.jpg
2012-04-25 10:21 - 2012-04-25 10:21 - 0000000 ____D C:\Users\General\Downloads\The Rainy Day Sessions - staying classy (Vol. 2)
2012-04-25 10:19 - 2012-04-25 10:20 - 0000000 ____D C:\Users\General\Downloads\Hirens
2012-04-23 22:40 - 2012-04-23 22:40 - 0296388 ____A C:\Users\General\Downloads\1335247592241.jpg
2012-04-22 23:13 - 2012-05-10 12:21 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-04-22 23:12 - 2012-05-07 07:26 - 0000000 ____D C:\Users\General\AppData\Roaming\uTorrent
2012-04-22 23:09 - 2012-04-22 23:09 - 6529540 ____A C:\Users\General\Downloads\bios.7z
2012-04-22 23:07 - 2012-04-22 23:07 - 2854217 ____A C:\Users\General\Downloads\pcsx2-0.9.8-r4600-binaries.7z
2012-04-22 10:17 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-22 10:17 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-22 10:17 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-22 10:17 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-22 10:17 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-22 10:17 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-22 10:17 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-22 10:17 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-22 10:16 - 2012-05-18 11:15 - 4498597 ____R (Swearware) C:\Users\General\Downloads\ComboFix.exe
2012-04-22 10:12 - 2012-04-22 10:12 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-22 10:11 - 2012-04-22 10:12 - 0133034 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_14.11.01_log.txt
2012-04-22 10:10 - 2012-05-17 17:58 - 0000000 ____D C:\Users\General\Downloads\tdsskiller
2012-04-21 14:18 - 2012-04-21 14:18 - 0021890 ____A C:\Users\General\Downloads\kyonkundenwa.jpg
2012-04-19 14:30 - 2012-04-19 14:30 - 0482468 ____A C:\Users\General\Downloads\1334789871197.gif
2012-04-19 14:08 - 2012-04-19 14:08 - 0000000 ____D C:\Users\General\Downloads\SCP - Containment Breach v0.1.1


============ 3 Months Modified Files and Folders =============

2012-05-18 20:37 - 2012-05-18 20:37 - 0000000 ____D C:\FRST
2012-05-18 20:24 - 2011-04-11 14:49 - 0026033 ____A C:\Windows\AsFac.log
2012-05-18 20:24 - 2011-04-11 14:49 - 0004600 ____A C:\Windows\AsRecoveryHD.log
2012-05-18 20:24 - 2009-07-28 21:20 - 0000000 ____D C:\Windows\Log
2012-05-18 16:34 - 2011-07-06 00:10 - 1835891 ____A C:\Windows\WindowsUpdate.log
2012-05-18 16:34 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-18 16:34 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-18 16:33 - 2011-07-05 01:04 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-18 16:32 - 2011-08-27 17:19 - 0000000 ____D C:\Users\General\AppData\Local\LogMeIn Hamachi
2012-05-18 16:32 - 2011-07-05 00:45 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2012-05-18 16:32 - 2011-07-05 00:45 - 0000000 ___HD C:\ASUS.DAT
2012-05-18 16:32 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-18 16:32 - 2009-07-13 20:51 - 0010051 ____A C:\Windows\setupact.log
2012-05-18 16:31 - 2011-07-06 00:06 - 462274560 __ASH C:\hiberfil.sys
2012-05-18 15:23 - 2011-07-05 00:58 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000UA.job
2012-05-18 14:37 - 2009-07-13 21:13 - 0813134 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-18 14:30 - 2011-07-06 00:28 - 0002424 ____A C:\Windows\System32\AutoRunFilter.ini
2012-05-18 14:29 - 2011-07-05 00:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-18 14:29 - 2011-04-11 14:49 - 0886340 ____A C:\Windows\PFRO.log
2012-05-18 14:24 - 2012-05-18 14:24 - 1392839 ____A C:\Users\General\Downloads\FRST64.exe
2012-05-18 13:20 - 2012-05-18 13:19 - 0000000 ____D C:\Users\General\AppData\Roaming\ooVoo Details
2012-05-18 13:19 - 2012-05-18 13:19 - 0001859 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-05-18 13:19 - 2012-05-18 13:19 - 0000000 ____D C:\Program Files (x86)\ooVoo
2012-05-18 13:18 - 2012-05-18 13:18 - 1633360 ____A (ooVoo LLC) C:\Users\General\Downloads\ooVooSetup.exe
2012-05-18 13:08 - 2012-05-18 11:56 - 0131948 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_15.56.08_log.txt
2012-05-18 12:15 - 2012-05-18 12:15 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-18 12:05 - 2012-05-18 12:05 - 0003184 ____A C:\Users\General\Desktop\aswMBR.txt
2012-05-18 12:05 - 2012-05-18 12:05 - 0000512 ____A C:\Users\General\Desktop\MBR.dat
2012-05-18 11:56 - 2012-05-18 11:56 - 4731392 ____A (AVAST Software) C:\Users\General\Downloads\aswMBR.exe
2012-05-18 11:27 - 2012-05-18 11:27 - 0022109 ____A C:\ComboFix.txt
2012-05-18 11:27 - 2012-03-23 18:47 - 0000000 ____D C:\Qoobox
2012-05-18 11:25 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-18 11:15 - 2012-04-22 10:16 - 4498597 ____R (Swearware) C:\Users\General\Downloads\ComboFix.exe
2012-05-18 11:14 - 2012-05-18 11:14 - 0879714 ____A C:\Users\General\Downloads\SecurityCheck.exe
2012-05-18 11:10 - 2012-05-18 08:56 - 0000000 ____D C:\Program Files (x86)\Bucksbee Loyalty Plugin - Guppy Media
2012-05-18 11:10 - 2011-07-05 00:44 - 0000000 ____D C:\Users\General\AppData\LocalLow
2012-05-18 08:56 - 2012-05-18 08:56 - 0603136 ____A C:\Users\General\Downloads\fbflicker_211749_042712222049_nn.exe
2012-05-18 08:51 - 2012-05-18 08:51 - 0556472 ____A C:\Users\General\Downloads\musicsaved_211750_042012212419_nn.exe
2012-05-18 08:23 - 2011-07-05 00:58 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000Core.job
2012-05-17 19:24 - 2012-05-17 19:24 - 0003135 ____A C:\Users\General\Desktop\ark.txt
2012-05-17 18:40 - 2012-05-17 18:40 - 0294216 ____A C:\Users\General\Downloads\gmer.zip
2012-05-17 18:40 - 2012-05-17 18:40 - 0000000 ____D C:\Users\General\Downloads\gmer
2012-05-17 18:24 - 2012-05-17 18:24 - 0302592 ____A C:\Users\General\Downloads\093snv40.exe
2012-05-17 18:24 - 2012-05-17 18:24 - 0026647 ____A C:\Users\General\Desktop\DDS.txt
2012-05-17 18:24 - 2012-05-17 18:24 - 0007234 ____A C:\Users\General\Desktop\Attach.txt
2012-05-17 18:23 - 2012-05-17 18:23 - 0607260 ____R (Swearware) C:\Users\General\Downloads\dds.com
2012-05-17 18:21 - 2012-05-17 18:21 - 0050477 ____A C:\Users\General\Downloads\Defogger.exe
2012-05-17 18:21 - 2012-05-17 18:21 - 0000544 ____A C:\Users\General\Downloads\defogger_disable.log
2012-05-17 18:21 - 2012-05-17 18:21 - 0000196 ____A C:\Users\General\defogger_reenable
2012-05-17 18:21 - 2011-07-05 00:44 - 0000000 ____D C:\users\General
2012-05-17 18:00 - 2012-05-17 18:00 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-17 17:59 - 2012-05-17 17:58 - 0131962 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_21.58.57_log.txt
2012-05-17 17:58 - 2012-05-17 17:58 - 2107843 ____A C:\Users\General\Downloads\tdsskiller.zip
2012-05-17 17:58 - 2012-05-17 17:58 - 0000350 ____A C:\TDSSKiller.2.7.31.0_17.05.2012_21.58.29_log.txt
2012-05-17 17:58 - 2012-04-22 10:10 - 0000000 ____D C:\Users\General\Downloads\tdsskiller
2012-05-15 10:56 - 2012-05-15 10:56 - 0014205 ____A C:\Users\General\Documents\sally.docx
2012-05-15 10:21 - 2012-05-15 10:21 - 0045284 ____A C:\Users\General\Downloads\distrgradessp2012.docx
2012-05-14 17:22 - 2012-05-14 17:22 - 0001150 ____A C:\Users\General\Downloads\favicon (2).ico
2012-05-14 17:22 - 2012-05-14 17:22 - 0001150 ____A C:\Users\General\Downloads\favicon (1).ico
2012-05-14 16:32 - 2012-05-14 16:32 - 0001150 ____A C:\Users\General\Downloads\favicon.ico
2012-05-14 15:10 - 2012-05-14 15:10 - 0029184 ____A C:\Users\General\Downloads\221 Exam 3 Answer Keys Spring 2012.doc
2012-05-14 11:18 - 2012-05-14 11:18 - 0026624 ____A C:\Users\General\Downloads\221 Room Assignments Ex 3 (1).doc
2012-05-14 11:18 - 2012-05-14 11:17 - 0026624 ____A C:\Users\General\Downloads\221 Room Assignments Ex 3.doc
2012-05-14 06:02 - 2012-05-14 06:02 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 06:02 - 2012-05-14 06:02 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 13:19 - 2012-05-13 13:19 - 0000000 ____D C:\Users\General\Downloads\heghog
2012-05-13 13:18 - 2012-05-13 13:18 - 1786511 ____A C:\Users\General\Downloads\heghog.zip
2012-05-13 13:16 - 2012-05-13 13:15 - 0283806 ____A C:\Users\General\Documents\SANECHEDEGHAG.png
2012-05-13 10:41 - 2012-05-13 10:41 - 0070525 ____A C:\Users\General\Downloads\1336929447209.png
2012-05-12 13:26 - 2012-05-12 13:26 - 0159232 ____A C:\Users\General\Downloads\Sheet.docx
2012-05-12 12:24 - 2012-05-12 12:24 - 0471841 ____A C:\Users\General\Downloads\Final Exam Review Presentation.pptx
2012-05-12 06:47 - 2011-11-02 17:50 - 0000000 ____D C:\Users\General\AppData\Local\Windows Live
2012-05-12 06:33 - 2012-05-12 06:33 - 0212947 ____A C:\Users\General\Documents\buySAFE guarantee for headphones.png
2012-05-11 21:44 - 2012-05-11 21:44 - 0016526 ____A C:\Users\General\Downloads\1336797957277.png
2012-05-11 20:58 - 2012-05-11 20:58 - 0009762 ____A C:\Users\General\Downloads\1336736033188.jpg
2012-05-11 17:52 - 2012-01-02 18:48 - 0000000 ____D C:\Users\General\AppData\Roaming\ShanghaiAlice
2012-05-11 16:55 - 2012-05-11 16:55 - 0679192 ____A C:\Users\General\Downloads\cWsjs.jpg
2012-05-11 03:07 - 2009-07-13 20:45 - 0446200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 03:02 - 2011-10-09 08:26 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 03:02 - 2011-07-08 06:08 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 03:02 - 2011-07-08 06:08 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-11 02:54 - 2012-05-11 02:54 - 0175662 ____A C:\Users\General\Downloads\HSID.pdf
2012-05-11 02:52 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-10 13:53 - 2011-07-14 18:38 - 0000000 ____D C:\Users\General\AppData\Local\ElevatedDiagnostics
2012-05-10 12:23 - 2012-05-10 12:23 - 0000331 ____A C:\Windows\SysWOW64\LauncherMetadata.xml
2012-05-10 12:21 - 2012-04-22 23:13 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-05-09 23:10 - 2012-05-09 23:10 - 0146908 ____A C:\Users\General\Downloads\NeoSpeech.swf
2012-05-08 10:43 - 2011-12-21 18:37 - 0000000 ____D C:\Users\General\ROMs
2012-05-08 10:42 - 2011-07-05 00:57 - 0000000 ____D C:\Users\General\Installers
2012-05-07 22:07 - 2012-05-07 17:51 - 0019342 ____A C:\Users\General\Downloads\Extra Credit - The Difference between Health Insurance and Broccoli.docx
2012-05-07 18:35 - 2012-05-07 18:35 - 0054879 ____A C:\Users\General\Downloads\ranggers.jpg
2012-05-07 17:23 - 2011-08-12 22:00 - 0000000 ____D C:\Users\General\AppData\Roaming\Mozilla
2012-05-07 07:26 - 2012-04-22 23:12 - 0000000 ____D C:\Users\General\AppData\Roaming\uTorrent
2012-05-06 12:07 - 2012-05-06 12:07 - 0069163 ____A C:\Users\General\Downloads\1336333518785.jpg
2012-05-06 09:52 - 2011-07-05 00:46 - 0000000 ____D C:\Users\General\AppData\Local\Apps\2.0
2012-05-05 21:00 - 2012-05-05 21:00 - 3083657 ____A C:\Users\General\Downloads\1336278407207.gif
2012-05-05 19:13 - 2012-05-05 19:13 - 0033737 ____A C:\Users\General\Downloads\1336272941838.gif
2012-05-05 19:12 - 2012-05-05 19:12 - 0933111 ____A C:\Users\General\Downloads\1336272603514.gif
2012-05-05 17:20 - 2012-05-05 17:20 - 0086512 ____A C:\Users\General\Downloads\1323028063892.jpg
2012-05-05 07:04 - 2012-05-04 17:51 - 0000000 ____D C:\Users\General\Downloads\Touhou 10.5 ~ Scarlet Weather Rhapsody
2012-05-04 22:52 - 2012-05-04 22:52 - 0000341 ____A C:\Users\General\Documents\pastas.txt
2012-05-04 17:50 - 2012-05-04 17:50 - 0014134 ____A C:\Users\General\Downloads\Doom_3_and_Resurrection_of_Evil_1_3_1_and_open_co_op_(lan_playable)-((Demonoid.me))_9783516.2644.torrent
2012-05-04 08:50 - 2012-05-04 08:50 - 0040960 ____A C:\Users\General\Downloads\221 TA Office Hours Spr 12.xls
2012-05-04 06:54 - 2012-05-04 06:54 - 0019716 ____A C:\Users\General\Downloads\formal paperblahalbha.odt
2012-05-03 10:35 - 2012-05-03 10:34 - 0131462 ____A C:\TDSSKiller.2.7.31.0_03.05.2012_14.34.12_log.txt
2012-05-03 08:43 - 2012-05-03 08:43 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-03 08:43 - 2012-05-03 08:43 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-03 08:43 - 2012-05-03 08:43 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-03 08:43 - 2012-05-03 08:43 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-03 08:43 - 2011-07-10 17:42 - 0472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-03 08:43 - 2011-07-10 17:42 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-03 08:42 - 2012-05-03 08:42 - 0909088 ____A (Sun Microsystems, Inc.) C:\Users\General\Downloads\chromeinstall.exe
2012-05-02 22:54 - 2011-07-11 14:25 - 0000000 ____D C:\Users\General\Documents\Touhou Games
2012-05-02 13:54 - 2012-05-02 13:53 - 0000000 ____D C:\Users\General\AppData\Local\SniperV2 Demo
2012-05-02 13:52 - 2011-04-11 14:57 - 0341128 ____A C:\Windows\DirectX.log
2012-05-02 01:22 - 2012-01-16 22:35 - 0000000 ____D C:\Program Files (x86)\Call of Duty- Modern Warfare 3
2012-05-01 18:05 - 2012-05-01 18:05 - 0135063 ____A C:\Users\General\Downloads\1335923122897.gif
2012-05-01 15:59 - 2012-05-01 15:59 - 0181422 ____A C:\Users\General\Downloads\1335914950186.gif
2012-04-30 20:36 - 2012-04-30 20:36 - 0013012 ____A C:\Users\General\Documents\brazzers-logo-mem.png
2012-04-30 20:29 - 2012-04-30 20:29 - 0949095 ____A C:\Users\General\Documents\brazzers1.png
2012-04-30 17:52 - 2012-04-30 17:38 - 85950536 ____A C:\Users\General\Downloads\Mod_v._C.2.1.zip
2012-04-30 17:44 - 2012-04-30 17:38 - 18297726 ____A C:\Users\General\Downloads\Maps_v._C.2.2.zip
2012-04-30 14:47 - 2012-04-30 14:47 - 0117234 ____A C:\Users\General\Downloads\1335825878891.png
2012-04-29 17:22 - 2012-04-29 17:22 - 0000000 ____D C:\Users\General\Downloads\Overmind_v1.02
2012-04-29 11:16 - 2012-04-29 11:16 - 0001516 ____A C:\Users\General\Desktop\StarCraft II - Shortcut.lnk
2012-04-29 00:58 - 2012-04-29 00:58 - 0222868 ____A C:\Users\General\Downloads\1335671503956.png
2012-04-28 16:37 - 2012-04-28 16:37 - 0186984 ____A C:\Users\General\Downloads\1335652444827.jpg
2012-04-25 10:25 - 2011-07-10 17:47 - 0000000 ____D C:\Users\General\Books
2012-04-25 10:21 - 2012-04-25 10:21 - 0000000 ____D C:\Users\General\Downloads\The Rainy Day Sessions - staying classy (Vol. 2)
2012-04-25 10:21 - 2011-09-29 20:50 - 0000000 ____D C:\Users\General\AppData\Roaming\Audacity
2012-04-25 10:20 - 2012-04-25 10:19 - 0000000 ____D C:\Users\General\Downloads\Hirens
2012-04-23 22:40 - 2012-04-23 22:40 - 0296388 ____A C:\Users\General\Downloads\1335247592241.jpg
2012-04-23 22:07 - 2012-04-10 20:51 - 0000000 ____D C:\Users\General\Downloads\Silent Sinner in Blue Complete
2012-04-22 23:24 - 2011-07-05 04:20 - 0000000 ____D C:\Users\General\AppData\Roaming\BitTorrent
2012-04-22 23:09 - 2012-04-22 23:09 - 6529540 ____A C:\Users\General\Downloads\bios.7z
2012-04-22 23:07 - 2012-04-22 23:07 - 2854217 ____A C:\Users\General\Downloads\pcsx2-0.9.8-r4600-binaries.7z
2012-04-22 10:12 - 2012-04-22 10:12 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-22 10:12 - 2012-04-22 10:11 - 0133034 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_14.11.01_log.txt
2012-04-22 08:42 - 2011-08-02 18:58 - 0000000 ____D C:\Users\General\AppData\Roaming\Skype
2012-04-21 14:18 - 2012-04-21 14:18 - 0021890 ____A C:\Users\General\Downloads\kyonkundenwa.jpg
2012-04-19 14:30 - 2012-04-19 14:30 - 0482468 ____A C:\Users\General\Downloads\1334789871197.gif
2012-04-19 14:08 - 2012-04-19 14:08 - 0000000 ____D C:\Users\General\Downloads\SCP - Containment Breach v0.1.1
2012-04-17 10:10 - 2011-10-03 05:24 - 0006009 ____A C:\Users\General\Documents\ax_files.xml
2012-04-17 09:58 - 2012-04-17 09:57 - 0000000 ____D C:\Users\General\Documents\brettsflashdriveROllercoastertycoon
2012-04-17 09:55 - 2012-04-17 09:55 - 0000000 ____D C:\Users\General\Downloads\USBFormat
2012-04-15 21:08 - 2012-04-15 21:08 - 0000000 ____D C:\Users\General\Downloads\SCP - Containment Breach v0.1
2012-04-14 18:08 - 2011-07-05 00:46 - 0115824 ____A C:\Users\General\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-14 18:02 - 2012-04-14 18:02 - 0000000 ____D C:\Users\General\Downloads\GoS English
2012-04-14 17:59 - 2012-04-14 17:58 - 87467649 ____A C:\Users\General\Downloads\GoS English.part5.rar
2012-04-14 17:58 - 2012-04-14 17:58 - 0041984 ____A C:\Users\General\Downloads\Satori Blue Magic.xls
2012-04-14 17:57 - 2012-04-14 17:54 - 204472320 ____A C:\Users\General\Downloads\GoS English.part4.rar
2012-04-14 17:53 - 2012-04-14 17:50 - 204472320 ____A C:\Users\General\Downloads\GoS English.part3.rar
2012-04-14 17:49 - 2012-04-14 17:46 - 204472320 ____A C:\Users\General\Downloads\GoS English.part2.rar
2012-04-14 17:46 - 2012-04-14 17:42 - 204472320 ____A C:\Users\General\Downloads\GoS English.part1.rar
2012-04-14 08:56 - 2012-04-14 08:56 - 0013689 ____A C:\Users\General\Downloads\honorpledgeeverest.docx
2012-04-11 21:27 - 2012-04-11 21:27 - 0714854 ____A C:\Users\General\Downloads\1334205845795.gif
2012-04-11 21:17 - 2011-08-12 21:59 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-11 18:35 - 2012-04-11 18:35 - 0045282 ____A C:\Users\General\Downloads\Handout 7 - Chs 16 17.docx
2012-04-11 18:35 - 2012-04-11 18:35 - 0044947 ____A C:\Users\General\Downloads\Handout 6 - Chs 14 15.docx
2012-04-11 18:35 - 2012-04-11 18:35 - 0042041 ____A C:\Users\General\Downloads\Handout 5 - Chs 13 14.docx
2012-04-10 22:34 - 2012-04-10 22:34 - 0000000 ____D C:\Users\General\Downloads\lostsky-v0.7.0a-final-windows
2012-04-08 22:42 - 2011-08-02 18:23 - 0000000 ____D C:\Users\General\riotsGamesLogs
2012-04-08 11:34 - 2012-04-08 11:34 - 0054481 ____A C:\Users\General\Downloads\df4e5bb29fa7175a6db5ed8ab798a52c.png
2012-04-05 11:21 - 2011-10-14 20:13 - 0000000 ____D C:\Users\General\Documents\Alcohol 120%
2012-04-04 23:39 - 2012-04-04 23:39 - 0000000 ____D C:\Users\General\AppData\Roaming\BadApple!!
2012-04-04 23:27 - 2012-04-04 23:27 - 0000000 ____D C:\Users\General\Downloads\BadAppleScreensaver
2012-04-04 23:22 - 2012-04-04 23:18 - 167483972 ____A C:\Users\General\Downloads\BadAppleScreensaver.rar
2012-04-04 22:35 - 2012-04-04 22:35 - 0000097 ____A C:\Users\General\Downloads\listen.m3u
2012-04-04 11:56 - 2011-07-05 00:48 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 16:45 - 2012-04-03 16:45 - 0028160 ____A C:\Users\General\Downloads\221 Exam 2 Answer Keys Spring 2012.doc
2012-04-03 14:15 - 2012-04-03 14:15 - 0026112 ____A C:\Users\General\Downloads\221 Room Assignments Ex 2.doc
2012-04-03 14:15 - 2012-04-03 14:15 - 0026112 ____A C:\Users\General\Downloads\221 Room Assignments Ex 2 (1).doc
2012-04-03 11:33 - 2012-04-03 11:27 - 0014277 ____A C:\Users\General\Documents\Gary loveman.docx
2012-04-03 11:20 - 2012-04-03 11:20 - 0017146 ____A C:\Users\General\Documents\illiadreflection.docx
2012-04-03 11:17 - 2012-04-03 10:08 - 0056320 ____A C:\Users\General\Downloads\iliadassessmentplan.doc
2012-04-03 10:10 - 2012-04-03 10:10 - 0000162 ___AH C:\Users\General\Documents\~$affic ticket.docx
2012-04-02 10:53 - 2012-04-02 10:53 - 0000000 ____A C:\Users\General\Documents\stats formula sheet.docx
2012-04-02 10:52 - 2012-03-05 11:23 - 0017562 ____A C:\Users\General\Documents\stat chapter 7.docx
2012-04-01 22:21 - 2012-04-01 22:21 - 0000113 ____A C:\Users\General\Documents\the old man and the sea.txt
2012-04-01 13:19 - 2012-04-01 08:22 - 385482257 ____A C:\Users\General\Downloads\ChexQuest.part2.rar
2012-04-01 13:00 - 2012-04-01 13:00 - 24563029 ____A C:\Users\General\Downloads\EoSD Retexture Pack v0.3.zip
2012-04-01 13:00 - 2012-04-01 13:00 - 0000000 ____D C:\Users\General\Downloads\EoSD Retexture Pack v0.3
2012-04-01 01:53 - 2012-03-31 22:58 - 471859200 ____A C:\Users\General\Downloads\ChexQuest.part1.rar
2012-03-31 15:24 - 2011-07-05 01:04 - 0000000 ____D C:\Users\General\Documents\StarCraft II
2012-03-30 22:05 - 2012-05-10 10:07 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 21:58 - 2012-03-30 21:53 - 0000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent
2012-03-30 20:39 - 2012-05-10 10:07 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 10:07 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-10 10:07 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 14:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-30 09:55 - 2012-01-08 09:05 - 0000000 ____D C:\Program Files (x86)\Digipen
2012-03-30 09:54 - 2012-02-24 23:22 - 0000000 ____D C:\Program Files (x86)\Armagetron Advanced
2012-03-30 08:32 - 2012-03-30 08:32 - 0052736 ____A C:\Users\General\Downloads\221 Course Syllabus Spr 12.doc
2012-03-30 03:35 - 2012-05-10 10:07 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 07:09 - 2011-07-06 00:28 - 0001269 ____A C:\Windows\System32\ServiceFilter.ini
2012-03-27 23:08 - 2012-03-27 23:08 - 2506292 ____A C:\Users\General\Downloads\ecqlipse_2____ico___by_chrfb.zip
2012-03-27 23:08 - 2012-03-27 23:08 - 0000000 ____D C:\Users\General\Downloads\ecqlipse_2____ico___by_chrfb
2012-03-27 22:57 - 2012-03-27 22:57 - 0000000 ____D C:\Users\General\Downloads\UxStyle_Core_jul13_bits
2012-03-27 22:31 - 2012-03-27 22:29 - 0000000 ____D C:\Users\General\Downloads\Shadow_for_7_by_krissirk
2012-03-26 12:40 - 2012-03-26 12:27 - 0000000 ____D C:\Users\General\Desktop\skyrim
2012-03-24 18:26 - 2012-03-24 18:19 - 0001908 ____A C:\Windows\diagwrn.xml
2012-03-24 18:26 - 2012-03-24 18:19 - 0001908 ____A C:\Windows\diagerr.xml
2012-03-24 18:19 - 2012-03-24 18:19 - 0000000 ____D C:\$WINDOWS.~BT
2012-03-24 18:19 - 2009-07-13 20:51 - 0000000 ____A C:\Windows\setuperr.log
2012-03-24 07:51 - 2011-10-17 17:41 - 0000000 ____D C:\Program Files (x86)\The Lord of the Rings Online
2012-03-24 07:51 - 2011-09-20 16:42 - 0000000 ___SD C:\Users\General\Documents\Mabinogi
2012-03-24 07:50 - 2012-02-15 08:18 - 0000000 ____D C:\Users\All Users\Origin
2012-03-24 07:50 - 2012-02-15 08:18 - 0000000 ____D C:\ProgramData\Origin
2012-03-24 07:50 - 2011-12-22 13:12 - 0000000 ____D C:\Users\General\AppData\Local\DFH
2012-03-24 07:50 - 2011-12-10 17:04 - 0000000 ____D C:\Program Files (x86)\Wakfu
2012-03-24 07:50 - 2011-11-22 23:47 - 0000000 ____D C:\Counter-Strike 2D
2012-03-24 07:50 - 2011-09-29 06:43 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-03-24 07:50 - 2011-09-29 06:43 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-03-24 07:49 - 2011-09-29 06:43 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-03-23 19:12 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-23 19:12 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-23 19:11 - 2012-03-23 18:47 - 0000000 ____D C:\Windows\ERDNT
2012-03-23 19:04 - 2009-07-13 18:34 - 71041024 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-23 19:04 - 2009-07-13 18:34 - 19922944 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-23 19:04 - 2009-07-13 18:34 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-23 19:04 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-23 19:04 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-23 19:03 - 2012-03-23 19:03 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-21 11:47 - 2012-03-21 11:47 - 2406272 ____A C:\Users\General\Downloads\first aid.pdf
2012-03-20 23:07 - 2011-09-12 06:42 - 0807350 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-18 19:04 - 2012-03-18 19:04 - 0000000 ____D C:\Program Files (x86)\Bioware
2012-03-18 19:04 - 2012-02-15 08:36 - 0000000 ____D C:\Users\General\Documents\BioWare
2012-03-18 18:29 - 2012-03-18 18:29 - 0000000 ____D C:\Users\General\AppData\Local\Axialis
2012-03-16 23:58 - 2012-05-10 10:07 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 07:17 - 2012-03-15 07:17 - 0000000 ____D C:\Users\General\Downloads\Killing Floor Maps + Weapon pack 1.0
2012-03-14 08:15 - 2011-07-05 00:58 - 0000000 ____D C:\Users\General\AppData\Local\Google
2012-03-12 22:19 - 2012-03-12 22:19 - 0000000 ____D C:\Users\General\Downloads\Touhou 10 - Mountain of Faith
2012-03-08 05:35 - 2012-03-08 05:35 - 0043101 ____A C:\Users\General\Downloads\Handout 4 - Chs 9 10.docx
2012-03-08 05:35 - 2012-03-08 05:35 - 0035299 ____A C:\Users\General\Downloads\Handout 3 - Chs 7 8.docx
2012-03-07 10:21 - 2012-03-06 20:30 - 364531839 ____A C:\Users\General\Downloads\Touhou 10 - Mountain of Faith.rar
2012-03-06 11:11 - 2012-03-06 09:21 - 0094208 ____A C:\Users\General\Downloads\iliadDevPlan.doc
2012-03-06 09:06 - 2012-03-06 09:06 - 0000000 ____D C:\Users\General\Desktop\septet_pour_une_infante_befunte
2012-03-05 23:04 - 2012-03-05 23:04 - 4657377 ____A C:\Users\General\Downloads\Flowering Night Add-On.mp3
2012-03-05 22:53 - 2012-03-05 22:52 - 6700483 ____A C:\Users\General\Downloads\Liverne - ????????????.mp3
2012-03-05 11:23 - 2012-03-05 11:23 - 0000162 ___AH C:\Users\General\Documents\~$at chapter 7.docx
2012-03-04 11:13 - 2012-03-04 11:07 - 0000000 ____D C:\Program Files (x86)\Screaming Bee
2012-03-04 11:08 - 2012-03-04 11:08 - 0000000 ____D C:\Users\General\AppData\Roaming\Screaming Bee
2012-03-04 11:07 - 2012-03-04 11:05 - 0000000 ____D C:\Users\All Users\Screaming Bee
2012-03-04 11:07 - 2012-03-04 11:05 - 0000000 ____D C:\ProgramData\Screaming Bee
2012-03-03 09:22 - 2012-03-03 09:22 - 0000000 ____D C:\Users\General\Downloads\Toonami - Deep Space Bass
2012-03-03 09:17 - 2012-02-25 10:46 - 0000000 ____D C:\Users\General\Downloads\Hirens.BootCD.15.1
2012-03-03 09:14 - 2012-01-11 10:09 - 0000000 ____D C:\Users\General\Downloads\Katawa Shoujo 1-7-12
2012-03-03 09:14 - 2011-11-23 19:27 - 0000000 ____D C:\Users\General\ISOs
2012-03-02 22:35 - 2012-05-10 10:07 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-10 10:07 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 19:04 - 2012-03-02 19:03 - 0000000 ____D C:\Users\General\Downloads\MorphVOX Pro v4.3.13 with addons + Crk
2012-03-02 09:40 - 2012-03-02 09:39 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-03-02 09:39 - 2012-03-02 09:38 - 0000000 ____D C:\Users\General\AppData\Roaming\GetRightToGo
2012-03-02 09:39 - 2011-07-06 00:19 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-02 09:38 - 2012-03-02 09:38 - 0000000 ____D C:\Users\General\AppData\Roaming\InstallShield
2012-02-29 22:46 - 2012-04-10 23:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-10 23:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-10 23:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-10 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-10 23:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-10 23:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-10 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 10:32 - 2012-02-29 10:32 - 0020186 ____A C:\Users\General\Documents\stat notes.docx
2012-02-29 10:27 - 2012-02-28 19:47 - 0019295 ____A C:\Users\General\Documents\stat chapter 3.docx
2012-02-28 19:44 - 2012-02-08 10:28 - 0018725 ____A C:\Users\General\Documents\stat chapter 2.docx
2012-02-28 18:10 - 2012-02-28 18:10 - 0000162 ___AH C:\Users\General\Documents\~$at notes.docx
2012-02-28 13:37 - 2012-02-28 13:37 - 0000000 ____D C:\Users\General\Documents\Amnesia
2012-02-28 10:59 - 2012-02-28 07:47 - 0208665 ____A C:\Users\General\Documents\BMGT221 chapter 4.docx
2012-02-27 23:34 - 2012-04-10 23:03 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-10 23:03 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-10 23:03 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-10 23:03 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-10 23:03 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-10 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-10 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-10 23:03 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-10 23:03 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-10 23:03 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-10 23:03 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-10 23:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-10 23:03 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-10 23:03 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-10 23:03 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-10 23:03 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-10 23:03 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-10 23:03 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-10 23:03 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-10 23:03 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-10 23:03 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-10 23:03 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-10 23:03 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-10 23:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-10 23:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-10 23:03 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 12:15 - 2012-02-27 11:03 - 0014951 ____A C:\Users\General\Documents\Statexamreview1-6.docx
2012-02-27 11:42 - 2011-07-05 00:46 - 0000000 ____D C:\Users\General\AppData\Local\Deployment
2012-02-25 19:20 - 2012-02-25 19:20 - 0000000 ____D C:\Users\General\Documents\Remedy
2012-02-25 19:20 - 2011-11-23 17:36 - 0000000 ____D C:\Users\General\AppData\Local\SKIDROW
2012-02-25 19:02 - 2012-02-25 19:02 - 0000000 ____D C:\Program Files (x86)\Remedy Entertainment
2012-02-25 17:08 - 2012-02-25 17:08 - 0000000 ____D C:\Users\General\AppData\Roaming\RotMG.Production
2012-02-25 13:35 - 2012-02-25 10:21 - 0000000 ____D C:\Users\General\Documents\flashdrive2
2012-02-24 23:24 - 2012-02-24 23:23 - 0000000 ____D C:\Users\General\AppData\Roaming\Armagetron
2012-02-24 23:22 - 2012-02-24 23:22 - 0000000 ____D C:\Users\All Users\Armagetron
2012-02-24 23:22 - 2012-02-24 23:22 - 0000000 ____D C:\ProgramData\Armagetron
2012-02-24 19:43 - 2012-02-24 19:43 - 0183544 ____A C:\Users\General\Downloads\grub4dos.zip
2012-02-24 19:42 - 2012-02-24 19:42 - 0000000 ____D C:\Users\General\Documents\flashdrive
2012-02-24 19:38 - 2012-02-24 19:32 - 522565534 ____A C:\Users\General\Downloads\Hirens.BootCD.15.1.zip
2012-02-24 19:33 - 2011-10-17 18:38 - 0000000 ____D C:\Users\General\AppData\Local\ApplicationHistory
2012-02-24 08:32 - 2012-02-24 08:32 - 0090031 ____A C:\Users\General\Downloads\Last Regrets.pdf
2012-02-23 22:18 - 2011-07-05 01:45 - 0000000 ____D C:\Program Files (x86)\Heroes of Newerth
2012-02-23 06:18 - 2011-07-05 01:04 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 12:10 - 2012-02-22 11:55 - 0024339 ____A C:\Users\General\Documents\stat chapter 5.docx
2012-02-22 12:06 - 2012-02-22 11:56 - 0004314 ____A C:\Users\General\Documents\histogram.png
2012-02-22 11:54 - 2012-02-22 11:54 - 0701068 ____A C:\Users\General\Downloads\Lecture3.pptx
2012-02-22 11:43 - 2012-02-15 11:32 - 0034851 ____A C:\Users\General\Documents\Stat chapter 4.docx
2012-02-21 15:29 - 2012-02-21 15:29 - 0245166 ____A C:\Users\General\Documents\summiteresults.png
2012-02-21 15:28 - 2012-02-21 15:28 - 0012948 ____A C:\Users\General\Documents\summitesimulation.docx
2012-02-21 13:24 - 2011-10-15 07:41 - 0000000 ____D C:\Users\General\Documents\My Games
2012-02-21 13:06 - 2011-11-02 08:19 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2012-02-20 12:08 - 2012-02-20 12:08 - 0014079 ____A C:\Users\General\Documents\stat probability.docx
2012-02-20 11:52 - 2012-02-20 11:52 - 0016739 ____A C:\Users\General\Documents\stat1.png
2012-02-19 10:38 - 2011-07-05 00:45 - 0000174 ___SH C:\Users\General\Start Menu\Programs\Startup\desktop.ini
2012-02-19 10:38 - 2011-07-05 00:45 - 0000174 ___SH C:\Users\General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-03-27 22:31] - [2009-07-13 22:39] - 2868224 ____A (Microsoft Corporation) 2A0FB672A494B2D598247939C6F66E49

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6049.15 MB
Available physical RAM: 5379.61 MB
Total Pagefile: 6047.3 MB
Available Pagefile: 5366.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:571.17 GB) (Free:255.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:14.89 GB) (Free:10.01 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 571 GB 25 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 571 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-09 14:18

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:28 PM

Posted 18 May 2012 - 09:18 PM

Greetings

what I was lookng for was not there (that is good)

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Delphy

Delphy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 18 May 2012 - 10:44 PM

here is the combofix log with the script

ComboFix 12-05-18.04 - General 8/2012 Fri 23:23:34.10.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.6049.4183 [GMT -4:00]
Running from: c:\users\General\Downloads\ComboFix.exe
Command switches used :: c:\users\General\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 04:37 . 2012-05-19 04:38 -------- d-----w- C:\FRST
2012-05-19 03:31 . 2012-05-19 03:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-19 03:31 . 2012-05-19 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 21:19 . 2012-05-18 21:20 -------- d-----w- c:\users\General\AppData\Roaming\ooVoo Details
2012-05-18 21:19 . 2012-05-18 21:19 -------- d-----w- c:\program files (x86)\ooVoo
2012-05-18 16:56 . 2012-05-18 19:10 -------- d-----w- c:\program files (x86)\Bucksbee Loyalty Plugin - Guppy Media
2012-05-18 16:11 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C05552EB-1163-49A8-86C8-AEA903208187}\mpengine.dll
2012-05-14 14:02 . 2012-05-14 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-14 14:02 . 2012-05-14 14:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-03 16:43 . 2012-05-03 16:43 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 21:53 . 2012-05-02 21:54 -------- d-----w- c:\users\General\AppData\Local\SniperV2 Demo
2012-04-23 07:13 . 2012-05-10 20:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-04-23 07:12 . 2012-05-07 15:26 -------- d-----w- c:\users\General\AppData\Roaming\uTorrent
2012-04-22 18:12 . 2012-04-22 18:12 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 00:39 . 2011-07-05 08:45 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-16 23:21 . 2011-08-28 23:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-03 16:43 . 2011-07-11 01:42 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2011-07-05 08:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 06:46 . 2012-04-11 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 14:18 . 2011-07-05 09:04 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[-] 2009-07-14 . 2A0FB672A494B2D598247939C6F66E49 . 2868224 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-05-18_02.12.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-18 20:13 . 2012-05-19 00:41 43158 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-13 23:17 37856 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-19 00:41 37856 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-05 08:46 . 2012-05-19 00:41 10596 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-620895711-2084235608-2404906526-1000_UserData.bin
+ 2011-07-06 08:26 . 2012-05-19 00:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-06 08:26 . 2012-05-13 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-06 08:26 . 2012-05-19 00:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-06 08:26 . 2012-05-13 23:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-13 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 00:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-18 21:19 . 2012-05-18 21:19 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_CED7514058048D3B52F543.exe
+ 2012-05-18 21:19 . 2012-05-18 21:19 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_6FEFF9B68218417F98F549.exe
+ 2012-05-18 21:19 . 2012-05-18 21:19 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_5116F7A0A0E7EA8E6764D5.exe
+ 2011-07-11 01:36 . 2012-05-18 22:29 4046 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-11 01:36 . 2012-05-10 20:20 4046 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-19 00:39 . 2012-05-19 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-13 23:15 . 2012-05-13 23:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-19 00:39 . 2012-05-19 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-13 23:15 . 2012-05-13 23:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-01-04 15:12 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-18 16:56 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-05-17 17:16 676078 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-19 00:44 676078 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-19 00:44 130444 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-17 17:16 130444 c:\windows\system32\perfc009.dat
- 2012-04-19 04:14 . 2012-05-13 23:14 237048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-19 04:14 . 2012-05-19 00:34 237048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-05-19 00:34 440160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-13 23:13 440160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-05-18 16:56 8896512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-04 15:12 8896512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-05 13:10 . 2012-05-19 00:34 6951088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-620895711-2084235608-2404906526-1000-12288.dat
- 2009-07-14 04:54 . 2012-01-04 15:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-18 16:56 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-18 21:19 . 2012-05-18 21:19 10426368 c:\windows\Installer\1955a710.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-13 107000]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-05-10 38704]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-07 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-24 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-7-6 12862]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\General\AppData\Local\Temp\00527BA.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 DMAgent;IntelR PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
S2 WiMAXAppSrv;IntelR PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000Core.job
- c:\users\General\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 08:58]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000UA.job
- c:\users\General\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 08:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\General\AppData\Local\Temp\00527BA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-18 23:34:03
ComboFix-quarantined-files.txt 2012-05-19 03:34
ComboFix2.txt 2012-05-18 19:27
ComboFix3.txt 2012-05-18 02:15
ComboFix4.txt 2012-05-04 23:51
ComboFix5.txt 2012-05-19 03:22
.
Pre-Run: 274,580,062,208 bytes free
Post-Run: 274,195,271,680 bytes free
.
- - End Of File - - 5A17062505BC670AB2BFF24806868500

after using the script, there are still advertisements on the bottom right corner, and there are still redirect issues
thank you for the continued support gringo
if nothing works out, I can reformat as a last resort

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:28 PM

Posted 18 May 2012 - 10:54 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Delphy

Delphy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 18 May 2012 - 11:16 PM

OTL.txt:


OTL logfile created on: 5/19/2012 12:12:31 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\General\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 59.33% Memory free
11.81 Gb Paging File | 9.30 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 571.17 Gb Total Space | 255.43 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive E: | 14.89 Gb Total Space | 10.01 Gb Free Space | 67.23% Space Free | Partition Type: FAT32

Computer Name: COMPUTER_NAME | User Name: General | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\General\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe (NCSoft)
PRC - C:\Users\General\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\649766df70bab5885c1b74a1491d60cb\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll ()
MOD - C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll ()
MOD - C:\Program Files (x86)\NCSoft\Launcher\UnRar.Net.dll ()
MOD - C:\Program Files (x86)\NCSoft\Launcher\NC.Logging.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TurboBoost) Intel® -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (bpmp) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (assd) -- C:\Windows\SysNative\drivers\assd.sys (ASUS Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3001739


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3001739
IE - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\General\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\General\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\General\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\General\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\General\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1F30D846-4BEF-4246-B19E-7E503B0E6639}: C:\PROGRAM FILES\FBFLICKER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/08/13 01:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/24 02:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 21:07:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1F30D846-4BEF-4246-B19E-7E503B0E6639}: C:\Program Files\FBFlicker\Firefox

[2012/03/24 11:48:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\General\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\General\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\General\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\General\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\General\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\General\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube Link Title = C:\Users\General\AppData\Local\Google\Chrome\User Data\Default\Extensions\cajnbchkcilklpllmajfogpndbenepph\2012.3.24_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\General\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: 4chan Linkify = C:\Users\General\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibgimhnnojihabceidblpilobdonkih\1.4.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\General\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/12/23 05:52:57 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe (NCSoft)
O4 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-620895711-2084235608-2404906526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FCF8247-614A-49C7-BF06-1CF3AADF3B91}: DhcpNameServer = 128.8.76.2 128.8.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6772663-2119-4135-A90E-8BB86DC7CD18}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 00:37:13 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/18 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\General\AppData\Roaming\ooVoo Details
[2012/05/18 17:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2012/05/18 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2012/05/18 12:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bucksbee Loyalty Plugin - Guppy Media
[2012/05/14 10:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 10:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 10:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/10 14:07:48 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 14:07:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 14:07:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 14:07:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/03 12:43:51 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/03 12:43:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/03 12:43:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/03 12:43:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/02 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\General\AppData\Local\SniperV2 Demo
[2012/04/23 03:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/04/23 03:12:45 | 000,000,000 | ---D | C] -- C:\Users\General\AppData\Roaming\uTorrent
[2012/04/22 14:34:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/22 14:17:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/22 14:17:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/22 14:17:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/22 14:12:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 23:23:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000UA.job
[2012/05/18 23:22:01 | 000,001,169 | ---- | M] () -- C:\Users\General\Desktop\ComboFix - Shortcut.lnk
[2012/05/18 20:47:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 20:47:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 20:44:22 | 000,813,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/18 20:44:22 | 000,676,078 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/18 20:44:22 | 000,130,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/18 20:39:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/05/18 20:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 20:39:24 | 462,274,559 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 18:30:46 | 000,002,424 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/05/18 17:19:24 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/05/18 16:05:14 | 000,000,512 | ---- | M] () -- C:\Users\General\Desktop\MBR.dat
[2012/05/18 12:23:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-620895711-2084235608-2404906526-1000Core.job
[2012/05/17 22:21:17 | 000,000,196 | ---- | M] () -- C:\Users\General\defogger_reenable
[2012/05/17 22:00:05 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 17:16:59 | 000,283,806 | ---- | M] () -- C:\Users\General\Documents\SANECHEDEGHAG.png
[2012/05/12 10:33:23 | 000,212,947 | ---- | M] () -- C:\Users\General\Documents\buySAFE guarantee for headphones.png
[2012/05/11 07:07:42 | 000,446,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 16:23:26 | 000,000,331 | ---- | M] () -- C:\Windows\SysWow64\LauncherMetadata.xml
[2012/05/04 21:51:03 | 000,000,969 | ---- | M] () -- C:\Users\General\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/03 12:43:30 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/03 12:43:30 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/03 12:43:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/03 12:43:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/03 12:43:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/01 00:36:11 | 000,013,012 | ---- | M] () -- C:\Users\General\Documents\brazzers-logo-mem.png
[2012/05/01 00:29:03 | 000,949,095 | ---- | M] () -- C:\Users\General\Documents\brazzers1.png
[2012/04/29 15:16:18 | 000,001,516 | ---- | M] () -- C:\Users\General\Desktop\StarCraft II - Shortcut.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 23:22:01 | 000,001,169 | ---- | C] () -- C:\Users\General\Desktop\ComboFix - Shortcut.lnk
[2012/05/18 17:19:24 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/05/18 16:05:14 | 000,000,512 | ---- | C] () -- C:\Users\General\Desktop\MBR.dat
[2012/05/17 22:21:17 | 000,000,196 | ---- | C] () -- C:\Users\General\defogger_reenable
[2012/05/17 22:00:05 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 17:15:07 | 000,283,806 | ---- | C] () -- C:\Users\General\Documents\SANECHEDEGHAG.png
[2012/05/12 10:33:23 | 000,212,947 | ---- | C] () -- C:\Users\General\Documents\buySAFE guarantee for headphones.png
[2012/05/10 16:23:26 | 000,000,331 | ---- | C] () -- C:\Windows\SysWow64\LauncherMetadata.xml
[2012/05/04 21:51:03 | 000,000,969 | ---- | C] () -- C:\Users\General\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/01 00:36:15 | 000,013,012 | ---- | C] () -- C:\Users\General\Documents\brazzers-logo-mem.png
[2012/05/01 00:29:03 | 000,949,095 | ---- | C] () -- C:\Users\General\Documents\brazzers1.png
[2012/04/29 15:16:18 | 000,001,516 | ---- | C] () -- C:\Users\General\Desktop\StarCraft II - Shortcut.lnk
[2012/04/22 14:17:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/22 14:17:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/22 14:17:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/22 14:17:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/22 14:17:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/20 23:02:56 | 000,201,012 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/24 14:08:31 | 000,000,000 | ---- | C] () -- C:\ProgramData\2EaXo7.dat
[2011/11/02 09:57:37 | 000,032,936 | ---- | C] () -- C:\Windows\scunin.dat
[2011/10/17 22:41:54 | 000,000,095 | ---- | C] () -- C:\Users\General\AppData\Local\fusioncache.dat
[2011/10/15 15:47:28 | 000,007,606 | ---- | C] () -- C:\Users\General\AppData\Local\Resmon.ResmonCfg
[2011/09/29 11:14:23 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/29 11:14:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/12 10:42:22 | 000,807,350 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/17 01:48:16 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/17 01:47:44 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/17 01:47:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D959E5DF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:DA990ED8

< End of report >

extras.txt has been saved

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:28 PM

Posted 19 May 2012 - 12:29 AM

Please download RogueKiller

Save to the Desktop
Close all windows and browsers
Windows Seven: Right-click the downloaded file and select 'Run as Administrator'
Press: SCAN
A report opens on the Desktop: RKreport.txt

Please copy/paste the RKreport.txt , and provide it in your reply.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Delphy

Delphy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 19 May 2012 - 12:34 AM

Here is the report from roguekiller:


RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: General [Admin rights]
Mode: Scan -- Date: 05/19/2012 01:32:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.
184.95.41.155 www.google-analytics.com.
184.95.41.155 ad-emea.doubleclick.net.
184.95.41.155 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT1 +++++
--- User ---
[MBR] 67c8deac6d5d3c73803fc27bbcf34b1e
[BSP] 177507aede73c8eab31fee7866ebab1f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 9daad8ceaca094c894bec7ec8e76247e
[BSP] 31eb12a84284568ca49c22d5a2448fe2 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 15266 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:28 PM

Posted 19 May 2012 - 12:54 AM

On theRogueKiller console, click the Hosts tab.
Make sure the entries there are checked, if there is an option to do so.
Then, press the [HostFix] button.

Please provide the RKreport (Mode: Delete) created on the Desktop.
(The RKreport also opens using the Report button on the console.)
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Delphy

Delphy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 19 May 2012 - 01:03 AM

I went to the hosts tab, and there was nothing to check. However, I did press the HostFix button. Then, I pressed the Report button. Here is the log from that report:


RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: General [Admin rights]
Mode: HOSTSFix -- Date: 05/19/2012 01:58:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.
184.95.41.155 www.google-analytics.com.
184.95.41.155 ad-emea.doubleclick.net.
184.95.41.155 www.statcounter.com.


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users