Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection


  • This topic is locked This topic is locked
27 replies to this topic

#1 Lost4

Lost4

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 24 May 2012 - 07:37 PM

Hello everyone! This is my first time posting on these forums. This is also the first infection I have had that my anti-virus has not been able to clean for me. I use Prevx 3.0, and it has been keeping my new system running smoothly up until now.

My operating system is Windows 7 Ultimate. When I look at basic system information, it says I am running a 64 bit operating system. However I have been told I have a 86bit OS, meaning that I have both 32 bit and 64 bit capabilities. (or so im told)

I am constantly getting a notice of infection of a file: C:\Windows\Installer\{0428e6d0-54ce-1235-1690-0f571fd951b}\0100000008.@

Prevx is not able to remove this file. It seems to be able to block it every 5 minutes, but cannot remove it completely. I have also download Malwarebytes, and ran both of these malware remover tools, separately, in and out of safe mode. No luck.

When I log in to my Prevx account there is additional information:

TROJAN.GEN

80000032.@

%windir%\installer\{GUID}\u\

I read the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help Thread. It told me to download DDS and post both of the logs here. I have done so, however I had some issues in my attempt to use the GMER.exe, most of the boxes that need to be checked are greyed out and cannot be checked. This is the reason why I have not included that information.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 24 May 2012 - 11:39 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Lost4

Lost4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 May 2012 - 12:33 AM

Hello, and thank you for the reply Gringo. I have downloaded both programs and ran them both as instructed.

After running securitycheck a notepad file did not pop up, a few flashes of white text appear almost too quick to read and the program ends. I also attempted to do a search for checkup.txt, but it was not saved.

I also attempted to run Combofix, after disabling my anti-virus. That began an install, and once the install bar finished, nothing happened. I have waited about 10 minutes, and I don't believe anything is happening. Should I try it in safe mode? probably a dumb question but i'm afraid to ruin my HD, and I have heard that this program can be dangerous in inexperienced hands such as myself.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 25 May 2012 - 12:42 AM

restart the computer and try once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Lost4

Lost4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 May 2012 - 12:52 AM

I did two restarts, my first restart was to try and execute these programs in safe mode, neither of them appear on my desktop, or in my search bar while in safe mode.

After that I did a normal boot, and the same thing as before happened. security check ran, but no text file popped up after, and Combofix also did the same thing, install bar finished, hangs for a moment and then exits.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 25 May 2012 - 12:56 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Lost4

Lost4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 May 2012 - 01:22 AM

Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
Ran by SYSTEM at 25-05-2012 01:12:31
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [PrevxCSI] "C:\Program Files\Prevx\prevx.exe" /bootupreg [6746280 2010-11-26] (Prevx)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TaskTray] [x]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-07] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Ravage\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\Ravage\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-08] ()
HKU\Ravage\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Ravage\...\Run: [Google Update] "C:\Users\Ravage\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-19] (Google Inc.)
HKU\Ravage\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

==================== Services (Whitelisted) ======

2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6746280 2010-11-26] (Prevx)
3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --get-config [2343816 2012-02-07] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-24] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2012-05-02] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-09-23] ()
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [283824 2009-09-23] (Intel Corporation)
3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [58112 2007-05-15] (Eugene V. Muzychenko)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2010-02-03] (LogMeIn, Inc.)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-09-23] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [24024 2012-05-24] (Prevx)
1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [65736 2012-05-24] (Prevx)
4 pxscan; C:\Windows\System32\Drivers\pxscan.sys [36384 2012-05-24] (Prevx)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-03-23] (Duplex Secure Ltd.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz130; \??\C:\Users\Ravage\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 ECSIoDriver_1_1_0_0; \??\C:\Users\Ravage\AppData\Local\Temp\is-C6B8R.tmp\ECSIoDriverX64.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 XPADFL02; C:\Windows\System32\DRIVERS\xpadfl02.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-25 01:12 - 2012-05-25 01:12 - 0000000 ____D C:\FRST
2012-05-24 22:04 - 2012-05-24 22:04 - 1394807 ____A C:\Users\Ravage\Downloads\FRST64.exe
2012-05-24 21:17 - 2012-05-24 21:49 - 0000000 ___SD C:\32788R22FWJFW
2012-05-24 21:16 - 2012-05-24 21:16 - 4526596 ____R (Swearware) C:\Users\Ravage\Desktop\ComboFix (1).exe
2012-05-24 21:14 - 2012-05-24 21:14 - 0852401 ____A C:\Users\Ravage\Desktop\SecurityCheck.exe
2012-05-24 15:54 - 2011-07-16 19:21 - 0302592 ____A C:\Users\Ravage\Desktop\gmer.exe
2012-05-24 15:53 - 2012-05-24 15:53 - 0294216 ____A C:\Users\Ravage\Downloads\gmer.zip
2012-05-24 15:52 - 2012-05-24 15:52 - 0302592 ____A C:\Users\Ravage\Downloads\mmjerjn8.exe
2012-05-24 15:47 - 2012-05-24 15:47 - 0002162 ____A C:\Users\Ravage\Desktop\mbam-log-2012-05-24 (06-45-25).txt
2012-05-24 15:24 - 2012-05-24 15:24 - 0015788 ____A C:\Users\Ravage\Desktop\DDS.txt
2012-05-24 15:24 - 2012-05-24 15:24 - 0013714 ____A C:\Users\Ravage\Desktop\Attach.txt
2012-05-24 15:15 - 2012-05-24 15:15 - 0607260 ____R (Swearware) C:\Users\Ravage\Downloads\dds.scr
2012-05-24 14:00 - 2012-05-24 14:18 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-24 14:00 - 2012-05-24 14:01 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-24 14:00 - 2012-05-24 14:00 - 0001258 ____A C:\Users\Ravage\Desktop\Spybot - Search & Destroy.lnk
2012-05-24 13:59 - 2012-05-24 13:59 - 16409960 ____A (Safer Networking Limited ) C:\Users\Ravage\Desktop\spybotsd162.exe
2012-05-24 13:46 - 2012-05-24 13:47 - 4525926 ____A (Swearware) C:\Users\Ravage\Downloads\ComboFix.exe
2012-05-24 13:22 - 2012-05-24 13:22 - 1082543 ____A C:\Users\Ravage\Desktop\prevxscan.log
2012-05-24 00:00 - 2012-05-24 00:00 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-24 00:00 - 2012-05-24 00:00 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-23 23:02 - 2012-05-23 23:02 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-23 23:01 - 2012-05-24 21:47 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-21 11:15 - 2012-05-21 11:15 - 0000000 ____D C:\Users\Ravage\Downloads\Game of Thrones S02E08 HDTV x264-ASAP[ettv]
2012-05-20 20:38 - 2012-05-20 20:38 - 0000355 ____A C:\Users\Ravage\Homegroup - Shortcut.lnk
2012-05-20 00:03 - 2012-05-20 00:03 - 0071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-05-20 00:03 - 2012-05-20 00:03 - 0065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-05-19 02:29 - 2012-05-24 21:34 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000UA.job
2012-05-19 02:29 - 2012-05-24 02:34 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000Core.job
2012-05-19 02:29 - 2012-05-19 02:30 - 0000000 ____D C:\Users\Ravage\AppData\Local\Google
2012-05-18 02:59 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-18 02:59 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-18 02:59 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-18 02:59 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-18 02:59 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-18 02:59 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-18 02:59 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-18 02:58 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-15 19:40 - 2012-05-15 19:40 - 0000020 ____A C:\Users\Ravage\Desktop\Diablo 3 friends list.txt
2012-05-15 12:37 - 2012-05-24 17:15 - 0000000 ____D C:\Users\Ravage\Documents\Diablo III
2012-05-15 11:56 - 2012-05-15 12:37 - 0000000 ____D C:\Program Files (x86)\Diablo III
2012-05-15 11:56 - 2012-05-15 12:11 - 0001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 11:53 - 2012-05-15 11:53 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-13 20:14 - 2012-05-13 20:22 - 0000000 ____D C:\Users\Ravage\Downloads\Game of Thrones S02E07 HDTV x264-ASAP[ettv]
2012-05-13 15:06 - 2012-05-13 15:17 - 0000000 ____D C:\Users\Ravage\Downloads\The Avengers 2012 Cam Cropped XviD Feel-Free
2012-05-13 12:01 - 2012-05-13 12:01 - 0000000 ____D C:\Users\All Users\RELOADED
2012-05-13 11:57 - 2012-05-13 11:57 - 0000924 ____A C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
2012-05-13 11:56 - 2012-05-13 11:58 - 0000000 ____D C:\Program Files (x86)\Warlock - Master of the Arcane
2012-05-13 02:18 - 2012-05-13 02:18 - 8572602 ____A C:\Users\Ravage\Desktop\Olove - Mental State.mp3
2012-05-13 02:18 - 2012-05-13 02:18 - 7454562 ____A C:\Users\Ravage\Desktop\Olove - Cloud Theory.mp3
2012-05-12 03:15 - 2012-05-12 03:15 - 0000000 ____D C:\Users\Ravage\Downloads\Sage Francis - Li(f)e (2010)
2012-05-12 01:45 - 2012-05-12 01:45 - 0058437 ____A C:\Users\Ravage\Desktop\169019_1670446634261_1030208168_31627420_8044361_n.jpg
2012-05-11 18:36 - 2012-05-11 18:36 - 8722725 ____A C:\Users\Ravage\Desktop\Exit Call.mp3
2012-05-06 16:41 - 2012-05-06 16:41 - 0001770 ____A C:\Users\Ravage\Desktop\RaccoonCity.lnk
2012-05-03 19:54 - 2012-05-03 19:54 - 0000151 ____A C:\Windows\PhotoSnapViewer.INI
2012-05-02 16:54 - 2012-05-02 16:54 - 0001596 ____A C:\Users\Ravage\Desktop\FarCry2.lnk
2012-05-01 22:44 - 2012-05-01 22:47 - 0000000 ____D C:\Users\Ravage\Documents\Syndicate
2012-05-01 22:43 - 2012-05-01 22:43 - 0002409 ____A C:\Users\Public\Desktop\Syndicate.lnk
2012-05-01 21:02 - 2012-05-01 21:02 - 0000000 ____D C:\Users\Ravage\AppData\Local\Risen2
2012-05-01 20:38 - 2012-05-01 20:38 - 0001325 ____A C:\Users\Public\Desktop\Risen 2 Dark Waters.lnk
2012-04-26 01:05 - 2012-04-26 01:05 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-26 01:05 - 2012-04-26 01:05 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

============ 3 Months Modified Files and Folders =============

2012-05-25 01:12 - 2012-05-25 01:12 - 0000000 ____D C:\FRST
2012-05-24 22:09 - 2010-09-12 09:29 - 1419621 ____A C:\Windows\WindowsUpdate.log
2012-05-24 22:08 - 2010-09-04 01:07 - 0000000 ____D C:\Users\Ravage\AppData\Local\PMB Files
2012-05-24 22:05 - 2009-07-13 21:13 - 0793346 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-24 22:04 - 2012-05-24 22:04 - 1394807 ____A C:\Users\Ravage\Downloads\FRST64.exe
2012-05-24 21:54 - 2009-07-13 20:45 - 0014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-24 21:54 - 2009-07-13 20:45 - 0014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-24 21:50 - 2010-10-09 22:57 - 0000000 ____D C:\Users\Ravage\AppData\Local\LogMeIn Hamachi
2012-05-24 21:49 - 2012-05-24 21:17 - 0000000 ___SD C:\32788R22FWJFW
2012-05-24 21:48 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-24 21:47 - 2012-05-23 23:01 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-24 21:47 - 2010-09-04 23:20 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-24 21:47 - 2009-07-13 21:08 - 0032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-24 21:46 - 2011-12-29 09:41 - 2140495872 __ASH C:\hiberfil.sys
2012-05-24 21:46 - 2011-11-30 10:28 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-05-24 21:46 - 2010-10-02 07:30 - 0064141 ____A C:\Windows\setupact.log
2012-05-24 21:44 - 2011-11-25 00:59 - 98372820 ____A C:\Windows\ntbtlog.txt
2012-05-24 21:34 - 2012-05-19 02:29 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000UA.job
2012-05-24 21:16 - 2012-05-24 21:16 - 4526596 ____R (Swearware) C:\Users\Ravage\Desktop\ComboFix (1).exe
2012-05-24 21:14 - 2012-05-24 21:14 - 0852401 ____A C:\Users\Ravage\Desktop\SecurityCheck.exe
2012-05-24 21:13 - 2010-09-03 22:01 - 0000000 ____D C:\Users\Ravage\AppData\Roaming\vlc
2012-05-24 17:15 - 2012-05-15 12:37 - 0000000 ____D C:\Users\Ravage\Documents\Diablo III
2012-05-24 15:53 - 2012-05-24 15:53 - 0294216 ____A C:\Users\Ravage\Downloads\gmer.zip
2012-05-24 15:52 - 2012-05-24 15:52 - 0302592 ____A C:\Users\Ravage\Downloads\mmjerjn8.exe
2012-05-24 15:47 - 2012-05-24 15:47 - 0002162 ____A C:\Users\Ravage\Desktop\mbam-log-2012-05-24 (06-45-25).txt
2012-05-24 15:40 - 2010-09-03 21:03 - 0000000 ____D C:\Users\All Users\PrevxCSI
2012-05-24 15:37 - 2010-09-05 18:25 - 0000000 ____D C:\Users\Ravage\AppData\Roaming\DAEMON Tools Lite
2012-05-24 15:28 - 2010-10-10 09:17 - 0743702 ____A C:\Windows\PFRO.log
2012-05-24 15:24 - 2012-05-24 15:24 - 0015788 ____A C:\Users\Ravage\Desktop\DDS.txt
2012-05-24 15:24 - 2012-05-24 15:24 - 0013714 ____A C:\Users\Ravage\Desktop\Attach.txt
2012-05-24 15:15 - 2012-05-24 15:15 - 0607260 ____R (Swearware) C:\Users\Ravage\Downloads\dds.scr
2012-05-24 14:18 - 2012-05-24 14:00 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-24 14:01 - 2012-05-24 14:00 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-24 14:00 - 2012-05-24 14:00 - 0001258 ____A C:\Users\Ravage\Desktop\Spybot - Search & Destroy.lnk
2012-05-24 13:59 - 2012-05-24 13:59 - 16409960 ____A (Safer Networking Limited ) C:\Users\Ravage\Desktop\spybotsd162.exe
2012-05-24 13:47 - 2012-05-24 13:46 - 4525926 ____A (Swearware) C:\Users\Ravage\Downloads\ComboFix.exe
2012-05-24 13:22 - 2012-05-24 13:22 - 1082543 ____A C:\Users\Ravage\Desktop\prevxscan.log
2012-05-24 10:40 - 2010-09-03 21:15 - 0065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
2012-05-24 10:40 - 2010-09-03 21:15 - 0062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
2012-05-24 10:40 - 2010-09-03 21:15 - 0036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
2012-05-24 10:40 - 2010-09-03 21:15 - 0024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
2012-05-24 02:34 - 2012-05-19 02:29 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000Core.job
2012-05-24 00:00 - 2012-05-24 00:00 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-24 00:00 - 2012-05-24 00:00 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-23 23:02 - 2012-05-23 23:02 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-23 23:01 - 2012-04-06 04:42 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-23 23:01 - 2011-05-24 08:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-23 11:02 - 2010-09-04 12:15 - 0000000 ____D C:\Users\Ravage\AppData\Local\ApplicationHistory
2012-05-22 02:24 - 2011-11-08 20:20 - 0000000 ____D C:\Program Files\PeerBlock
2012-05-21 22:33 - 2010-09-03 20:19 - 0000000 ____D C:\Users\Ravage\AppData\Roaming\uTorrent
2012-05-21 11:15 - 2012-05-21 11:15 - 0000000 ____D C:\Users\Ravage\Downloads\Game of Thrones S02E08 HDTV x264-ASAP[ettv]
2012-05-20 20:38 - 2012-05-20 20:38 - 0000355 ____A C:\Users\Ravage\Homegroup - Shortcut.lnk
2012-05-20 20:38 - 2010-09-03 20:28 - 0000000 ____D C:\users\Ravage
2012-05-20 00:03 - 2012-05-20 00:03 - 0071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-05-20 00:03 - 2012-05-20 00:03 - 0065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-05-19 02:30 - 2012-05-19 02:29 - 0000000 ____D C:\Users\Ravage\AppData\Local\Google
2012-05-18 07:49 - 2009-07-13 20:45 - 0275064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-18 03:08 - 2010-09-03 20:16 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-18 03:00 - 2009-07-13 23:46 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-15 19:40 - 2012-05-15 19:40 - 0000020 ____A C:\Users\Ravage\Desktop\Diablo 3 friends list.txt
2012-05-15 12:37 - 2012-05-15 11:56 - 0000000 ____D C:\Program Files (x86)\Diablo III
2012-05-15 12:23 - 2010-10-11 18:10 - 0000000 ____D C:\Program Files (x86)\Capcom
2012-05-15 12:11 - 2012-05-15 11:56 - 0001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 11:53 - 2012-05-15 11:53 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-14 08:30 - 2010-09-04 12:17 - 0000000 ____D C:\Users\Ravage\AppData\Local\Turbine
2012-05-13 20:22 - 2012-05-13 20:14 - 0000000 ____D C:\Users\Ravage\Downloads\Game of Thrones S02E07 HDTV x264-ASAP[ettv]
2012-05-13 15:17 - 2012-05-13 15:06 - 0000000 ____D C:\Users\Ravage\Downloads\The Avengers 2012 Cam Cropped XviD Feel-Free
2012-05-13 12:01 - 2012-05-13 12:01 - 0000000 ____D C:\Users\All Users\RELOADED
2012-05-13 11:58 - 2012-05-13 11:56 - 0000000 ____D C:\Program Files (x86)\Warlock - Master of the Arcane
2012-05-13 11:57 - 2012-05-13 11:57 - 0000924 ____A C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
2012-05-13 02:18 - 2012-05-13 02:18 - 8572602 ____A C:\Users\Ravage\Desktop\Olove - Mental State.mp3
2012-05-13 02:18 - 2012-05-13 02:18 - 7454562 ____A C:\Users\Ravage\Desktop\Olove - Cloud Theory.mp3
2012-05-12 03:15 - 2012-05-12 03:15 - 0000000 ____D C:\Users\Ravage\Downloads\Sage Francis - Li(f)e (2010)
2012-05-12 01:45 - 2012-05-12 01:45 - 0058437 ____A C:\Users\Ravage\Desktop\169019_1670446634261_1030208168_31627420_8044361_n.jpg
2012-05-11 18:36 - 2012-05-11 18:36 - 8722725 ____A C:\Users\Ravage\Desktop\Exit Call.mp3
2012-05-09 16:12 - 2010-09-04 12:23 - 0000000 ____D C:\Users\Ravage\Documents\The Lord of the Rings Online
2012-05-06 16:41 - 2012-05-06 16:41 - 0001770 ____A C:\Users\Ravage\Desktop\RaccoonCity.lnk
2012-05-06 16:41 - 2010-09-06 11:49 - 0000000 ____D C:\Users\Ravage\Documents\CAPCOM
2012-05-06 16:40 - 2010-10-12 10:21 - 0607273 ____A C:\Windows\DirectX.log
2012-05-06 16:23 - 2010-09-03 20:55 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-06 13:21 - 2012-04-09 07:29 - 0000000 ____D C:\Users\Ravage\AppData\Roaming\DarknessII
2012-05-05 08:14 - 2012-04-13 10:14 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-03 19:54 - 2012-05-03 19:54 - 0000151 ____A C:\Windows\PhotoSnapViewer.INI
2012-05-02 16:54 - 2012-05-02 16:54 - 0001596 ____A C:\Users\Ravage\Desktop\FarCry2.lnk
2012-05-02 16:54 - 2010-09-03 21:42 - 0000000 ____D C:\Users\Ravage\Documents\My Games
2012-05-02 16:45 - 2010-09-05 21:23 - 0107832 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-02 16:45 - 2010-09-05 21:23 - 0107832 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-05-02 16:45 - 2010-09-05 21:22 - 2250024 ____A C:\Windows\SysWOW64\pbsvc.exe
2012-05-02 16:41 - 2011-08-25 15:43 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-05-01 22:47 - 2012-05-01 22:44 - 0000000 ____D C:\Users\Ravage\Documents\Syndicate
2012-05-01 22:43 - 2012-05-01 22:43 - 0002409 ____A C:\Users\Public\Desktop\Syndicate.lnk
2012-05-01 22:30 - 2010-10-13 00:12 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-05-01 21:02 - 2012-05-01 21:02 - 0000000 ____D C:\Users\Ravage\AppData\Local\Risen2
2012-05-01 21:02 - 2010-09-14 17:49 - 0000000 ____D C:\Users\Ravage\AppData\Local\SKIDROW
2012-05-01 20:38 - 2012-05-01 20:38 - 0001325 ____A C:\Users\Public\Desktop\Risen 2 Dark Waters.lnk
2012-05-01 20:25 - 2010-09-20 11:21 - 0000000 ____D C:\Program Files (x86)\Deep Silver
2012-04-29 03:12 - 2010-09-04 17:41 - 0000000 ____D C:\Users\Ravage\AppData\Local\ElevatedDiagnostics
2012-04-26 01:05 - 2012-04-26 01:05 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-26 01:05 - 2012-04-26 01:05 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 01:05 - 2010-09-03 20:23 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-20 15:45 - 2011-11-02 21:17 - 0000000 ____D C:\Users\Ravage\AppData\Roaming\Tropico 4
2012-04-11 09:38 - 2012-04-11 09:38 - 0001565 ____A C:\Users\Ravage\Desktop\Tropico4 - Shortcut.lnk
2012-04-11 07:32 - 2010-09-26 21:01 - 0000000 ____D C:\Users\Ravage\Desktop\PC games
2012-04-09 18:17 - 2012-02-04 01:03 - 0001759 ____A C:\Users\Ravage\Desktop\The Sims 3.lnk
2012-04-09 18:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-09 17:57 - 2010-09-05 21:10 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2012-04-09 07:28 - 2012-04-09 07:28 - 0001592 ____A C:\Users\Ravage\Desktop\Darkness II.lnk
2012-04-09 07:17 - 2012-04-09 07:17 - 0000000 ____D C:\Program Files (x86)\2K Games
2012-04-07 22:01 - 2010-10-09 20:47 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-07 22:01 - 2010-09-21 20:52 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-07 22:01 - 2010-09-21 20:50 - 0000000 ____D C:\Users\Ravage\AppData\Local\Adobe
2012-04-04 12:56 - 2010-09-12 00:15 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 22:05 - 2012-05-18 02:59 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-18 02:59 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-18 02:59 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-18 02:59 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-18 02:58 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 10:07 - 2012-03-29 10:07 - 0000000 ____D C:\Users\Ravage\Documents\Remedy
2012-03-29 09:58 - 2012-03-29 09:58 - 0002151 ____A C:\Users\Public\Desktop\Alan Wake.lnk
2012-03-29 09:52 - 2012-03-29 09:52 - 0000000 ____D C:\Program Files (x86)\Remedy Entertainment
2012-03-23 01:13 - 2012-03-23 01:13 - 0001700 ____A C:\Users\Ravage\Desktop\Reckoning - Shortcut.lnk
2012-03-23 00:46 - 2012-03-23 00:46 - 0000000 ____D C:\Users\Ravage\AppData\Local\BigHugeEngine
2012-03-23 00:20 - 2012-03-23 00:20 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-03-23 00:20 - 2010-09-05 18:26 - 0564792 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-03-22 14:55 - 2012-03-22 14:55 - 0000000 ____D C:\Users\Ravage\AppData\Local\SCE
2012-03-22 07:52 - 2012-03-22 07:52 - 0000221 ____A C:\Users\Ravage\Desktop\DC Universe Online.url
2012-03-20 19:00 - 2011-07-15 08:35 - 0000000 ____D C:\Program Files (x86)\Total War Shogun 2
2012-03-18 00:46 - 2010-09-04 00:46 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2012-03-16 23:58 - 2012-05-18 02:59 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 04:20 - 2012-03-11 04:20 - 0000000 ____D C:\Users\Ravage\Documents\Red Kawa
2012-03-11 04:20 - 2012-03-11 04:20 - 0000000 ____D C:\Users\Ravage\AppData\Roaming\Red Kawa
2012-03-08 22:26 - 2011-08-29 22:11 - 0000000 ____D C:\Users\Ravage\AppData\Local\dxhr
2012-03-08 03:55 - 2012-03-08 03:55 - 0001284 ____A C:\Users\Ravage\Desktop\MassEffect3.lnk
2012-03-08 03:55 - 2010-09-06 17:33 - 0000000 ____D C:\Users\Ravage\Documents\BioWare
2012-03-08 03:52 - 2012-03-08 03:34 - 0000000 ____D C:\Users\Ravage\Desktop\ME3!
2012-03-07 16:41 - 2010-11-03 01:05 - 0000000 ____D C:\Nexon
2012-03-06 14:51 - 2012-03-06 14:51 - 0000000 ____D C:\Windows\lhsp
2012-03-06 14:51 - 2012-03-06 14:51 - 0000000 ____D C:\Program Files (x86)\CFS-Technologies
2012-03-06 14:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-03-06 14:45 - 2012-03-06 14:45 - 0000000 ____D C:\Program Files (x86)\Microsoft Speech SDK 5.1
2012-03-05 19:24 - 2012-03-05 19:23 - 0000000 ____D C:\Program Files\Virtual Audio Cable
2012-03-05 18:34 - 2012-03-05 18:33 - 0001374 ____A C:\Users\Ravage\Desktop\Ventrilo - Shortcut.lnk
2012-03-05 18:33 - 2010-09-03 20:18 - 0000000 ____D C:\Program Files\Ventrilo
2012-03-04 10:54 - 2010-09-03 20:19 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-02 22:35 - 2012-05-18 02:59 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-18 02:59 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-29 22:46 - 2012-04-11 20:49 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 20:49 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 20:49 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 20:49 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 20:49 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 20:49 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 20:49 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-12 20:43 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-12 20:43 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-12 20:43 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-12 20:43 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-12 20:43 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-12 20:43 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-12 20:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-12 20:43 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-12 20:43 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-12 20:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-12 20:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-12 20:43 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-12 20:43 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:54 - 2010-09-03 20:28 - 0787070 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-27 17:52 - 2012-04-12 20:43 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-12 20:43 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-12 20:43 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-12 20:43 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-12 20:43 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 20:43 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-12 20:43 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-12 20:43 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 20:43 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-12 20:43 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-12 20:43 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 20:43 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 20:43 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8183.12 MB
Available physical RAM: 7387.39 MB
Total Pagefile: 8181.27 MB
Available Pagefile: 7373.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.41 GB) (Free:20.98 GB) NTFS
3 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Fixed) (Total:465.66 GB) (Free:14.3 GB) NTFS
6 Drive h: (GS Drive) (Removable) (Total:7.47 GB) (Free:7.4 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 465 GB 0 B
Disk 2 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7647 MB 40 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H GS Drive NTFS Removable 7647 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-19 03:19

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 25 May 2012 - 01:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Lost4

Lost4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 May 2012 - 02:14 AM

01:39:12.0035 1356 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
01:39:12.0051 1356 ============================================================
01:39:12.0051 1356 Current date / time: 2012/05/25 01:39:12.0051
01:39:12.0051 1356 SystemInfo:
01:39:12.0051 1356
01:39:12.0051 1356 OS Version: 6.1.7601 ServicePack: 1.0
01:39:12.0051 1356 Product type: Workstation
01:39:12.0051 1356 ComputerName: EXCALIBUR
01:39:12.0051 1356 UserName: Ravage
01:39:12.0051 1356 Windows directory: C:\Windows
01:39:12.0051 1356 System windows directory: C:\Windows
01:39:12.0051 1356 Running under WOW64
01:39:12.0051 1356 Processor architecture: Intel x64
01:39:12.0051 1356 Number of processors: 4
01:39:12.0051 1356 Page size: 0x1000
01:39:12.0051 1356 Boot type: Normal boot
01:39:12.0051 1356 ============================================================
01:39:13.0112 1356 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:39:13.0127 1356 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:39:13.0143 1356 Drive \Device\Harddisk2\DR2 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:39:13.0143 1356 ============================================================
01:39:13.0143 1356 \Device\Harddisk0\DR0:
01:39:13.0143 1356 MBR partitions:
01:39:13.0143 1356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:39:13.0143 1356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
01:39:13.0143 1356 \Device\Harddisk1\DR1:
01:39:13.0143 1356 MBR partitions:
01:39:13.0143 1356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:39:13.0143 1356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
01:39:13.0143 1356 \Device\Harddisk2\DR2:
01:39:13.0143 1356 MBR partitions:
01:39:13.0143 1356 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x50, BlocksNum 0xEEFFB0
01:39:13.0143 1356 ============================================================
01:39:13.0205 1356 C: <-> \Device\Harddisk0\DR0\Partition1
01:39:13.0221 1356 E: <-> \Device\Harddisk1\DR1\Partition0
01:39:13.0236 1356 F: <-> \Device\Harddisk1\DR1\Partition1
01:39:13.0236 1356 ============================================================
01:39:13.0236 1356 Initialize success
01:39:13.0236 1356 ============================================================
01:39:24.0484 2508 ============================================================
01:39:24.0484 2508 Scan started
01:39:24.0484 2508 Mode: Manual;
01:39:24.0484 2508 ============================================================
01:39:25.0124 2508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:39:25.0124 2508 1394ohci - ok
01:39:25.0170 2508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:39:25.0186 2508 ACPI - ok
01:39:25.0202 2508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:39:25.0202 2508 AcpiPmi - ok
01:39:25.0280 2508 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:39:25.0280 2508 AdobeFlashPlayerUpdateSvc - ok
01:39:25.0342 2508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:39:25.0358 2508 adp94xx - ok
01:39:25.0358 2508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:39:25.0373 2508 adpahci - ok
01:39:25.0389 2508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:39:25.0389 2508 adpu320 - ok
01:39:25.0420 2508 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:39:25.0420 2508 AeLookupSvc - ok
01:39:25.0467 2508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:39:25.0482 2508 AFD - ok
01:39:25.0529 2508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:39:25.0529 2508 agp440 - ok
01:39:25.0560 2508 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:39:25.0560 2508 ALG - ok
01:39:25.0576 2508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:39:25.0576 2508 aliide - ok
01:39:25.0592 2508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:39:25.0592 2508 amdide - ok
01:39:25.0623 2508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:39:25.0623 2508 AmdK8 - ok
01:39:25.0638 2508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:39:25.0638 2508 AmdPPM - ok
01:39:25.0670 2508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:39:25.0670 2508 amdsata - ok
01:39:25.0701 2508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:39:25.0701 2508 amdsbs - ok
01:39:25.0716 2508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:39:25.0716 2508 amdxata - ok
01:39:25.0748 2508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:39:25.0748 2508 AppID - ok
01:39:25.0763 2508 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:39:25.0763 2508 AppIDSvc - ok
01:39:25.0810 2508 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:39:25.0810 2508 Appinfo - ok
01:39:25.0841 2508 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:39:25.0841 2508 AppMgmt - ok
01:39:25.0872 2508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:39:25.0872 2508 arc - ok
01:39:25.0872 2508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:39:25.0872 2508 arcsas - ok
01:39:25.0982 2508 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:39:25.0982 2508 aspnet_state - ok
01:39:26.0013 2508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:39:26.0013 2508 AsyncMac - ok
01:39:26.0013 2508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:39:26.0013 2508 atapi - ok
01:39:26.0075 2508 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
01:39:26.0075 2508 atksgt - ok
01:39:26.0122 2508 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:39:26.0138 2508 AudioEndpointBuilder - ok
01:39:26.0153 2508 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:39:26.0153 2508 AudioSrv - ok
01:39:26.0200 2508 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:39:26.0200 2508 AxInstSV - ok
01:39:26.0247 2508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:39:26.0247 2508 b06bdrv - ok
01:39:26.0294 2508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:39:26.0294 2508 b57nd60a - ok
01:39:26.0340 2508 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:39:26.0356 2508 BDESVC - ok
01:39:26.0356 2508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:39:26.0356 2508 Beep - ok
01:39:26.0418 2508 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:39:26.0450 2508 BITS - ok
01:39:26.0450 2508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:39:26.0465 2508 blbdrive - ok
01:39:26.0496 2508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:39:26.0496 2508 bowser - ok
01:39:26.0512 2508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:39:26.0512 2508 BrFiltLo - ok
01:39:26.0528 2508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:39:26.0528 2508 BrFiltUp - ok
01:39:26.0543 2508 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:39:26.0543 2508 BridgeMP - ok
01:39:26.0590 2508 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:39:26.0590 2508 Browser - ok
01:39:26.0606 2508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:39:26.0606 2508 Brserid - ok
01:39:26.0621 2508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:39:26.0621 2508 BrSerWdm - ok
01:39:26.0637 2508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:39:26.0637 2508 BrUsbMdm - ok
01:39:26.0637 2508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:39:26.0637 2508 BrUsbSer - ok
01:39:26.0652 2508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:39:26.0652 2508 BTHMODEM - ok
01:39:26.0668 2508 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:39:26.0668 2508 bthserv - ok
01:39:26.0668 2508 catchme - ok
01:39:26.0684 2508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:39:26.0684 2508 cdfs - ok
01:39:26.0699 2508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:39:26.0699 2508 cdrom - ok
01:39:26.0746 2508 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:39:26.0746 2508 CertPropSvc - ok
01:39:26.0762 2508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:39:26.0762 2508 circlass - ok
01:39:26.0777 2508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:39:26.0777 2508 CLFS - ok
01:39:26.0808 2508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:39:26.0808 2508 clr_optimization_v2.0.50727_32 - ok
01:39:26.0840 2508 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:39:26.0840 2508 clr_optimization_v2.0.50727_64 - ok
01:39:26.0918 2508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:39:26.0918 2508 clr_optimization_v4.0.30319_32 - ok
01:39:26.0933 2508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:39:26.0933 2508 clr_optimization_v4.0.30319_64 - ok
01:39:26.0949 2508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:39:26.0949 2508 CmBatt - ok
01:39:26.0949 2508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:39:26.0949 2508 cmdide - ok
01:39:27.0011 2508 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:39:27.0011 2508 CNG - ok
01:39:27.0027 2508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:39:27.0027 2508 Compbatt - ok
01:39:27.0089 2508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:39:27.0089 2508 CompositeBus - ok
01:39:27.0089 2508 COMSysApp - ok
01:39:27.0167 2508 cpuz130 - ok
01:39:27.0230 2508 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
01:39:27.0230 2508 cpuz135 - ok
01:39:27.0230 2508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:39:27.0230 2508 crcdisk - ok
01:39:27.0261 2508 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:39:27.0261 2508 CryptSvc - ok
01:39:27.0292 2508 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:39:27.0308 2508 CSC - ok
01:39:27.0339 2508 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:39:27.0354 2508 CscService - ok
01:39:27.0620 2508 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe
01:39:27.0651 2508 CSIScanner - ok
01:39:27.0776 2508 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
01:39:27.0776 2508 DAUpdaterSvc - ok
01:39:27.0869 2508 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:39:27.0869 2508 DcomLaunch - ok
01:39:27.0900 2508 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:39:27.0900 2508 defragsvc - ok
01:39:27.0947 2508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:39:27.0947 2508 DfsC - ok
01:39:27.0994 2508 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:39:28.0010 2508 Dhcp - ok
01:39:28.0010 2508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:39:28.0010 2508 discache - ok
01:39:28.0041 2508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:39:28.0041 2508 Disk - ok
01:39:28.0088 2508 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:39:28.0088 2508 Dnscache - ok
01:39:28.0119 2508 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:39:28.0134 2508 dot3svc - ok
01:39:28.0166 2508 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:39:28.0166 2508 DPS - ok
01:39:28.0197 2508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:39:28.0197 2508 drmkaud - ok
01:39:28.0244 2508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:39:28.0244 2508 DXGKrnl - ok
01:39:28.0290 2508 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
01:39:28.0290 2508 e1kexpress - ok
01:39:28.0306 2508 EagleX64 - ok
01:39:28.0337 2508 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:39:28.0337 2508 EapHost - ok
01:39:28.0462 2508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:39:28.0509 2508 ebdrv - ok
01:39:28.0556 2508 ECSIoDriver_1_1_0_0 - ok
01:39:28.0602 2508 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:39:28.0602 2508 EFS - ok
01:39:28.0665 2508 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:39:28.0680 2508 ehRecvr - ok
01:39:28.0712 2508 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:39:28.0712 2508 ehSched - ok
01:39:28.0743 2508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:39:28.0758 2508 elxstor - ok
01:39:28.0790 2508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:39:28.0790 2508 ErrDev - ok
01:39:28.0836 2508 EuMusDesignVirtualAudioCableWdm (b2eebedb883b9697ae60f7a8a943da28) C:\Windows\system32\DRIVERS\vrtaucbl.sys
01:39:28.0836 2508 EuMusDesignVirtualAudioCableWdm - ok
01:39:28.0852 2508 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:39:28.0868 2508 EventSystem - ok
01:39:28.0883 2508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:39:28.0883 2508 exfat - ok
01:39:28.0899 2508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:39:28.0899 2508 fastfat - ok
01:39:29.0164 2508 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:39:29.0164 2508 Fax - ok
01:39:29.0180 2508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:39:29.0180 2508 fdc - ok
01:39:29.0180 2508 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:39:29.0180 2508 fdPHost - ok
01:39:29.0180 2508 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:39:29.0180 2508 FDResPub - ok
01:39:29.0195 2508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:39:29.0195 2508 FileInfo - ok
01:39:29.0195 2508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:39:29.0195 2508 Filetrace - ok
01:39:29.0211 2508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:39:29.0211 2508 flpydisk - ok
01:39:29.0242 2508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:39:29.0242 2508 FltMgr - ok
01:39:29.0320 2508 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:39:29.0336 2508 FontCache - ok
01:39:29.0398 2508 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:39:29.0398 2508 FontCache3.0.0.0 - ok
01:39:29.0414 2508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:39:29.0414 2508 FsDepends - ok
01:39:29.0445 2508 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:39:29.0445 2508 Fs_Rec - ok
01:39:29.0476 2508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:39:29.0476 2508 fvevol - ok
01:39:29.0492 2508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:39:29.0492 2508 gagp30kx - ok
01:39:29.0554 2508 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:39:29.0570 2508 gpsvc - ok
01:39:29.0601 2508 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
01:39:29.0601 2508 hamachi - ok
01:39:29.0741 2508 Hamachi2Svc (76b545c4141af89e3affbfa7f784180f) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
01:39:29.0741 2508 Hamachi2Svc - ok
01:39:29.0772 2508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:39:29.0772 2508 hcw85cir - ok
01:39:29.0819 2508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:39:29.0835 2508 HdAudAddService - ok
01:39:29.0866 2508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:39:29.0866 2508 HDAudBus - ok
01:39:29.0882 2508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:39:29.0882 2508 HidBatt - ok
01:39:29.0882 2508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:39:29.0897 2508 HidBth - ok
01:39:29.0897 2508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:39:29.0897 2508 HidIr - ok
01:39:29.0944 2508 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:39:29.0944 2508 hidserv - ok
01:39:29.0975 2508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:39:29.0975 2508 HidUsb - ok
01:39:30.0022 2508 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:39:30.0022 2508 hkmsvc - ok
01:39:30.0053 2508 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:39:30.0053 2508 HomeGroupListener - ok
01:39:30.0069 2508 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:39:30.0069 2508 HomeGroupProvider - ok
01:39:30.0084 2508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:39:30.0084 2508 HpSAMD - ok
01:39:30.0147 2508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:39:30.0162 2508 HTTP - ok
01:39:30.0256 2508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:39:30.0256 2508 hwpolicy - ok
01:39:30.0287 2508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:39:30.0287 2508 i8042prt - ok
01:39:30.0350 2508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:39:30.0350 2508 iaStorV - ok
01:39:30.0412 2508 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:39:30.0428 2508 IDriverT - ok
01:39:30.0490 2508 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:39:30.0506 2508 idsvc - ok
01:39:30.0552 2508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:39:30.0552 2508 iirsp - ok
01:39:30.0599 2508 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:39:30.0630 2508 IKEEXT - ok
01:39:30.0755 2508 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
01:39:30.0771 2508 IntcAzAudAddService - ok
01:39:30.0818 2508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:39:30.0818 2508 intelide - ok
01:39:30.0849 2508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:39:30.0849 2508 intelppm - ok
01:39:30.0864 2508 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:39:30.0864 2508 IPBusEnum - ok
01:39:30.0896 2508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:39:30.0896 2508 IpFilterDriver - ok
01:39:30.0942 2508 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:39:30.0958 2508 iphlpsvc - ok
01:39:31.0005 2508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:39:31.0005 2508 IPMIDRV - ok
01:39:31.0020 2508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:39:31.0020 2508 IPNAT - ok
01:39:31.0052 2508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:39:31.0052 2508 IRENUM - ok
01:39:31.0067 2508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:39:31.0067 2508 isapnp - ok
01:39:31.0114 2508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:39:31.0114 2508 iScsiPrt - ok
01:39:31.0145 2508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:39:31.0145 2508 kbdclass - ok
01:39:31.0176 2508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:39:31.0176 2508 kbdhid - ok
01:39:31.0223 2508 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:39:31.0223 2508 KeyIso - ok
01:39:31.0239 2508 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:39:31.0239 2508 KSecDD - ok
01:39:31.0254 2508 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:39:31.0254 2508 KSecPkg - ok
01:39:31.0270 2508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:39:31.0270 2508 ksthunk - ok
01:39:31.0301 2508 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:39:31.0317 2508 KtmRm - ok
01:39:31.0348 2508 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:39:31.0348 2508 LanmanServer - ok
01:39:31.0395 2508 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:39:31.0395 2508 LanmanWorkstation - ok
01:39:31.0410 2508 libusb0 - ok
01:39:31.0442 2508 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
01:39:31.0442 2508 lirsgt - ok
01:39:31.0473 2508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:39:31.0473 2508 lltdio - ok
01:39:31.0488 2508 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:39:31.0504 2508 lltdsvc - ok
01:39:31.0504 2508 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:39:31.0520 2508 lmhosts - ok
01:39:31.0520 2508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:39:31.0535 2508 LSI_FC - ok
01:39:31.0551 2508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:39:31.0551 2508 LSI_SAS - ok
01:39:31.0551 2508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:39:31.0551 2508 LSI_SAS2 - ok
01:39:31.0566 2508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:39:31.0582 2508 LSI_SCSI - ok
01:39:31.0598 2508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:39:31.0598 2508 luafv - ok
01:39:31.0629 2508 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
01:39:31.0629 2508 MBAMProtector - ok
01:39:31.0707 2508 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:39:31.0707 2508 MBAMService - ok
01:39:31.0738 2508 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:39:31.0738 2508 Mcx2Svc - ok
01:39:31.0738 2508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:39:31.0738 2508 megasas - ok
01:39:31.0769 2508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:39:31.0769 2508 MegaSR - ok
01:39:31.0785 2508 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:39:31.0785 2508 MMCSS - ok
01:39:31.0800 2508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:39:31.0800 2508 Modem - ok
01:39:31.0816 2508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:39:31.0816 2508 monitor - ok
01:39:31.0863 2508 MotioninJoyXFilter (df59d849426bf9ab7f4cf3e63c4d6643) C:\Windows\system32\DRIVERS\MijXfilt.sys
01:39:31.0863 2508 MotioninJoyXFilter - ok
01:39:31.0878 2508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:39:31.0878 2508 mouclass - ok
01:39:31.0894 2508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:39:31.0894 2508 mouhid - ok
01:39:31.0941 2508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:39:31.0941 2508 mountmgr - ok
01:39:31.0988 2508 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:39:31.0988 2508 MozillaMaintenance - ok
01:39:32.0003 2508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:39:32.0003 2508 mpio - ok
01:39:32.0019 2508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:39:32.0019 2508 mpsdrv - ok
01:39:32.0050 2508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:39:32.0050 2508 MRxDAV - ok
01:39:32.0097 2508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:39:32.0097 2508 mrxsmb - ok
01:39:32.0128 2508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:39:32.0128 2508 mrxsmb10 - ok
01:39:32.0144 2508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:39:32.0159 2508 mrxsmb20 - ok
01:39:32.0159 2508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:39:32.0159 2508 msahci - ok
01:39:32.0190 2508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:39:32.0190 2508 msdsm - ok
01:39:32.0206 2508 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:39:32.0206 2508 MSDTC - ok
01:39:32.0222 2508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:39:32.0222 2508 Msfs - ok
01:39:32.0237 2508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:39:32.0237 2508 mshidkmdf - ok
01:39:32.0253 2508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:39:32.0253 2508 msisadrv - ok
01:39:32.0284 2508 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:39:32.0284 2508 MSiSCSI - ok
01:39:32.0284 2508 msiserver - ok
01:39:32.0315 2508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:39:32.0315 2508 MSKSSRV - ok
01:39:32.0315 2508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:39:32.0315 2508 MSPCLOCK - ok
01:39:32.0331 2508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:39:32.0331 2508 MSPQM - ok
01:39:32.0362 2508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:39:32.0362 2508 MsRPC - ok
01:39:32.0393 2508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:39:32.0393 2508 mssmbios - ok
01:39:32.0424 2508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:39:32.0424 2508 MSTEE - ok
01:39:32.0440 2508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:39:32.0440 2508 MTConfig - ok
01:39:32.0456 2508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:39:32.0456 2508 Mup - ok
01:39:32.0471 2508 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:39:32.0487 2508 napagent - ok
01:39:32.0502 2508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:39:32.0502 2508 NativeWifiP - ok
01:39:32.0627 2508 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
01:39:32.0674 2508 NBService - ok
01:39:32.0799 2508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:39:32.0814 2508 NDIS - ok
01:39:32.0830 2508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:39:32.0830 2508 NdisCap - ok
01:39:32.0830 2508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:39:32.0846 2508 NdisTapi - ok
01:39:32.0877 2508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:39:32.0877 2508 Ndisuio - ok
01:39:32.0908 2508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:39:32.0924 2508 NdisWan - ok
01:39:32.0955 2508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:39:32.0955 2508 NDProxy - ok
01:39:32.0970 2508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:39:32.0970 2508 NetBIOS - ok
01:39:32.0986 2508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:39:33.0002 2508 NetBT - ok
01:39:33.0017 2508 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:39:33.0017 2508 Netlogon - ok
01:39:33.0048 2508 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:39:33.0048 2508 Netman - ok
01:39:33.0126 2508 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:39:33.0126 2508 NetMsmqActivator - ok
01:39:33.0142 2508 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:39:33.0142 2508 NetPipeActivator - ok
01:39:33.0158 2508 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:39:33.0173 2508 netprofm - ok
01:39:33.0173 2508 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:39:33.0173 2508 NetTcpActivator - ok
01:39:33.0173 2508 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:39:33.0173 2508 NetTcpPortSharing - ok
01:39:33.0220 2508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:39:33.0220 2508 nfrd960 - ok
01:39:33.0236 2508 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:39:33.0251 2508 NlaSvc - ok
01:39:33.0329 2508 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
01:39:33.0329 2508 NMIndexingService - ok
01:39:33.0329 2508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:39:33.0329 2508 Npfs - ok
01:39:33.0345 2508 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:39:33.0345 2508 nsi - ok
01:39:33.0345 2508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:39:33.0360 2508 nsiproxy - ok
01:39:33.0438 2508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:39:33.0454 2508 Ntfs - ok
01:39:33.0516 2508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:39:33.0516 2508 Null - ok
01:39:33.0563 2508 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
01:39:33.0563 2508 NVHDA - ok
01:39:33.0938 2508 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:39:33.0984 2508 nvlddmkm - ok
01:39:34.0078 2508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:39:34.0078 2508 nvraid - ok
01:39:34.0109 2508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:39:34.0109 2508 nvstor - ok
01:39:34.0218 2508 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
01:39:34.0250 2508 nvsvc - ok
01:39:34.0296 2508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:39:34.0296 2508 nv_agp - ok
01:39:34.0328 2508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:39:34.0328 2508 ohci1394 - ok
01:39:34.0343 2508 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:39:34.0359 2508 p2pimsvc - ok
01:39:34.0374 2508 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:39:34.0374 2508 p2psvc - ok
01:39:34.0374 2508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:39:34.0390 2508 Parport - ok
01:39:34.0421 2508 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:39:34.0421 2508 partmgr - ok
01:39:34.0437 2508 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:39:34.0437 2508 PcaSvc - ok
01:39:34.0452 2508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:39:34.0452 2508 pci - ok
01:39:34.0468 2508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:39:34.0468 2508 pciide - ok
01:39:34.0484 2508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:39:34.0484 2508 pcmcia - ok
01:39:34.0499 2508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:39:34.0499 2508 pcw - ok
01:39:34.0530 2508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:39:34.0562 2508 PEAUTH - ok
01:39:34.0608 2508 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:39:34.0624 2508 PeerDistSvc - ok
01:39:34.0671 2508 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:39:34.0671 2508 PerfHost - ok
01:39:34.0874 2508 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
01:39:34.0874 2508 PEVSystemStart - ok
01:39:34.0952 2508 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:39:34.0983 2508 pla - ok
01:39:35.0045 2508 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:39:35.0045 2508 PlugPlay - ok
01:39:35.0076 2508 PnkBstrA - ok
01:39:35.0092 2508 PnkBstrB - ok
01:39:35.0108 2508 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:39:35.0108 2508 PNRPAutoReg - ok
01:39:35.0123 2508 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:39:35.0123 2508 PNRPsvc - ok
01:39:35.0154 2508 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:39:35.0154 2508 PolicyAgent - ok
01:39:35.0186 2508 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:39:35.0186 2508 Power - ok
01:39:35.0232 2508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:39:35.0248 2508 PptpMiniport - ok
01:39:35.0264 2508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:39:35.0264 2508 Processor - ok
01:39:35.0279 2508 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:39:35.0279 2508 ProfSvc - ok
01:39:35.0310 2508 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:39:35.0310 2508 ProtectedStorage - ok
01:39:35.0357 2508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:39:35.0357 2508 Psched - ok
01:39:35.0388 2508 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
01:39:35.0388 2508 pxkbf - ok
01:39:35.0435 2508 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
01:39:35.0435 2508 pxrts - ok
01:39:35.0482 2508 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
01:39:35.0482 2508 pxscan - ok
01:39:35.0544 2508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:39:35.0576 2508 ql2300 - ok
01:39:35.0638 2508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:39:35.0638 2508 ql40xx - ok
01:39:35.0654 2508 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:39:35.0654 2508 QWAVE - ok
01:39:35.0669 2508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:39:35.0669 2508 QWAVEdrv - ok
01:39:35.0685 2508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:39:35.0685 2508 RasAcd - ok
01:39:35.0700 2508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:39:35.0700 2508 RasAgileVpn - ok
01:39:35.0716 2508 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:39:35.0716 2508 RasAuto - ok
01:39:35.0747 2508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:39:35.0763 2508 Rasl2tp - ok
01:39:35.0794 2508 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:39:35.0794 2508 RasMan - ok
01:39:35.0810 2508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:39:35.0810 2508 RasPppoe - ok
01:39:35.0825 2508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:39:35.0825 2508 RasSstp - ok
01:39:35.0841 2508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:39:35.0841 2508 rdbss - ok
01:39:35.0856 2508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:39:35.0856 2508 rdpbus - ok
01:39:35.0856 2508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:39:35.0856 2508 RDPCDD - ok
01:39:35.0903 2508 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:39:35.0903 2508 RDPDR - ok
01:39:35.0919 2508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:39:35.0919 2508 RDPENCDD - ok
01:39:35.0919 2508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:39:35.0919 2508 RDPREFMP - ok
01:39:35.0950 2508 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:39:35.0966 2508 RdpVideoMiniport - ok
01:39:35.0997 2508 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:39:36.0012 2508 RDPWD - ok
01:39:36.0059 2508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:39:36.0059 2508 rdyboost - ok
01:39:36.0090 2508 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:39:36.0090 2508 RemoteAccess - ok
01:39:36.0106 2508 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:39:36.0106 2508 RemoteRegistry - ok
01:39:36.0122 2508 RimUsb - ok
01:39:36.0153 2508 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:39:36.0153 2508 RimVSerPort - ok
01:39:36.0168 2508 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
01:39:36.0168 2508 ROOTMODEM - ok
01:39:36.0184 2508 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:39:36.0184 2508 RpcEptMapper - ok
01:39:36.0184 2508 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:39:36.0184 2508 RpcLocator - ok
01:39:36.0231 2508 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:39:36.0231 2508 RpcSs - ok
01:39:36.0246 2508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:39:36.0246 2508 rspndr - ok
01:39:36.0278 2508 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:39:36.0278 2508 s3cap - ok
01:39:36.0278 2508 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:39:36.0278 2508 SamSs - ok
01:39:36.0309 2508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:39:36.0309 2508 sbp2port - ok
01:39:36.0434 2508 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
01:39:36.0449 2508 SBSDWSCService - ok
01:39:36.0480 2508 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:39:36.0480 2508 SCardSvr - ok
01:39:36.0512 2508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:39:36.0512 2508 scfilter - ok
01:39:36.0590 2508 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:39:36.0668 2508 Schedule - ok
01:39:36.0699 2508 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:39:36.0699 2508 SCPolicySvc - ok
01:39:36.0714 2508 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:39:36.0730 2508 SDRSVC - ok
01:39:36.0746 2508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:39:36.0746 2508 secdrv - ok
01:39:36.0777 2508 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:39:36.0777 2508 seclogon - ok
01:39:36.0792 2508 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:39:36.0792 2508 SENS - ok
01:39:36.0808 2508 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:39:36.0808 2508 SensrSvc - ok
01:39:36.0824 2508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:39:36.0824 2508 Serenum - ok
01:39:36.0839 2508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:39:36.0839 2508 Serial - ok
01:39:36.0870 2508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:39:36.0870 2508 sermouse - ok
01:39:36.0886 2508 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:39:36.0886 2508 SessionEnv - ok
01:39:36.0917 2508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:39:36.0917 2508 sffdisk - ok
01:39:36.0933 2508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:39:36.0933 2508 sffp_mmc - ok
01:39:36.0948 2508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:39:36.0948 2508 sffp_sd - ok
01:39:36.0964 2508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:39:36.0964 2508 sfloppy - ok
01:39:36.0995 2508 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:39:36.0995 2508 ShellHWDetection - ok
01:39:37.0026 2508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:39:37.0026 2508 SiSRaid2 - ok
01:39:37.0026 2508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:39:37.0026 2508 SiSRaid4 - ok
01:39:37.0058 2508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:39:37.0058 2508 Smb - ok
01:39:37.0089 2508 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:39:37.0089 2508 SNMPTRAP - ok
01:39:37.0104 2508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:39:37.0104 2508 spldr - ok
01:39:37.0136 2508 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:39:37.0151 2508 Spooler - ok
01:39:37.0276 2508 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:39:37.0338 2508 sppsvc - ok
01:39:37.0401 2508 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:39:37.0401 2508 sppuinotify - ok
01:39:37.0479 2508 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
01:39:37.0479 2508 sptd - ok
01:39:37.0526 2508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:39:37.0541 2508 srv - ok
01:39:37.0572 2508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:39:37.0572 2508 srv2 - ok
01:39:37.0588 2508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:39:37.0588 2508 srvnet - ok
01:39:37.0619 2508 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:39:37.0619 2508 SSDPSRV - ok
01:39:37.0635 2508 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:39:37.0635 2508 SstpSvc - ok
01:39:37.0666 2508 Steam Client Service - ok
01:39:37.0760 2508 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:39:37.0775 2508 Stereo Service - ok
01:39:37.0791 2508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:39:37.0791 2508 stexstor - ok
01:39:37.0822 2508 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:39:37.0853 2508 stisvc - ok
01:39:37.0916 2508 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:39:37.0916 2508 storflt - ok
01:39:37.0931 2508 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:39:37.0947 2508 storvsc - ok
01:39:37.0947 2508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:39:37.0947 2508 swenum - ok
01:39:37.0978 2508 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:39:37.0994 2508 swprv - ok
01:39:38.0009 2508 Synth3dVsc - ok
01:39:38.0103 2508 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:39:38.0134 2508 SysMain - ok
01:39:38.0196 2508 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:39:38.0196 2508 TabletInputService - ok
01:39:38.0243 2508 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:39:38.0243 2508 TapiSrv - ok
01:39:38.0274 2508 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:39:38.0274 2508 TBS - ok
01:39:38.0368 2508 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:39:38.0384 2508 Tcpip - ok
01:39:38.0493 2508 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:39:38.0493 2508 TCPIP6 - ok
01:39:38.0540 2508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:39:38.0540 2508 tcpipreg - ok
01:39:38.0555 2508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:39:38.0555 2508 TDPIPE - ok
01:39:38.0586 2508 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:39:38.0586 2508 TDTCP - ok
01:39:38.0618 2508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:39:38.0618 2508 tdx - ok
01:39:38.0649 2508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:39:38.0649 2508 TermDD - ok
01:39:38.0680 2508 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:39:38.0696 2508 TermService - ok
01:39:38.0711 2508 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:39:38.0711 2508 Themes - ok
01:39:38.0727 2508 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:39:38.0727 2508 THREADORDER - ok
01:39:38.0742 2508 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:39:38.0758 2508 TrkWks - ok
01:39:38.0774 2508 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:39:38.0774 2508 TrustedInstaller - ok
01:39:38.0805 2508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:39:38.0805 2508 tssecsrv - ok
01:39:38.0820 2508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:39:38.0820 2508 TsUsbFlt - ok
01:39:38.0820 2508 tsusbhub - ok
01:39:38.0883 2508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:39:38.0883 2508 tunnel - ok
01:39:38.0898 2508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:39:38.0898 2508 uagp35 - ok
01:39:38.0930 2508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:39:38.0930 2508 udfs - ok
01:39:38.0945 2508 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:39:38.0945 2508 UI0Detect - ok
01:39:38.0961 2508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:39:38.0961 2508 uliagpkx - ok
01:39:38.0992 2508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:39:38.0992 2508 umbus - ok
01:39:39.0008 2508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:39:39.0008 2508 UmPass - ok
01:39:39.0039 2508 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:39:39.0039 2508 UmRdpService - ok
01:39:39.0054 2508 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:39:39.0070 2508 upnphost - ok
01:39:39.0117 2508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
01:39:39.0117 2508 usbaudio - ok
01:39:39.0148 2508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:39:39.0148 2508 usbccgp - ok
01:39:39.0288 2508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:39:39.0335 2508 usbcir - ok
01:39:39.0444 2508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:39:39.0444 2508 usbehci - ok
01:39:39.0460 2508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:39:39.0460 2508 usbhub - ok
01:39:39.0507 2508 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:39:39.0507 2508 usbohci - ok
01:39:39.0522 2508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:39:39.0522 2508 usbprint - ok
01:39:39.0554 2508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
01:39:39.0554 2508 USBSTOR - ok
01:39:39.0569 2508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:39:39.0569 2508 usbuhci - ok
01:39:39.0569 2508 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:39:39.0569 2508 UxSms - ok
01:39:39.0616 2508 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:39:39.0616 2508 VaultSvc - ok
01:39:39.0616 2508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:39:39.0616 2508 vdrvroot - ok
01:39:39.0647 2508 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:39:39.0663 2508 vds - ok
01:39:39.0678 2508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:39:39.0678 2508 vga - ok
01:39:39.0694 2508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:39:39.0694 2508 VgaSave - ok
01:39:39.0694 2508 VGPU - ok
01:39:39.0710 2508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:39:39.0710 2508 vhdmp - ok
01:39:39.0725 2508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:39:39.0725 2508 viaide - ok
01:39:39.0772 2508 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:39:39.0772 2508 vmbus - ok
01:39:39.0788 2508 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:39:39.0803 2508 VMBusHID - ok
01:39:39.0834 2508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:39:39.0834 2508 volmgr - ok
01:39:39.0881 2508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:39:39.0881 2508 volmgrx - ok
01:39:39.0912 2508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:39:39.0912 2508 volsnap - ok
01:39:39.0944 2508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:39:39.0944 2508 vsmraid - ok
01:39:40.0022 2508 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:39:40.0068 2508 VSS - ok
01:39:40.0115 2508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:39:40.0115 2508 vwifibus - ok
01:39:40.0146 2508 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:39:40.0146 2508 W32Time - ok
01:39:40.0162 2508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:39:40.0162 2508 WacomPen - ok
01:39:40.0209 2508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:39:40.0209 2508 WANARP - ok
01:39:40.0209 2508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:39:40.0209 2508 Wanarpv6 - ok
01:39:40.0271 2508 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:39:40.0318 2508 wbengine - ok
01:39:40.0365 2508 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:39:40.0365 2508 WbioSrvc - ok
01:39:40.0412 2508 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:39:40.0412 2508 wcncsvc - ok
01:39:40.0427 2508 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:39:40.0427 2508 WcsPlugInService - ok
01:39:40.0443 2508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:39:40.0443 2508 Wd - ok
01:39:40.0490 2508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:39:40.0505 2508 Wdf01000 - ok
01:39:40.0552 2508 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:39:40.0552 2508 WdiServiceHost - ok
01:39:40.0568 2508 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:39:40.0568 2508 WdiSystemHost - ok
01:39:40.0583 2508 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:39:40.0583 2508 WebClient - ok
01:39:40.0599 2508 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:39:40.0599 2508 Wecsvc - ok
01:39:40.0630 2508 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:39:40.0630 2508 wercplsupport - ok
01:39:40.0646 2508 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:39:40.0646 2508 WerSvc - ok
01:39:40.0661 2508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:39:40.0661 2508 WfpLwf - ok
01:39:40.0677 2508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:39:40.0677 2508 WIMMount - ok
01:39:40.0724 2508 WinDefend - ok
01:39:40.0739 2508 WinHttpAutoProxySvc - ok
01:39:40.0802 2508 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:39:40.0802 2508 Winmgmt - ok
01:39:40.0880 2508 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:39:40.0926 2508 WinRM - ok
01:39:40.0973 2508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:39:40.0973 2508 WinUsb - ok
01:39:41.0020 2508 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:39:41.0051 2508 Wlansvc - ok
01:39:41.0207 2508 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:39:41.0223 2508 wlidsvc - ok
01:39:41.0270 2508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:39:41.0285 2508 WmiAcpi - ok
01:39:41.0285 2508 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:39:41.0285 2508 wmiApSrv - ok
01:39:41.0316 2508 WMPNetworkSvc - ok
01:39:41.0316 2508 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:39:41.0316 2508 WPCSvc - ok
01:39:41.0332 2508 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:39:41.0332 2508 WPDBusEnum - ok
01:39:41.0348 2508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:39:41.0348 2508 ws2ifsl - ok
01:39:41.0379 2508 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:39:41.0379 2508 wscsvc - ok
01:39:41.0379 2508 WSearch - ok
01:39:41.0472 2508 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:39:41.0535 2508 wuauserv - ok
01:39:41.0582 2508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:39:41.0582 2508 WudfPf - ok
01:39:41.0597 2508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:39:41.0613 2508 WUDFRd - ok
01:39:41.0644 2508 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:39:41.0644 2508 wudfsvc - ok
01:39:41.0660 2508 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:39:41.0660 2508 WwanSvc - ok
01:39:41.0660 2508 XPADFL02 - ok
01:39:41.0706 2508 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
01:39:41.0706 2508 xusb21 - ok
01:39:41.0722 2508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:39:42.0050 2508 \Device\Harddisk0\DR0 - ok
01:39:42.0065 2508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
01:39:42.0159 2508 \Device\Harddisk1\DR1 - ok
01:39:42.0174 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
01:39:44.0483 2508 \Device\Harddisk2\DR2 - ok
01:39:44.0483 2508 Boot (0x1200) (c94118dc26093058c11def5acb2f87c3) \Device\Harddisk0\DR0\Partition0
01:39:44.0483 2508 \Device\Harddisk0\DR0\Partition0 - ok
01:39:44.0499 2508 Boot (0x1200) (2e4845c2eb49146181fc37109771b9f5) \Device\Harddisk0\DR0\Partition1
01:39:44.0499 2508 \Device\Harddisk0\DR0\Partition1 - ok
01:39:44.0499 2508 Boot (0x1200) (58e556c32a0e22a5d54cd7a8315be8d1) \Device\Harddisk1\DR1\Partition0
01:39:44.0499 2508 \Device\Harddisk1\DR1\Partition0 - ok
01:39:44.0499 2508 Boot (0x1200) (e5c05ee2fac89ef9664ffb95822a0200) \Device\Harddisk1\DR1\Partition1
01:39:44.0499 2508 \Device\Harddisk1\DR1\Partition1 - ok
01:39:44.0514 2508 Boot (0x1200) (3fab39a912b0010cf25ce3783b484097) \Device\Harddisk2\DR2\Partition0
01:39:44.0514 2508 \Device\Harddisk2\DR2\Partition0 - ok
01:39:44.0514 2508 ============================================================
01:39:44.0514 2508 Scan finished
01:39:44.0514 2508 ============================================================
01:39:44.0514 1484 Detected object count: 0
01:39:44.0514 1484 Actual detected object count: 0

------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 01:41:01
-----------------------------
01:41:01.313 OS Version: Windows x64 6.1.7601 Service Pack 1
01:41:01.313 Number of processors: 4 586 0x1E05
01:41:01.313 ComputerName: EXCALIBUR UserName: Ravage
01:41:02.983 Initialize success
01:43:21.580 AVAST engine defs: 12052402
01:43:28.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7
01:43:28.668 Disk 0 Vendor: WDC_WD10EARS-00Z5B1 80.00A80 Size: 953869MB BusType: 3
01:43:28.670 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
01:43:28.671 Disk 1 Vendor: ST3500410AS CC34 Size: 476940MB BusType: 3
01:43:28.694 Disk 0 MBR read successfully
01:43:28.696 Disk 0 MBR scan
01:43:28.699 Disk 0 Windows 7 default MBR code
01:43:28.705 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:43:28.726 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
01:43:28.741 Disk 0 scanning C:\Windows\system32\drivers
01:43:36.618 Service scanning
01:43:52.060 Modules scanning
01:43:52.065 Disk 0 trace - called modules:
01:43:52.082 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006ce22c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:43:52.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d4a060]
01:43:52.089 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007ad09b0]
01:43:52.092 5 ACPI.sys[fffff880011a07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-7[0xfffffa8007ad7060]
01:43:52.095 \Driver\atapi[0xfffffa8007abb7d0] -> IRP_MJ_CREATE -> 0xfffffa8006ce22c0
01:43:56.160 AVAST engine scan C:\Windows
01:43:59.602 AVAST engine scan C:\Windows\system32
01:45:17.833 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:45:19.777 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:46:05.259 AVAST engine scan C:\Windows\system32\drivers
01:46:15.213 AVAST engine scan C:\Users\Ravage
01:50:46.059 File: C:\Users\Ravage\AppData\Local\{0428e6d0-54ce-1235-1b90-0f571fd9b51b}\n **INFECTED** Win32:Sirefef-PL [Rtk]
01:50:46.252 File: C:\Users\Ravage\AppData\Local\{0428e6d0-54ce-1235-1b90-0f571fd9b51b}\U\80000000.@ **INFECTED** Win32:Malware-gen
02:00:11.326 AVAST engine scan C:\ProgramData
02:03:44.547 Scan finished successfully
02:13:24.293 Disk 0 MBR has been saved successfully to "C:\Users\Ravage\Desktop\MBR.dat"
02:13:24.296 The log file has been saved successfully to "C:\Users\Ravage\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 25 May 2012 - 03:09 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Lost4

Lost4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 May 2012 - 03:32 AM

OTL logfile created on: 5/25/2012 3:22:04 AM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Ravage\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.05% Memory free
15.98 Gb Paging File | 13.43 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 20.82 Gb Free Space | 2.24% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 14.30 Gb Free Space | 3.07% Space Free | Partition Type: NTFS
Drive I: | 7.47 Gb Total Space | 7.40 Gb Free Space | 99.07% Space Free | Partition Type: NTFS

Computer Name: EXCALIBUR | User Name: Ravage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ravage\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ravage\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()
MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll ()
MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
MOD - C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PEVSystemStart) -- C:\32788R22FWJFW\pev.3XE ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)
DRV:64bit: - (pxscan) -- C:\Windows\SysNative\drivers\pxscan.sys (Prevx)
DRV:64bit: - (pxkbf) -- C:\Windows\SysNative\drivers\pxkbf.sys (Prevx)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z131&ocid=zdhp&install_date=20111211
IE - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 2D B1 26 D3 4C CC 01 [binary data]
IE - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111211&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ravage\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ravage\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/26 04:05:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 23:44:06 | 000,000,000 | ---D | M]

[2010/09/03 23:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravage\AppData\Roaming\Mozilla\Extensions
[2012/05/24 12:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravage\AppData\Roaming\Mozilla\Firefox\Profiles\prxctxqn.default\extensions
[2011/12/11 01:08:11 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Ravage\AppData\Roaming\Mozilla\Firefox\Profiles\prxctxqn.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/12/11 01:08:48 | 000,001,945 | ---- | M] () -- C:\Users\Ravage\AppData\Roaming\Mozilla\Firefox\Profiles\prxctxqn.default\searchplugins\bing-zugo.xml
[2012/01/09 00:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/24 12:23:21 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\RAVAGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PRXCTXQN.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/26 04:05:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 08:49:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 20:51:52 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ravage\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ravage\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ravage\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Ravage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ravage\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DealPly = C:\Users\Ravage\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Gmail = C:\Users\Ravage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/30 00:05:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O4:64bit: - HKLM..\Run: [PrevxCSI] C:\Program Files\Prevx\prevx.exe (Prevx)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0414B11A-5D5F-4220-BA56-00D4DE6CD497}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-337447031-1748316219-1097632974-1000\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/25 04:12:22 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/25 03:19:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ravage\Desktop\OTL.exe
[2012/05/25 01:31:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ravage\Desktop\aswMBR.exe
[2012/05/25 01:31:05 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ravage\Desktop\tdsskiller.exe
[2012/05/25 00:17:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/25 00:16:14 | 004,526,596 | R--- | C] (Swearware) -- C:\Users\Ravage\Desktop\ComboFix (1).exe
[2012/05/24 17:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/24 17:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/24 17:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/24 16:59:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Ravage\Desktop\spybotsd162.exe
[2012/05/24 03:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/24 03:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/24 02:02:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/20 03:03:58 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2012/05/20 03:03:56 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2012/05/19 05:30:23 | 000,000,000 | ---D | C] -- C:\Users\Ravage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/19 05:29:47 | 000,000,000 | ---D | C] -- C:\Users\Ravage\AppData\Local\Google
[2012/05/18 05:59:43 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/18 05:59:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/18 05:59:42 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/18 05:59:10 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/15 15:37:42 | 000,000,000 | ---D | C] -- C:\Users\Ravage\Documents\Diablo III
[2012/05/15 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/15 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/15 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/13 15:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/05/13 14:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warlock - Master of the Arcane
[2012/05/02 01:44:18 | 000,000,000 | ---D | C] -- C:\Users\Ravage\Documents\Syndicate
[2012/05/02 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ravage\AppData\Local\Risen2
[2012/04/30 18:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/26 04:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/26 04:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/25 03:19:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ravage\Desktop\OTL.exe
[2012/05/25 02:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/25 02:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000UA.job
[2012/05/25 02:13:24 | 000,000,512 | ---- | M] () -- C:\Users\Ravage\Desktop\MBR.dat
[2012/05/25 01:31:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ravage\Desktop\aswMBR.exe
[2012/05/25 01:31:06 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ravage\Desktop\tdsskiller.exe
[2012/05/25 01:27:43 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 01:27:43 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 01:20:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/25 01:20:15 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/25 01:05:07 | 000,793,346 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/25 01:05:07 | 000,669,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/25 01:05:07 | 000,125,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/25 00:16:17 | 004,526,596 | R--- | M] (Swearware) -- C:\Users\Ravage\Desktop\ComboFix (1).exe
[2012/05/25 00:14:03 | 000,852,401 | ---- | M] () -- C:\Users\Ravage\Desktop\SecurityCheck.exe
[2012/05/24 17:00:26 | 000,001,282 | ---- | M] () -- C:\Users\Ravage\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/24 17:00:26 | 000,001,258 | ---- | M] () -- C:\Users\Ravage\Desktop\Spybot - Search & Destroy.lnk
[2012/05/24 16:59:16 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Ravage\Desktop\spybotsd162.exe
[2012/05/24 13:40:42 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2012/05/24 13:40:42 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2012/05/24 13:40:42 | 000,036,384 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2012/05/24 13:40:41 | 000,024,024 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2012/05/24 05:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000Core.job
[2012/05/24 03:00:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/24 02:01:43 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/24 02:01:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/20 23:38:26 | 000,000,355 | ---- | M] () -- C:\Users\Ravage\Homegroup - Shortcut.lnk
[2012/05/20 03:03:58 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2012/05/20 03:03:56 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2012/05/18 10:49:19 | 000,275,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/15 15:11:26 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/13 14:57:05 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
[2012/05/13 05:18:49 | 008,572,602 | ---- | M] () -- C:\Users\Ravage\Desktop\Olove - Mental State.mp3
[2012/05/13 05:18:23 | 007,454,562 | ---- | M] () -- C:\Users\Ravage\Desktop\Olove - Cloud Theory.mp3
[2012/05/12 04:45:43 | 000,058,437 | ---- | M] () -- C:\Users\Ravage\Desktop\169019_1670446634261_1030208168_31627420_8044361_n.jpg
[2012/05/11 21:36:45 | 008,722,725 | ---- | M] () -- C:\Users\Ravage\Desktop\Exit Call.mp3
[2012/05/06 19:41:38 | 000,001,770 | ---- | M] () -- C:\Users\Ravage\Desktop\RaccoonCity.lnk
[2012/05/05 11:14:04 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/03 22:54:14 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI
[2012/05/02 19:54:36 | 000,001,596 | ---- | M] () -- C:\Users\Ravage\Desktop\FarCry2.lnk
[2012/05/02 19:45:34 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/02 19:45:27 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/05/02 19:45:24 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/05/02 01:43:06 | 000,002,409 | ---- | M] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012/05/01 23:38:36 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\Risen 2 Dark Waters.lnk
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/25 02:13:24 | 000,000,512 | ---- | C] () -- C:\Users\Ravage\Desktop\MBR.dat
[2012/05/25 00:14:02 | 000,852,401 | ---- | C] () -- C:\Users\Ravage\Desktop\SecurityCheck.exe
[2012/05/24 18:54:03 | 000,302,592 | ---- | C] () -- C:\Users\Ravage\Desktop\gmer.exe
[2012/05/24 17:00:26 | 000,001,282 | ---- | C] () -- C:\Users\Ravage\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/24 17:00:26 | 000,001,258 | ---- | C] () -- C:\Users\Ravage\Desktop\Spybot - Search & Destroy.lnk
[2012/05/24 03:00:05 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/24 02:01:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 23:38:26 | 000,000,355 | ---- | C] () -- C:\Users\Ravage\Homegroup - Shortcut.lnk
[2012/05/19 05:29:54 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000UA.job
[2012/05/19 05:29:49 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337447031-1748316219-1097632974-1000Core.job
[2012/05/15 14:56:42 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/13 14:57:05 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
[2012/05/13 05:18:46 | 008,572,602 | ---- | C] () -- C:\Users\Ravage\Desktop\Olove - Mental State.mp3
[2012/05/13 05:18:18 | 007,454,562 | ---- | C] () -- C:\Users\Ravage\Desktop\Olove - Cloud Theory.mp3
[2012/05/12 04:45:41 | 000,058,437 | ---- | C] () -- C:\Users\Ravage\Desktop\169019_1670446634261_1030208168_31627420_8044361_n.jpg
[2012/05/11 21:36:30 | 008,722,725 | ---- | C] () -- C:\Users\Ravage\Desktop\Exit Call.mp3
[2012/05/06 19:41:38 | 000,001,770 | ---- | C] () -- C:\Users\Ravage\Desktop\RaccoonCity.lnk
[2012/05/03 22:54:14 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2012/05/02 19:54:36 | 000,001,596 | ---- | C] () -- C:\Users\Ravage\Desktop\FarCry2.lnk
[2012/05/02 01:43:06 | 000,002,409 | ---- | C] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012/05/01 23:38:36 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\Risen 2 Dark Waters.lnk
[2011/11/30 12:41:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\Classical
[2011/11/30 02:17:45 | 000,007,601 | ---- | C] () -- C:\Users\Ravage\AppData\Local\Resmon.ResmonCfg
[2011/11/29 23:52:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/29 23:52:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/29 23:52:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/29 23:52:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/29 23:52:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/21 14:19:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\83c26D7.dat
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/07 23:49:58 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/08/07 23:49:58 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/08/07 23:49:58 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/08/07 23:45:36 | 000,039,452 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/07/25 21:42:12 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/30 15:38:00 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011/05/10 09:30:56 | 000,005,120 | ---- | C] () -- C:\Users\Ravage\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 19:09:25 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/04/12 18:53:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Chords
[2011/04/12 18:53:55 | 000,000,268 | RH-- | C] () -- C:\Users\Ravage\AppData\Roaming\HomePageService
[2011/04/12 18:53:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011/04/12 18:53:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Morph
[2011/04/12 18:53:53 | 000,000,268 | RH-- | C] () -- C:\Users\Ravage\AppData\Roaming\Horn Section
[2011/04/12 18:52:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/04/12 17:43:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/04/12 17:43:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/04/12 17:43:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/04/12 17:43:01 | 000,000,000 | ---- | C] () -- C:\Users\Ravage\AppData\Roaming\Configure Folder Actions
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/28 21:13:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/12/02 00:52:44 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2010/12/02 00:52:06 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/12/02 00:52:04 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/02 00:52:04 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/02 00:52:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/17 02:27:22 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/09/17 07:25:06 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/07 14:49:37 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/09/06 00:23:02 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/06 00:22:59 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/06 00:22:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/04 15:17:43 | 000,000,094 | ---- | C] () -- C:\Users\Ravage\AppData\Local\fusioncache.dat
[2010/09/03 23:28:16 | 000,787,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/03 23:20:17 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2010/09/03 23:20:17 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2010/09/03 23:20:17 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2010/09/03 23:20:17 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
[2010/09/03 23:20:17 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
[2010/09/03 23:20:17 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
[2010/09/03 23:20:17 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
[2010/09/03 23:18:49 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 5/25/2012 3:22:04 AM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Ravage\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.05% Memory free
15.98 Gb Paging File | 13.43 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 20.82 Gb Free Space | 2.24% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 14.30 Gb Free Space | 3.07% Space Free | Partition Type: NTFS
Drive I: | 7.47 Gb Total Space | 7.40 Gb Free Space | 99.07% Space Free | Partition Type: NTFS

Computer Name: EXCALIBUR | User Name: Ravage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PCSI" = Prevx
"PROSet" = Intel® Network Connections Drivers
"Virtual Audio Cable 4.6" = Virtual Audio Cable 4.6
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{14C36646-83C8-430E-92B3-16F998BDB4E0}" = Activision®
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2BB047B7-E613-4686-BE0C-E63BB26BE121}" = Sacred 2 - Elite
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision®
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43430FA1-12BB-4D88-862E-4F1000008400}" = Resident Evil: Operation Raccoon City
"{44A9CADE-5329-4501-ACF0-C72E1C7EBF79}" = Bof4
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52E9A798-88C7-4EE6-94D4-2D54FEC8EE52}" = Ragnarok Online
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6C1804BC-094F-431A-BEA5-37A837958029}" = Rome - Total War - Alexander
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{DBE73977-170A-4742-AB28-CA41B06A63AA}_is1" = The Witcher Enhanced Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
"7-Zip" = 7-Zip 9.20
"Alan Wake_is1" = Alan Wake
"ArcaniA" = ArcaniA - Gothic 4
"AviSynth" = AviSynth 2.5
"Bastion_is1" = Bastion
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly
"Diablo III" = Diablo III
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"eBLU_is1" = eBLU
"F.E.A.R. 3_is1" = F.E.A.R. 3
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Hard Reset_is1" = Hard Reset
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"InstallShield_{14C36646-83C8-430E-92B3-16F998BDB4E0}" = Spider-Man™ - Shattered Dimensions
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity™
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PokerStars.net" = PokerStars.net
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"Runic Games Torchlight" = Torchlight
"Saints Row The Third_is1" = Saints Row The Third
"Speakonia_is1" = Speakonia
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 107300" = Breath of Death VII
"Steam App 107310" = Cthulhu Saves the World
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 12210" = Grand Theft Auto IV
"Steam App 17460" = Mass Effect
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 22100" = Mount & Blade
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 22380" = Fallout: New Vegas
"Steam App 24200" = DC Universe Online
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 24980" = Mass Effect 2
"Steam App 31280" = Poker Night at the Inventory
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 50120" = MLB 2K10
"Steam App 50620" = Darksiders
"Steam App 58510" = Cities XL 2011
"Steam App 58540" = Divinity II - The Dragon Knight Saga
"Steam App 63200" = Monday Night Combat
"Steam App 7670" = BioShock
"Steam App 7780" = MLB® Front Office Manager
"Steam App 8840" = Major League Baseball 2K9
"Steam App 8850" = BioShock 2
"Steam App 8980" = Borderlands
"Steam App 99900" = Spiral Knights
"Syndicate_is1" = Syndicate
"SystemRequirementsLab" = System Requirements Lab
"The Darkness II_is1" = The Darkness II
"The Void_is1" = The Void
"To the Moon1.0" = To the Moon
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Two Worlds II" = Two Worlds II
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 2.0.1
"Warlock - Master of the Arcane © Paradox Interactive_is1" = Warlock - Master of the Arcane © Paradox Interactive version 1
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-337447031-1748316219-1097632974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Tropico 4" = Tropico 4 1.00
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2012 12:48:37 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 12:48:37 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 12:51:21 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 12:51:21 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 12:51:28 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 12:51:28 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 12:51:29 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 12:51:29 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 6:13:55 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/18/2012 6:13:55 PM | Computer Name = Excalibur | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 5/25/2012 2:20:45 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 5/25/2012 2:20:45 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 5/25/2012 2:21:02 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 5/25/2012 2:21:02 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 5/25/2012 2:22:45 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 5/25/2012 2:22:45 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 5/25/2012 2:41:25 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 5/25/2012 2:41:25 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 5/25/2012 2:41:26 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 5/25/2012 2:41:26 AM | Computer Name = Excalibur | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >





I'd like to point out that after running aswMBR I have not seen my anti-virus freaking out about a virus infection.

EDIT: I was wrong, upon a restart I am still getting malware infection notifications from Prevx.

Edited by Lost4, 25 May 2012 - 05:11 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 25 May 2012 - 12:54 PM

Step 1. Download combofix
Link 1

Step 2. Place combofix in Malwarebytes Chameleon folder.
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4. Execute combofix by doubleclicking on it
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Lost4

Lost4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 May 2012 - 01:35 PM

After downloading Combofix into the Chameleon folder, I typed the command in you gave me, a black box appeared, few lines of text later mbam did a quick scan, I let that finish, then ran combofix. At first combofix said it was an improper version and wouldn't run on Windows 2000. Which is strange because I don't have windows 2000, then I re-downloaded it from the link you gave me and it ran, and hung up again at the same spot. I've noticed when it gets to the outgoing C:\ folder part the installer jumps to finished and it just closes the exe.

Starting to think whatever I have doesn't want me to run combofix.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 25 May 2012 - 02:31 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    O4 - HKLM..\Run: [TaskTray] File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    C:\Users\Ravage\AppData\Local\{0428e6d0-54ce-1235-1b90-0f571fd9b51b}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Lost4

Lost4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 May 2012 - 02:44 PM

Hey Gringo, after following your instructions on with the custom script, I did a manual restart, managed to forget to save my log after. The good news is, after the restart I haven't had a malware notification yet! I think this worked! Thank you very much for your time and help Gringo! I'll post back here in the next few days if I run into anymore problems. Much appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users