Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

both BSODs (blue + black)


  • This topic is locked This topic is locked
24 replies to this topic

#1 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2012 - 08:54 AM

for more information on what happened check this please.

http://www.bleepingcomputer.com/forums/topic458881.html

Also, i am unable to download the DDS installer thing, so i am unable to post a DDS log, i tried to boot into safe mode with networking, but thats when i received the blue screen of death,

thank you!
dxpoo.

Help would be nice :D

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 12 July 2012 - 08:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459637 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2012 - 11:37 AM

alright, here is the gmer log, still cant download the DDS thing.

Attached Files

  • Attached File  ark.txt   47.43KB   2 downloads


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:02 AM

Posted 12 July 2012 - 01:54 PM

Hello,

Can you please try and run these scanners. Do you have a USB Flash drive you can use?


1.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 13 July 2012 - 11:37 AM

OTL log (by the way, i cant save things to my desktop, so i open them from the downloaded files in chrome


OTL logfile created on: 13/07/2012 17:23:05 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Arjann\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.45% Memory free
9.74 Gb Paging File | 8.41 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): c:\pagefile.sys 7000 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 13.23 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive D: | 137.50 Gb Total Space | 135.80 Gb Free Space | 98.76% Space Free | Partition Type: NTFS

Computer Name: ARJANN-LAPTOP | User Name: Arjann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 17:22:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Arjann\Downloads\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2009/03/26 02:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/19 23:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/06/02 18:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/01 04:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/01 04:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/12/11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 05:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 05:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 05:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 05:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 05:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 05:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 05:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/10 03:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/10 18:39:30 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/05/07 00:35:45 | 003,928,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/11/28 14:22:45 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2009/03/26 02:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/07/19 23:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/06/02 18:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/01 04:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/01 04:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012/04/28 13:16:56 | 000,019,792 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/04/28 13:16:54 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/05 18:07:28 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2010/07/09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/08/05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/06/12 00:34:34 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/06/20 05:41:38 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/05/26 13:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008/05/07 11:47:36 | 000,085,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/09/27 04:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 07:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/05/30 08:53:18 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_8930
IE - HKLM\..\SearchScopes,DefaultScope = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b62d078e1-bc24-4a70-b3bb-c8805a9c68bc%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZUman000&ptb=1f4dSJFLw5FhFTOBMiXQsw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {93DE378F-62AE-4983-A035-EB7F84ED2FDD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b62d078e1-bc24-4a70-b3bb-c8805a9c68bc%7d&q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{93DE378F-62AE-4983-A035-EB7F84ED2FDD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en___GB342
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
IE - HKCU\..\SearchScopes\{B269F50D-3165-4300-BD5F-B1C11C6507DF}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{D5E2327E-2A0A-4E32-A761-15962AD25E93}: "URL" = http://search.avg.com/route/?d=4cc07890&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Arjann\AppData\Local\Roblox\Versions\version-5fb0645efa584e24\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arjann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arjann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Arjann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=382950&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Arjann\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Arjann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Arjann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Arjann\AppData\Local\Roblox\Versions\version-5fb0645efa584e24\\NPRobloxProxy.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: YouTube = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Troll Emoticons = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.7_0\
CHR - Extension: Hatsune Miku = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigfdicgjnpjkhbnngdfgjfffmdaonfg\2_0\
CHR - Extension: Skype Click to Call = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: ButtonBeats Piano Player = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi\2.0_0\
CHR - Extension: Gmail = C:\Users\Arjann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/06/01 18:59:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Arjann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Arjann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arjann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAA85B7-4C67-4C95-8036-02723AB7A771}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7D875F0-2A76-4C9B-AC8A-6020B6E459CD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arjann\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Arjann\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.mjpg - C:\Windows\System32\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 20:37:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/29 17:01:35 | 000,000,000 | ---D | C] -- C:\Users\Arjann\Documents\私立さくらんぼ小学校
[2012/06/23 17:25:40 | 000,000,000 | ---D | C] -- C:\Users\Arjann\AppData\Local\Aeria Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 16:47:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-712691422-3369108793-3596480014-1000UA.job
[2012/07/13 16:47:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-712691422-3369108793-3596480014-1000Core.job
[2012/07/13 16:46:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/07/13 16:46:02 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 16:46:01 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 16:45:50 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/07/13 16:45:42 | 000,360,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/13 16:45:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 22:18:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/12 21:49:16 | 000,002,051 | ---- | M] () -- C:\Users\Arjann\Desktop\Google Chrome.lnk
[2012/07/06 17:10:23 | 186,322,960 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/30 22:28:21 | 000,008,592 | ---- | M] () -- C:\Users\Arjann\AppData\Local\d3d9caps.dat
[2012/06/21 20:37:31 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2012/06/14 17:09:42 | 000,634,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 17:09:42 | 000,119,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/06 17:10:23 | 186,322,960 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 01:28:00 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012/02/16 23:50:27 | 000,000,868 | ---- | C] () -- C:\Users\Arjann\AppData\Roaming\YtFlvConverter-OneStop-Video-ConverterFlvConverterDefaultSettings.xml
[2011/11/30 14:14:49 | 000,026,340 | ---- | C] () -- C:\Users\Arjann\AppData\Roaming\UserTile.png
[2011/11/24 19:13:03 | 000,032,460 | ---- | C] () -- C:\Users\Arjann\AppData\Roaming\Arjannlog.dat
[2011/07/29 16:01:15 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/19 18:17:01 | 000,000,552 | ---- | C] () -- C:\Users\Arjann\AppData\Local\d3d8caps.dat
[2011/06/18 00:31:30 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/06/18 00:31:30 | 000,138,056 | ---- | C] () -- C:\Users\Arjann\AppData\Roaming\PnkBstrK.sys
[2011/06/18 00:31:15 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/06/18 00:31:15 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/06/01 15:46:49 | 000,000,152 | ---- | C] () -- C:\ProgramData\~34529016r
[2011/06/01 15:46:48 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34529016
[2011/06/01 15:46:45 | 000,000,344 | ---- | C] () -- C:\ProgramData\34529016
[2011/05/31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/05/31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/05/21 16:18:53 | 000,000,144 | ---- | C] () -- C:\ProgramData\~29351672r
[2011/05/21 16:18:53 | 000,000,120 | ---- | C] () -- C:\ProgramData\~29351672
[2011/05/21 16:18:33 | 000,000,336 | ---- | C] () -- C:\ProgramData\29351672
[2011/05/21 12:49:26 | 000,000,144 | ---- | C] () -- C:\ProgramData\~43835128r
[2011/05/21 12:49:26 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43835128
[2011/05/21 12:49:21 | 000,000,336 | ---- | C] () -- C:\ProgramData\43835128
[2011/04/22 16:53:25 | 000,010,244 | -HS- | C] () -- C:\Users\Arjann\AppData\Local\b52ikwg88250rk2578
[2011/04/22 16:53:25 | 000,010,244 | -HS- | C] () -- C:\ProgramData\b52ikwg88250rk2578
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/18 20:48:18 | 000,001,832 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2010/10/07 17:32:53 | 000,000,000 | ---- | C] () -- C:\Users\Arjann\AppData\Local\prvlcl.dat
[2010/09/17 20:30:17 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/14 16:00:15 | 000,008,592 | ---- | C] () -- C:\Users\Arjann\AppData\Local\d3d9caps.dat
[2010/03/04 19:43:57 | 000,000,069 | ---- | C] () -- C:\Users\Arjann\jagex_runescape_preferences2.dat
[2010/03/04 19:43:00 | 000,000,041 | ---- | C] () -- C:\Users\Arjann\jagex_runescape_preferences.dat
[2009/08/27 21:37:07 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/27 21:37:07 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/22 22:02:33 | 000,050,688 | ---- | C] () -- C:\Users\Arjann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/06/10 19:51:36 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\.minecraft
[2009/08/25 13:10:15 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Acer
[2009/01/09 06:04:38 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Acer GameZone Console
[2011/11/28 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Aeria Games & Entertainment
[2010/06/29 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\AnvSoft
[2010/11/17 16:16:47 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Auslogics
[2010/10/21 18:35:04 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\AVG10
[2011/06/23 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\BANDISOFT
[2009/12/29 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Blender Foundation
[2009/11/02 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Blitware
[2012/01/04 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DAEMON Tools Lite
[2011/06/30 16:11:12 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DAEMON Tools Pro
[2011/11/12 20:24:06 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DVDVideoSoft
[2011/09/29 16:20:43 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/08/22 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\eSobi
[2011/05/21 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\FreeAudioPack
[2011/05/21 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\GetRightToGo
[2011/01/22 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\HandBrake
[2011/12/31 18:01:23 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\IObit
[2011/12/12 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Need for Speed World
[2010/10/27 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\OpenOffice.org
[2011/11/30 14:14:48 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\PeerNetworking
[2010/07/28 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Publish Providers
[2011/10/27 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\QuantumConflict
[2011/05/21 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\QuickScan
[2010/11/16 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Radialpoint
[2010/12/09 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\RSG
[2010/08/20 21:08:53 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Sawer
[2012/06/08 00:10:07 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\ShiningStar
[2011/09/15 16:17:25 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Sony
[2011/05/21 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\SystemRequirementsLab
[2011/02/18 21:00:26 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Systweak
[2009/08/23 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\The Creative Assembly
[2010/07/30 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Ulead Systems
[2010/07/11 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Unity
[2012/07/12 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\uTorrent
[2009/08/22 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Validity
[2010/11/16 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Virgin Media
[2012/07/12 22:18:50 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/06/10 19:51:36 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\.minecraft
[2009/08/25 13:10:15 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Acer
[2009/01/09 06:04:38 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Acer GameZone Console
[2012/06/14 17:04:00 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Adobe
[2011/11/28 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Aeria Games & Entertainment
[2010/06/29 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\AnvSoft
[2011/01/28 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Apple Computer
[2010/11/17 16:16:47 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Auslogics
[2010/10/21 18:35:04 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\AVG10
[2011/06/23 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\BANDISOFT
[2009/12/29 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Blender Foundation
[2009/11/02 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Blitware
[2010/01/08 22:57:07 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\CyberLink
[2012/01/04 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DAEMON Tools Lite
[2011/06/30 16:11:12 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DAEMON Tools Pro
[2010/10/30 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DivX
[2011/11/12 20:24:06 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DVDVideoSoft
[2011/09/29 16:20:43 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/08/22 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\eSobi
[2011/05/21 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\FreeAudioPack
[2011/05/21 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\GetRightToGo
[2009/08/22 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Google
[2011/01/22 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\HandBrake
[2009/08/22 19:29:52 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Identities
[2010/08/27 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\InstallShield Installation Information
[2009/12/16 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Intel
[2011/12/31 18:01:23 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\IObit
[2009/10/19 15:40:44 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Macromedia
[2010/08/08 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Media Center Programs
[2011/06/02 14:32:06 | 000,000,000 | --SD | M] -- C:\Users\Arjann\AppData\Roaming\Microsoft
[2011/06/10 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Mozilla
[2011/12/12 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Need for Speed World
[2010/10/27 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\OpenOffice.org
[2011/11/30 14:14:48 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\PeerNetworking
[2010/07/28 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Publish Providers
[2011/10/27 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\QuantumConflict
[2011/05/21 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\QuickScan
[2010/11/16 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Radialpoint
[2011/05/12 16:34:47 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Real
[2011/07/27 23:00:22 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Realm of the Titans
[2010/12/09 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\RSG
[2010/08/20 21:08:53 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Sawer
[2012/06/08 00:10:07 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\ShiningStar
[2012/06/13 20:51:10 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Skype
[2011/08/05 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\skypePM
[2011/09/15 16:17:25 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Sony
[2011/05/21 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/21 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\SystemRequirementsLab
[2011/02/18 21:00:26 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Systweak
[2009/08/23 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\The Creative Assembly
[2010/07/30 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Ulead Systems
[2010/07/11 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Unity
[2012/07/12 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\uTorrent
[2009/08/22 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Validity
[2011/08/04 16:21:47 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Ventrilo
[2010/11/16 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\Virgin Media
[2012/07/09 18:37:31 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\vlc
[2009/08/27 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\Arjann\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2011/10/27 14:01:29 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Arjann\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/01/12 17:41:42 | 000,029,926 | R--- | M] () -- C:\Users\Arjann\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
[2010/01/12 17:41:42 | 000,029,422 | R--- | M] () -- C:\Users\Arjann\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
[2009/12/30 17:33:22 | 000,010,134 | R--- | M] () -- C:\Users\Arjann\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011/10/27 18:01:38 | 008,627,200 | ---- | M] () -- C:\Users\Arjann\AppData\Roaming\QuantumConflict\Local Store\content\game\game.exe
[2011/01/14 16:37:34 | 000,216,064 | ---- | M] (Radialpoint Inc.) -- C:\Users\Arjann\AppData\Roaming\Virgin Media\Service Manager\downloads\VirginDetectionScriptsBundle-IE-R48-T10.41.zip.dir\CampaignEmulator\CampaignEmulator.exe
[2010/07/15 14:45:06 | 000,187,128 | ---- | M] (Radialpoint Inc.) -- C:\Users\Arjann\AppData\Roaming\Virgin Media\Service Manager\downloads\VirginDetectionScriptsBundle-IE-R48-T10.41.zip.dir\tools\NetworkFinder.signed.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/04 16:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/05/01 15:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:05113FB9
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3078E216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:F3176E45
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:E36F5B57

< End of report >



extras...

OTL Extras logfile created on: 13/07/2012 17:23:05 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Arjann\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.45% Memory free
9.74 Gb Paging File | 8.41 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): c:\pagefile.sys 7000 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 13.23 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive D: | 137.50 Gb Total Space | 135.80 Gb Free Space | 98.76% Space Free | Partition Type: NTFS

Computer Name: ARJANN-LAPTOP | User Name: Arjann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-712691422-3369108793-3596480014-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8D77CFE7-C14D-4169-8987-AF9533F62AAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6FAD6DC-2F38-42B9-8217-17B7E18B9663}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A7905AFE-ED7A-45DB-8133-FADE51CDE675}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F03E899D-C626-4B33-902C-487D108C5ED6}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{F8790B5A-C3BD-4DF7-A5A1-AD728A992ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13BCC6EE-A059-4B74-9EEE-00C4B58AC84C}" = protocol=17 | dir=in | app=c:\program files\koei\shin sangokumusou online\ssmoenv.exe |
"{231B1D59-1BBC-4A01-994E-6D26EB829A53}" = protocol=6 | dir=in | app=f:\dwizard615.exe |
"{2922327A-954A-48C2-AA30-58BACB03EC22}" = protocol=6 | dir=in | app=c:\program files\koei\shin sangokumusou online\ssmo.exe |
"{35A642C6-6AD4-4515-994C-4BF217C9894C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{38F04AF2-8F88-452D-8271-8B84F80C4932}" = protocol=17 | dir=in | app=f:\libneap.dll |
"{4D32C954-05C7-4CA3-919B-5E9211B8BEFA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{57B8C0EB-063A-4FE8-A812-27EDA1E6A358}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{58120A6F-A866-4853-80FD-5D009C7A5B20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A5B678B-A6A4-42E5-BAE6-159408ABD561}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6E4E20E5-6C03-4555-9B68-1FD3489A64C9}" = protocol=17 | dir=in | app=c:\program files\koei\shin sangokumusou online\ssmo.exe |
"{73867D88-DF5F-4C3C-9C6C-0582A06C58AD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{82C7CC67-18BF-4F86-BAF1-30C43148A8C7}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8AF2FD01-9902-42CF-91BE-0931201DABD8}" = protocol=6 | dir=in | app=c:\program files\koei\shin sangokumusou online\ssmoenv.exe |
"{8F99473A-8824-457A-B1BA-4CFA843E9B5B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{918E3753-38AA-4572-9742-DBA666E634A8}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{9708A0A9-406C-4AAB-B547-99EF2D903A0F}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{987BEA9E-0709-42F5-99CC-AE1C1F1C34B3}" = protocol=6 | dir=in | app=c:\users\arjann\appdata\local\akamai\netsession_win.exe |
"{98CFFB4B-97A0-45EF-BB59-72B671DA33DB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{98F811B6-B4B2-4C93-A221-9881274419CC}" = protocol=17 | dir=in | app=c:\program files\koei\shin sangokumusou online\filechk.exe |
"{9E5D9703-4547-4096-B256-DDEA07F2EE87}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{9ED4FE4B-B9AA-473B-B299-4A44A921D2F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8673314-C5EE-4336-9101-9F35B8DB6E88}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{AD727863-726C-4CDB-8A59-2AE2AED58D0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF6880FB-D9D8-4327-AD0E-271FA7957030}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B13318B0-9528-4D6D-9DC0-063E15770F40}" = protocol=17 | dir=in | app=c:\users\arjann\appdata\local\akamai\netsession_win.exe |
"{B1E5908B-088D-4D10-AC79-6CEC3DA7FBAC}" = protocol=6 | dir=in | app=c:\program files\koei\shin sangokumusou online\filechk.exe |
"{C2C866F2-8AB5-4AC2-9103-729D33431547}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C576987B-BDEF-4D64-B57E-3644E3928005}" = protocol=6 | dir=in | app=f:\libneap.dll |
"{C67F4D6B-1C90-4F78-828E-43612E41400B}" = protocol=17 | dir=in | app=f:\dwizard615.exe |
"{CA17D305-5962-4912-972A-D2AA6EC62615}" = protocol=17 | dir=in | app=c:\users\arjann\appdata\local\google\chrome\application\chrome.exe |
"{DB8D0FD0-0A9B-45F4-874D-0999EB38B29D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E2BE57FB-1AE6-4BF9-BA8B-C8FEDC8A27E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{E4D92F01-FFAE-4CCE-95DC-84434A8A5F8D}" = protocol=6 | dir=in | app=c:\users\arjann\appdata\local\google\chrome\application\chrome.exe |
"{E7626191-38C3-4181-A453-43DB49A3F220}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{FC0123F1-7F48-4EC3-AC45-AF9219434B36}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{FDB2FD7B-0868-4937-BC90-E38FC3AC69C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE0B366B-CCE0-4D50-85B9-C0487C61C71F}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"TCP Query User{4F661F52-7E11-419A-AFAE-B3DB0D39B0F6}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{5ABE04EF-3CF7-4147-8DE7-F2F14C1585AF}C:\users\arjann\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\arjann\appdata\local\akamai\netsession_win.exe |
"TCP Query User{764459BC-9CF6-46E3-B1A4-609CE35FBD32}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7D707947-84C4-4469-B77E-0BE7CFE98E11}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{968CD81A-61A4-4FC8-8337-BCE192107945}C:\users\arjann\appdata\roaming\quantumconflict\local store\content\game\game.exe" = protocol=6 | dir=in | app=c:\users\arjann\appdata\roaming\quantumconflict\local store\content\game\game.exe |
"TCP Query User{97E857E5-AF9C-4249-B3F0-3F58613A2F72}C:\users\arjann\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\arjann\program files\dna\btdna.exe |
"TCP Query User{99B68351-141B-4DA3-911C-2B4753A29C23}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{BAB42AE5-0796-4A68-906F-AA0846B87230}C:\users\arjann\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\arjann\program files\dna\btdna.exe |
"TCP Query User{FEC4F7B9-F506-4A78-AF49-D8642D573ACA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FFDA4822-101F-4706-9FA1-F24CE0D00DD8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0D0A8F1F-270E-478E-B0D8-257AEF25AF15}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{162BE865-6DE4-48EE-8DC8-9242C7C44F88}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{38180D05-1129-4DCE-9AA4-C61A17CFD63B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4AAF004B-F8CC-4A55-869D-31D42CAF20AC}C:\users\arjann\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\arjann\program files\dna\btdna.exe |
"UDP Query User{83E73E3B-5929-4794-B952-0E762C58FD5C}C:\users\arjann\appdata\roaming\quantumconflict\local store\content\game\game.exe" = protocol=17 | dir=in | app=c:\users\arjann\appdata\roaming\quantumconflict\local store\content\game\game.exe |
"UDP Query User{A31FC8D0-ADB6-40F8-A2A3-1815A3957ABF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AC2E1B81-0FB8-48E1-87B2-9675AC9E0EF9}C:\users\arjann\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\arjann\program files\dna\btdna.exe |
"UDP Query User{C06DBDC5-CDD1-4EE4-8714-D1E06FA35094}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CE47AD8A-E6BF-4A31-A01A-633B16278E90}C:\users\arjann\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\arjann\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0E36315-E2C5-4A02-8C80-D97E7610ADAD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01670638-5575-4B29-9072-052889773822}" = 真・三國無双 Online
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46BD1B2D-F535-4A5B-7932-4BE7F790B95F}" = Quantum Conflict
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.3
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Blender" = Blender
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dynasty Warriors Online" = Dynasty Warriors Online
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.95
"Fraps" = Fraps (remove only)
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.10.722
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Game Booster_is1" = Game Booster
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"QuantumConflict" = Quantum Conflict
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"SnagIt5" = SnagIt 5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Arjann
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"NCsoft-Aion" = Aion (North America)
"NCsoft-AionEU" = Aion
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/07/2012 11:39:40 | Computer Name = Arjann-Laptop | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
faulting module gmer.exe, version 1.0.15.15641, time stamp 0x4e21f2b1, exception
code 0xc0000005, fault offset 0x0000c676, process id 0x16b8, application start time
0x01cd60440dcc4702.

Error - 12/07/2012 11:43:18 | Computer Name = Arjann-Laptop | Source = Perflib | ID = 1010
Description =

Error - 12/07/2012 13:33:32 | Computer Name = Arjann-Laptop | Source = IMFservice | ID = 0
Description =

Error - 12/07/2012 14:10:41 | Computer Name = Arjann-Laptop | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033
Description =

Error - 12/07/2012 14:10:46 | Computer Name = Arjann-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 12/07/2012 15:39:11 | Computer Name = Arjann-Laptop | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000022, fault offset 0x00009f5d, process id 0x8ec, application
start time 0x01cd60660165cafe.

Error - 12/07/2012 15:42:47 | Computer Name = Arjann-Laptop | Source = Application Hang | ID = 1002
Description = The program uTorrent (1).exe version 3.1.3.27327 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 844 Start Time: 01cd60645a9dad1e Termination Time: 0

Error - 13/07/2012 11:46:19 | Computer Name = Arjann-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 13/07/2012 11:46:29 | Computer Name = Arjann-Laptop | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033
Description =

Error - 13/07/2012 11:47:27 | Computer Name = Arjann-Laptop | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000022, fault offset 0x00009f5d, process id 0x970, application
start time 0x01cd610eca881b9c.

[ System Events ]
Error - 12/07/2012 14:10:46 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 12/07/2012 14:10:46 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/07/2012 14:10:46 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/07/2012 14:49:55 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/07/2012 14:49:55 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 13/07/2012 11:46:20 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 13/07/2012 11:46:20 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 13/07/2012 11:46:20 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 13/07/2012 12:22:04 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 13/07/2012 12:22:04 | Computer Name = Arjann-Laptop | Source = Service Control Manager | ID = 7001
Description =


< End of report >



(by the way i installed the avast definitions because it said better results or something similar to that.)


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 17:38:11
-----------------------------
17:38:11.596 OS Version: Windows 6.0.6002 Service Pack 2
17:38:11.596 Number of processors: 2 586 0x170A
17:38:11.596 ComputerName: ARJANN-LAPTOP UserName: Arjann
17:38:15.090 Initialize success
17:41:17.305 AVAST engine defs: 12071300
17:42:01.332 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:42:01.347 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
17:42:01.378 Disk 0 MBR read successfully
17:42:01.410 Disk 0 MBR scan
17:42:01.425 Disk 0 unknown MBR code
17:42:01.456 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
17:42:01.472 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 27265024
17:42:01.503 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140800 MB offset 329347072
17:42:01.534 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472
17:42:01.581 Disk 0 scanning sectors +625139712
17:42:01.659 Disk 0 scanning C:\Windows\system32\drivers
17:42:19.572 Service scanning
17:42:38.628 Service MpKsl935c2d49 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D357A746-9B91-4377-A041-BC9786682171}\MpKsl935c2d49.sys **LOCKED** 32
17:43:39.688 Modules scanning
17:43:44.667 Disk 0 trace - called modules:
17:43:44.677
17:43:45.588 AVAST engine scan C:\Windows
17:43:50.933 AVAST engine scan C:\Windows\system32
17:49:05.386 AVAST engine scan C:\Windows\system32\drivers
17:49:29.715 AVAST engine scan C:\Users\Arjann
18:14:47.014 AVAST engine scan C:\ProgramData
18:17:34.320 Scan finished successfully
18:18:22.626 Disk 0 MBR has been saved successfully to "C:\Users\Arjann\Desktop\logs\MBR.dat"
18:18:22.642 The log file has been saved successfully to "C:\Users\Arjann\Desktop\logs\aswMBR.txt"

Edited by dxpoo, 13 July 2012 - 12:19 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA

Posted 13 July 2012 - 03:00 PM

Hello,


1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otl
    IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b62d078e1-bc24-4a70-b3bb-c8805a9c68bc%7d&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
    IE - HKCU\..\SearchScopes,DefaultScope = {93DE378F-62AE-4983-A035-EB7F84ED2FDD}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZUman000&ptb=1f4dSJFLw5FhFTOBMiXQsw
    IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b62d078e1-bc24-4a70-b3bb-c8805a9c68bc%7d&q={searchTerms}
    IE - HKCU\..\SearchScopes\{B269F50D-3165-4300-BD5F-B1C11C6507DF}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;
    O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/06/01 15:46:49 | 000,000,152 | ---- | C] () -- C:\ProgramData\~34529016r
    [2011/06/01 15:46:48 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34529016
    [2011/06/01 15:46:45 | 000,000,344 | ---- | C] () -- C:\ProgramData\34529016
    [2011/06/01 15:46:48 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34529016
    [2011/06/01 15:46:45 | 000,000,344 | ---- | C] () -- C:\ProgramData\34529016
    [2011/05/21 16:18:53 | 000,000,144 | ---- | C] () -- C:\ProgramData\~29351672r
    [2011/05/21 16:18:53 | 000,000,120 | ---- | C] () -- C:\ProgramData\~29351672
    [2011/05/21 16:18:33 | 000,000,336 | ---- | C] () -- C:\ProgramData\29351672
    [2011/05/21 12:49:26 | 000,000,144 | ---- | C] () -- C:\ProgramData\~43835128r
    [2011/05/21 12:49:26 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43835128
    [2011/05/21 12:49:21 | 000,000,336 | ---- | C] () -- C:\ProgramData\43835128
    [2011/04/22 16:53:25 | 000,010,244 | -HS- | C] () -- C:\Users\Arjann\AppData\Local\b52ikwg88250rk2578
    [2011/04/22 16:53:25 | 000,010,244 | -HS- | C] () -- C:\ProgramData\b52ikwg88250rk2578
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:05113FB9
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:07BF512B
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4D066AD2
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3078E216
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:F3176E45
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:E36F5B57
    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NLNdisPT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NLNdisMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    
    :commands
    [RESETHOSTS]
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



Things to include in your next reply::
OTl Fix log
TDssKiller log
Combofix.txt
How is your machine running now?

Edited by fireman4it, 13 July 2012 - 03:01 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 14 July 2012 - 01:44 PM

OTL log:


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B269F50D-3165-4300-BD5F-B1C11C6507DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B269F50D-3165-4300-BD5F-B1C11C6507DF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter deleted successfully.
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\ProgramData\~34529016r moved successfully.
C:\ProgramData\~34529016 moved successfully.
C:\ProgramData\34529016 moved successfully.
File C:\ProgramData\~34529016 not found.
File C:\ProgramData\34529016 not found.
C:\ProgramData\~29351672r moved successfully.
C:\ProgramData\~29351672 moved successfully.
C:\ProgramData\29351672 moved successfully.
C:\ProgramData\~43835128r moved successfully.
C:\ProgramData\~43835128 moved successfully.
C:\ProgramData\43835128 moved successfully.
C:\Users\Arjann\AppData\Local\b52ikwg88250rk2578 moved successfully.
C:\ProgramData\b52ikwg88250rk2578 moved successfully.
ADS C:\ProgramData\Temp:05113FB9 deleted successfully.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:3078E216 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:F3176E45 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
FastUserSwitchingCompatibility removed from NetSvcs value successfully!
Nla removed from NetSvcs value successfully!
Ntmssvc removed from NetSvcs value successfully!
NWCWorkstation removed from NetSvcs value successfully!
Nwsapagent removed from NetSvcs value successfully!
SRService removed from NetSvcs value successfully!
WmdmPmSp removed from NetSvcs value successfully!
LogonHours removed from NetSvcs value successfully!
PCAudit removed from NetSvcs value successfully!
helpsvc removed from NetSvcs value successfully!
uploadmgr removed from NetSvcs value successfully!
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
Service NLNdisPT stopped successfully!
Service NLNdisPT deleted successfully!
Service NLNdisMP stopped successfully!
Service NLNdisMP deleted successfully!
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.54.0 log created on 07142012_193718

TDS killer:

19:40:24.0188 1336 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
19:40:24.0344 1336 ============================================================
19:40:24.0344 1336 Current date / time: 2012/07/14 19:40:24.0344
19:40:24.0344 1336 SystemInfo:
19:40:24.0344 1336
19:40:24.0344 1336 OS Version: 6.0.6002 ServicePack: 2.0
19:40:24.0344 1336 Product type: Workstation
19:40:24.0344 1336 ComputerName: ARJANN-LAPTOP
19:40:24.0344 1336 UserName: Arjann
19:40:24.0344 1336 Windows directory: C:\Windows
19:40:24.0344 1336 System windows directory: C:\Windows
19:40:24.0344 1336 Processor architecture: Intel x86
19:40:24.0344 1336 Number of processors: 2
19:40:24.0344 1336 Page size: 0x1000
19:40:24.0344 1336 Boot type: Normal boot
19:40:24.0344 1336 ============================================================
19:40:25.0186 1336 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:25.0186 1336 ============================================================
19:40:25.0186 1336 \Device\Harddisk0\DR0:
19:40:25.0186 1336 MBR partitions:
19:40:25.0186 1336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x12016800
19:40:25.0186 1336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13A17000, BlocksNum 0x11300000
19:40:25.0186 1336 ============================================================
19:40:25.0217 1336 C: <-> \Device\Harddisk0\DR0\Partition0
19:40:25.0264 1336 D: <-> \Device\Harddisk0\DR0\Partition1
19:40:25.0264 1336 ============================================================
19:40:25.0264 1336 Initialize success
19:40:25.0264 1336 ============================================================
19:40:48.0824 5552 ============================================================
19:40:48.0824 5552 Scan started
19:40:48.0824 5552 Mode: Manual;
19:40:48.0824 5552 ============================================================
19:40:49.0169 5552 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:40:49.0172 5552 ACPI - ok
19:40:49.0215 5552 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:40:49.0249 5552 adp94xx - ok
19:40:49.0296 5552 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:40:49.0314 5552 adpahci - ok
19:40:49.0358 5552 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:40:49.0361 5552 adpu160m - ok
19:40:49.0386 5552 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:40:49.0401 5552 adpu320 - ok
19:40:49.0461 5552 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:40:49.0462 5552 AeLookupSvc - ok
19:40:49.0496 5552 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:40:49.0504 5552 AFD - ok
19:40:49.0537 5552 AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\Windows\system32\agrsmsvc.exe
19:40:49.0538 5552 AgereModemAudio - ok
19:40:49.0650 5552 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
19:40:49.0676 5552 AgereSoftModem - ok
19:40:49.0803 5552 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:40:49.0805 5552 agp440 - ok
19:40:49.0826 5552 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:40:49.0829 5552 aic78xx - ok
19:40:50.0254 5552 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
19:40:50.0254 5552 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
19:40:50.0263 5552 Akamai ( HiddenFile.Multi.Generic ) - warning
19:40:50.0263 5552 Akamai - detected HiddenFile.Multi.Generic (1)
19:40:50.0359 5552 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:40:50.0360 5552 ALG - ok
19:40:50.0417 5552 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:40:50.0418 5552 aliide - ok
19:40:50.0434 5552 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:40:50.0436 5552 amdagp - ok
19:40:50.0457 5552 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:40:50.0458 5552 amdide - ok
19:40:50.0476 5552 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:40:50.0478 5552 AmdK7 - ok
19:40:50.0504 5552 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:40:50.0505 5552 AmdK8 - ok
19:40:50.0525 5552 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:40:50.0526 5552 Appinfo - ok
19:40:50.0567 5552 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:40:50.0570 5552 arc - ok
19:40:50.0592 5552 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:40:50.0595 5552 arcsas - ok
19:40:50.0683 5552 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:40:50.0685 5552 aspnet_state - ok
19:40:50.0706 5552 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:50.0707 5552 AsyncMac - ok
19:40:50.0722 5552 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
19:40:50.0723 5552 atapi - ok
19:40:50.0768 5552 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:40:50.0784 5552 AudioEndpointBuilder - ok
19:40:50.0789 5552 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:40:50.0792 5552 Audiosrv - ok
19:40:50.0812 5552 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:40:50.0813 5552 Beep - ok
19:40:50.0866 5552 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:40:50.0882 5552 BFE - ok
19:40:50.0964 5552 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:40:50.0989 5552 BITS - ok
19:40:51.0006 5552 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:40:51.0008 5552 blbdrive - ok
19:40:51.0032 5552 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:40:51.0033 5552 bowser - ok
19:40:51.0051 5552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:40:51.0052 5552 BrFiltLo - ok
19:40:51.0067 5552 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:40:51.0068 5552 BrFiltUp - ok
19:40:51.0097 5552 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:40:51.0099 5552 Browser - ok
19:40:51.0130 5552 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:40:51.0132 5552 Brserid - ok
19:40:51.0150 5552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:40:51.0151 5552 BrSerWdm - ok
19:40:51.0162 5552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:40:51.0163 5552 BrUsbMdm - ok
19:40:51.0182 5552 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:40:51.0184 5552 BrUsbSer - ok
19:40:51.0220 5552 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:40:51.0222 5552 BthEnum - ok
19:40:51.0254 5552 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:51.0256 5552 BTHMODEM - ok
19:40:51.0297 5552 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:40:51.0303 5552 BthPan - ok
19:40:51.0373 5552 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:40:51.0391 5552 BthPort - ok
19:40:51.0426 5552 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:40:51.0428 5552 BthServ - ok
19:40:51.0451 5552 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:40:51.0452 5552 BTHUSB - ok
19:40:51.0495 5552 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
19:40:51.0497 5552 btwaudio - ok
19:40:51.0531 5552 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
19:40:51.0534 5552 btwavdt - ok
19:40:51.0562 5552 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
19:40:51.0563 5552 btwrchid - ok
19:40:51.0627 5552 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
19:40:51.0649 5552 BUNAgentSvc - ok
19:40:51.0677 5552 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
19:40:51.0678 5552 BVRPMPR5 - ok
19:40:51.0701 5552 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:40:51.0702 5552 cdfs - ok
19:40:51.0735 5552 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:40:51.0737 5552 cdrom - ok
19:40:51.0762 5552 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:40:51.0763 5552 CertPropSvc - ok
19:40:51.0786 5552 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:40:51.0787 5552 circlass - ok
19:40:51.0844 5552 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:40:51.0848 5552 CLFS - ok
19:40:51.0891 5552 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:51.0893 5552 clr_optimization_v2.0.50727_32 - ok
19:40:51.0958 5552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:51.0973 5552 clr_optimization_v4.0.30319_32 - ok
19:40:51.0994 5552 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:51.0996 5552 CmBatt - ok
19:40:52.0017 5552 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:40:52.0019 5552 cmdide - ok
19:40:52.0035 5552 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:40:52.0035 5552 Compbatt - ok
19:40:52.0040 5552 COMSysApp - ok
19:40:52.0052 5552 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:40:52.0053 5552 crcdisk - ok
19:40:52.0066 5552 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:40:52.0068 5552 Crusoe - ok
19:40:52.0118 5552 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:40:52.0120 5552 CryptSvc - ok
19:40:52.0202 5552 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:40:52.0215 5552 DcomLaunch - ok
19:40:52.0265 5552 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:40:52.0267 5552 DfsC - ok
19:40:52.0416 5552 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:40:52.0467 5552 DFSR - ok
19:40:52.0615 5552 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:40:52.0638 5552 Dhcp - ok
19:40:52.0697 5552 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:40:52.0698 5552 disk - ok
19:40:52.0726 5552 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
19:40:52.0727 5552 DKbFltr - ok
19:40:52.0766 5552 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:40:52.0769 5552 Dnscache - ok
19:40:52.0809 5552 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:40:52.0824 5552 dot3svc - ok
19:40:52.0843 5552 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:40:52.0858 5552 DPS - ok
19:40:52.0891 5552 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
19:40:52.0930 5552 DritekPortIO - ok
19:40:52.0946 5552 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:40:52.0947 5552 drmkaud - ok
19:40:53.0021 5552 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:40:53.0026 5552 DXGKrnl - ok
19:40:53.0050 5552 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:40:53.0065 5552 E1G60 - ok
19:40:53.0069 5552 EagleNT - ok
19:40:53.0075 5552 EagleXNt - ok
19:40:53.0121 5552 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:40:53.0124 5552 EapHost - ok
19:40:53.0159 5552 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:40:53.0161 5552 Ecache - ok
19:40:53.0280 5552 eDataSecurity Service (b1f2503e23425b386df0f3413b2596f3) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:40:53.0288 5552 eDataSecurity Service - ok
19:40:53.0338 5552 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:40:53.0357 5552 ehRecvr - ok
19:40:53.0386 5552 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:40:53.0388 5552 ehSched - ok
19:40:53.0401 5552 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:40:53.0402 5552 ehstart - ok
19:40:53.0545 5552 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:40:53.0561 5552 elxstor - ok
19:40:53.0627 5552 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:40:53.0643 5552 EMDMgmt - ok
19:40:53.0659 5552 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:40:53.0660 5552 ErrDev - ok
19:40:53.0732 5552 ETService (27d2754314d12eb27d81d462fd0d86c0) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
19:40:53.0733 5552 ETService - ok
19:40:53.0773 5552 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:40:53.0778 5552 EventSystem - ok
19:40:53.0875 5552 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:40:53.0895 5552 EvtEng - ok
19:40:53.0973 5552 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:40:53.0987 5552 exfat - ok
19:40:54.0030 5552 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:40:54.0044 5552 fastfat - ok
19:40:54.0061 5552 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:40:54.0062 5552 fdc - ok
19:40:54.0084 5552 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:40:54.0086 5552 fdPHost - ok
19:40:54.0104 5552 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:40:54.0106 5552 FDResPub - ok
19:40:54.0122 5552 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:40:54.0123 5552 FileInfo - ok
19:40:54.0256 5552 FileMonitor (47b91551fe7489a323baf4904cad757a) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
19:40:54.0257 5552 FileMonitor - ok
19:40:54.0277 5552 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:40:54.0279 5552 Filetrace - ok
19:40:54.0290 5552 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:54.0291 5552 flpydisk - ok
19:40:54.0333 5552 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:40:54.0336 5552 FltMgr - ok
19:40:54.0424 5552 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:40:54.0446 5552 FontCache - ok
19:40:54.0504 5552 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:40:54.0506 5552 FontCache3.0.0.0 - ok
19:40:54.0541 5552 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:40:54.0542 5552 Fs_Rec - ok
19:40:54.0577 5552 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:40:54.0578 5552 gagp30kx - ok
19:40:54.0640 5552 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:40:54.0665 5552 gpsvc - ok
19:40:54.0695 5552 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
19:40:54.0697 5552 hamachi - ok
19:40:54.0729 5552 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:40:54.0739 5552 HdAudAddService - ok
19:40:54.0815 5552 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:40:54.0824 5552 HDAudBus - ok
19:40:54.0844 5552 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:40:54.0846 5552 HidBth - ok
19:40:54.0882 5552 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:40:54.0883 5552 HidIr - ok
19:40:54.0921 5552 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:40:54.0923 5552 hidserv - ok
19:40:54.0943 5552 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:40:54.0944 5552 HidUsb - ok
19:40:54.0975 5552 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:40:54.0978 5552 hkmsvc - ok
19:40:54.0992 5552 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:40:54.0994 5552 HpCISSs - ok
19:40:55.0056 5552 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:40:55.0068 5552 HTTP - ok
19:40:55.0086 5552 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:40:55.0088 5552 i2omp - ok
19:40:55.0096 5552 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:40:55.0097 5552 i8042prt - ok
19:40:55.0202 5552 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:40:55.0217 5552 IAANTMON - ok
19:40:55.0269 5552 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
19:40:55.0271 5552 iaStor - ok
19:40:55.0310 5552 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:40:55.0319 5552 iaStorV - ok
19:40:55.0439 5552 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:40:55.0458 5552 idsvc - ok
19:40:55.0499 5552 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:40:55.0500 5552 iirsp - ok
19:40:55.0554 5552 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:40:55.0596 5552 IKEEXT - ok
19:40:55.0771 5552 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
19:40:55.0776 5552 IMFservice - ok
19:40:55.0923 5552 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
19:40:55.0925 5552 int15 - ok
19:40:56.0099 5552 IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
19:40:56.0119 5552 IntcAzAudAddService - ok
19:40:56.0287 5552 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:40:56.0289 5552 intelide - ok
19:40:56.0313 5552 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:40:56.0314 5552 intelppm - ok
19:40:56.0351 5552 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:40:56.0354 5552 IPBusEnum - ok
19:40:56.0407 5552 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:40:56.0430 5552 iphlpsvc - ok
19:40:56.0461 5552 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:40:56.0463 5552 IPMIDRV - ok
19:40:56.0484 5552 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:40:56.0486 5552 IPNAT - ok
19:40:56.0520 5552 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:40:56.0521 5552 IRENUM - ok
19:40:56.0539 5552 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:40:56.0540 5552 isapnp - ok
19:40:56.0582 5552 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:40:56.0594 5552 iScsiPrt - ok
19:40:56.0643 5552 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:40:56.0645 5552 iteatapi - ok
19:40:56.0677 5552 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
19:40:56.0678 5552 itecir - ok
19:40:56.0696 5552 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:40:56.0698 5552 iteraid - ok
19:40:56.0733 5552 JMCR (7e6a3e1cd74e8c97eed06670d2a691da) C:\Windows\system32\DRIVERS\jmcr.sys
19:40:56.0735 5552 JMCR - ok
19:40:56.0770 5552 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:56.0771 5552 kbdclass - ok
19:40:56.0801 5552 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:56.0803 5552 kbdhid - ok
19:40:56.0826 5552 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:40:56.0851 5552 KeyIso - ok
19:40:56.0915 5552 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:40:56.0922 5552 KSecDD - ok
19:40:56.0972 5552 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:40:56.0987 5552 KtmRm - ok
19:40:57.0017 5552 L1E (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
19:40:57.0019 5552 L1E - ok
19:40:57.0054 5552 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:40:57.0069 5552 LanmanServer - ok
19:40:57.0105 5552 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:40:57.0119 5552 LanmanWorkstation - ok
19:40:57.0145 5552 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\Windows\system32\DRIVERS\libusb0.sys
19:40:57.0146 5552 libusb0 - ok
19:40:57.0231 5552 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:40:57.0233 5552 LightScribeService - ok
19:40:57.0257 5552 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:40:57.0259 5552 lltdio - ok
19:40:57.0297 5552 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:40:57.0308 5552 lltdsvc - ok
19:40:57.0345 5552 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:40:57.0347 5552 lmhosts - ok
19:40:57.0376 5552 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:40:57.0378 5552 LSI_FC - ok
19:40:57.0414 5552 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:40:57.0416 5552 LSI_SAS - ok
19:40:57.0436 5552 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:40:57.0439 5552 LSI_SCSI - ok
19:40:57.0460 5552 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:40:57.0461 5552 luafv - ok
19:40:57.0487 5552 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
19:40:57.0487 5552 MBAMProtector - ok
19:40:57.0575 5552 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:40:57.0583 5552 MBAMService - ok
19:40:57.0611 5552 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:40:57.0614 5552 Mcx2Svc - ok
19:40:57.0639 5552 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:40:57.0640 5552 megasas - ok
19:40:57.0683 5552 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:40:57.0697 5552 MegaSR - ok
19:40:57.0727 5552 mferkdk (db75c83e3e57037390b7b4392bca5481) C:\Windows\system32\drivers\mferkdk.sys
19:40:58.0071 5552 mferkdk - ok
19:40:58.0129 5552 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:40:58.0132 5552 MMCSS - ok
19:40:58.0160 5552 MobilityService - ok
19:40:58.0192 5552 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:40:58.0193 5552 Modem - ok
19:40:58.0211 5552 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:40:58.0212 5552 monitor - ok
19:40:58.0231 5552 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:40:58.0232 5552 mouclass - ok
19:40:58.0254 5552 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:40:58.0255 5552 mouhid - ok
19:40:58.0283 5552 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:40:58.0284 5552 MountMgr - ok
19:40:58.0328 5552 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
19:40:58.0331 5552 MpFilter - ok
19:40:58.0365 5552 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:40:58.0369 5552 mpio - ok
19:40:58.0487 5552 MpKslb76fc2d7 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C7CD968D-C160-46C4-88B6-B8FE933124C2}\MpKslb76fc2d7.sys
19:40:58.0487 5552 MpKslb76fc2d7 - ok
19:40:58.0506 5552 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:40:58.0507 5552 mpsdrv - ok
19:40:58.0555 5552 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:40:58.0560 5552 MpsSvc - ok
19:40:58.0593 5552 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:40:58.0595 5552 Mraid35x - ok
19:40:58.0637 5552 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:40:58.0653 5552 MRxDAV - ok
19:40:58.0700 5552 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:58.0702 5552 mrxsmb - ok
19:40:58.0734 5552 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:58.0737 5552 mrxsmb10 - ok
19:40:58.0748 5552 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:58.0749 5552 mrxsmb20 - ok
19:40:58.0781 5552 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:40:58.0782 5552 msahci - ok
19:40:58.0807 5552 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:40:58.0810 5552 msdsm - ok
19:40:58.0862 5552 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:40:58.0878 5552 MSDTC - ok
19:40:58.0906 5552 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:40:58.0907 5552 Msfs - ok
19:40:58.0923 5552 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:40:58.0924 5552 msisadrv - ok
19:40:58.0961 5552 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:40:58.0975 5552 MSiSCSI - ok
19:40:58.0981 5552 msiserver - ok
19:40:58.0998 5552 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:40:58.0999 5552 MSKSSRV - ok
19:40:59.0094 5552 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:40:59.0095 5552 MsMpSvc - ok
19:40:59.0111 5552 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:59.0112 5552 MSPCLOCK - ok
19:40:59.0137 5552 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:40:59.0138 5552 MSPQM - ok
19:40:59.0188 5552 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:40:59.0190 5552 MsRPC - ok
19:40:59.0218 5552 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:40:59.0219 5552 mssmbios - ok
19:40:59.0240 5552 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:40:59.0241 5552 MSTEE - ok
19:40:59.0278 5552 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:40:59.0279 5552 Mup - ok
19:40:59.0329 5552 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:40:59.0346 5552 napagent - ok
19:40:59.0386 5552 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:40:59.0400 5552 NativeWifiP - ok
19:40:59.0468 5552 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:40:59.0477 5552 NDIS - ok
19:40:59.0509 5552 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:59.0510 5552 NdisTapi - ok
19:40:59.0525 5552 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:59.0526 5552 Ndisuio - ok
19:40:59.0555 5552 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:59.0569 5552 NdisWan - ok
19:40:59.0598 5552 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:40:59.0599 5552 NDProxy - ok
19:40:59.0616 5552 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:40:59.0617 5552 NetBIOS - ok
19:40:59.0655 5552 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:40:59.0666 5552 netbt - ok
19:40:59.0684 5552 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:40:59.0686 5552 Netlogon - ok
19:40:59.0731 5552 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:40:59.0750 5552 Netman - ok
19:40:59.0838 5552 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:59.0852 5552 NetMsmqActivator - ok
19:40:59.0858 5552 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:59.0859 5552 NetPipeActivator - ok
19:40:59.0890 5552 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:40:59.0900 5552 netprofm - ok
19:40:59.0906 5552 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:59.0907 5552 NetTcpActivator - ok
19:40:59.0914 5552 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:59.0916 5552 NetTcpPortSharing - ok
19:41:00.0203 5552 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:41:00.0318 5552 NETw5v32 - ok
19:41:00.0472 5552 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:41:00.0474 5552 nfrd960 - ok
19:41:00.0518 5552 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:41:00.0520 5552 NisDrv - ok
19:41:00.0625 5552 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
19:41:00.0636 5552 NisSrv - ok
19:41:00.0681 5552 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:41:00.0695 5552 NlaSvc - ok
19:41:00.0732 5552 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:41:00.0734 5552 Npfs - ok
19:41:00.0740 5552 npggsvc - ok
19:41:00.0760 5552 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:41:00.0763 5552 nsi - ok
19:41:00.0779 5552 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:41:00.0780 5552 nsiproxy - ok
19:41:00.0890 5552 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:41:00.0909 5552 Ntfs - ok
19:41:00.0954 5552 NTIBackupSvc (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:41:00.0955 5552 NTIBackupSvc - ok
19:41:01.0077 5552 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:41:01.0092 5552 NTIDrvr - ok
19:41:01.0113 5552 NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:41:01.0128 5552 NTISchedulerSvc - ok
19:41:01.0144 5552 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:41:01.0146 5552 ntrigdigi - ok
19:41:01.0152 5552 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:41:01.0153 5552 Null - ok
19:41:01.0191 5552 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
19:41:01.0193 5552 NVHDA - ok
19:41:02.0031 5552 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:41:02.0105 5552 nvlddmkm - ok
19:41:02.0293 5552 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:41:02.0295 5552 nvraid - ok
19:41:02.0331 5552 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:41:02.0332 5552 nvstor - ok
19:41:02.0362 5552 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
19:41:02.0366 5552 nvsvc - ok
19:41:02.0389 5552 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:41:02.0392 5552 nv_agp - ok
19:41:02.0415 5552 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:41:02.0417 5552 ohci1394 - ok
19:41:02.0486 5552 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:41:02.0509 5552 p2pimsvc - ok
19:41:02.0518 5552 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:41:02.0525 5552 p2psvc - ok
19:41:02.0573 5552 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:41:02.0575 5552 Parport - ok
19:41:02.0626 5552 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:41:02.0627 5552 partmgr - ok
19:41:02.0648 5552 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:41:02.0649 5552 Parvdm - ok
19:41:02.0676 5552 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:41:02.0680 5552 PcaSvc - ok
19:41:02.0720 5552 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:41:02.0722 5552 pci - ok
19:41:02.0750 5552 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:41:02.0752 5552 pciide - ok
19:41:02.0792 5552 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:41:02.0804 5552 pcmcia - ok
19:41:02.0888 5552 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:41:02.0905 5552 PEAUTH - ok
19:41:03.0055 5552 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:41:03.0086 5552 pla - ok
19:41:03.0227 5552 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:41:03.0233 5552 PlugPlay - ok
19:41:03.0298 5552 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
19:41:03.0301 5552 PnkBstrA - ok
19:41:03.0340 5552 PnkBstrB (27f1be4a53441c9f1f48b9adc145b0a5) C:\Windows\system32\PnkBstrB.exe
19:41:03.0351 5552 PnkBstrB - ok
19:41:03.0420 5552 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:41:03.0426 5552 PNRPAutoReg - ok
19:41:03.0436 5552 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:41:03.0442 5552 PNRPsvc - ok
19:41:03.0483 5552 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:41:03.0499 5552 PolicyAgent - ok
19:41:03.0563 5552 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:41:03.0565 5552 PptpMiniport - ok
19:41:03.0586 5552 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:41:03.0587 5552 Processor - ok
19:41:03.0617 5552 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:41:03.0631 5552 ProfSvc - ok
19:41:03.0653 5552 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:41:03.0655 5552 ProtectedStorage - ok
19:41:03.0687 5552 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:41:03.0689 5552 PSched - ok
19:41:03.0703 5552 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
19:41:03.0704 5552 PSDFilter - ok
19:41:03.0722 5552 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
19:41:03.0723 5552 PSDNServ - ok
19:41:03.0746 5552 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:41:03.0747 5552 psdvdisk - ok
19:41:03.0858 5552 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:41:03.0891 5552 ql2300 - ok
19:41:03.0914 5552 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:41:03.0917 5552 ql40xx - ok
19:41:03.0966 5552 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:41:03.0974 5552 QWAVE - ok
19:41:03.0994 5552 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:41:03.0995 5552 QWAVEdrv - ok
19:41:04.0014 5552 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:41:04.0015 5552 RasAcd - ok
19:41:04.0038 5552 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:41:04.0054 5552 RasAuto - ok
19:41:04.0073 5552 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:41:04.0076 5552 Rasl2tp - ok
19:41:04.0115 5552 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:41:04.0124 5552 RasMan - ok
19:41:04.0156 5552 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:41:04.0157 5552 RasPppoe - ok
19:41:04.0184 5552 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:41:04.0186 5552 RasSstp - ok
19:41:04.0232 5552 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:41:04.0236 5552 rdbss - ok
19:41:04.0277 5552 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:41:04.0278 5552 RDPCDD - ok
19:41:04.0334 5552 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:41:04.0342 5552 rdpdr - ok
19:41:04.0349 5552 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:41:04.0350 5552 RDPENCDD - ok
19:41:04.0413 5552 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:41:04.0427 5552 RDPWD - ok
19:41:04.0583 5552 RegFilter (d4cad048397ef2ab5cc7b918c54910eb) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
19:41:04.0584 5552 RegFilter - ok
19:41:04.0704 5552 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:41:04.0707 5552 RegSrvc - ok
19:41:04.0765 5552 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:41:04.0769 5552 RemoteAccess - ok
19:41:04.0810 5552 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:41:04.0825 5552 RemoteRegistry - ok
19:41:04.0866 5552 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:41:04.0881 5552 RFCOMM - ok
19:41:04.0915 5552 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:41:04.0917 5552 RpcLocator - ok
19:41:04.0984 5552 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:41:04.0990 5552 RpcSs - ok
19:41:05.0020 5552 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:41:05.0022 5552 rspndr - ok
19:41:05.0106 5552 RS_Service (974af42fc1cb6dc35de34109bef80054) C:\Program Files\Acer\Acer VCM\RS_Service.exe
19:41:05.0108 5552 RS_Service - ok
19:41:05.0131 5552 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:41:05.0133 5552 SamSs - ok
19:41:05.0162 5552 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:41:05.0165 5552 sbp2port - ok
19:41:05.0205 5552 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:41:05.0221 5552 SCardSvr - ok
19:41:05.0297 5552 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:41:05.0318 5552 Schedule - ok
19:41:05.0347 5552 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:41:05.0348 5552 SCPolicySvc - ok
19:41:05.0374 5552 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:41:05.0391 5552 SDRSVC - ok
19:41:05.0437 5552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:41:05.0438 5552 secdrv - ok
19:41:05.0456 5552 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:41:05.0460 5552 seclogon - ok
19:41:05.0481 5552 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:41:05.0484 5552 SENS - ok
19:41:05.0510 5552 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:41:05.0511 5552 Serenum - ok
19:41:05.0536 5552 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:41:05.0539 5552 Serial - ok
19:41:05.0564 5552 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:41:05.0565 5552 sermouse - ok
19:41:05.0713 5552 ServicepointService (aec6c79f72aa0e86bafcb18d2bd2e74c) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
19:41:05.0732 5552 ServicepointService - ok
19:41:05.0764 5552 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:41:05.0771 5552 SessionEnv - ok
19:41:05.0785 5552 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:41:05.0787 5552 sffdisk - ok
19:41:05.0804 5552 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:41:05.0805 5552 sffp_mmc - ok
19:41:05.0826 5552 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:41:05.0827 5552 sffp_sd - ok
19:41:05.0857 5552 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:41:05.0859 5552 sfloppy - ok
19:41:05.0925 5552 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:41:05.0943 5552 SharedAccess - ok
19:41:05.0991 5552 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:41:06.0001 5552 ShellHWDetection - ok
19:41:06.0027 5552 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:41:06.0029 5552 sisagp - ok
19:41:06.0049 5552 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:41:06.0051 5552 SiSRaid2 - ok
19:41:06.0078 5552 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:41:06.0080 5552 SiSRaid4 - ok
19:41:06.0158 5552 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
19:41:06.0170 5552 SkypeUpdate - ok
19:41:06.0467 5552 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:41:06.0591 5552 slsvc - ok
19:41:06.0740 5552 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:41:06.0744 5552 SLUINotify - ok
19:41:06.0803 5552 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:41:06.0805 5552 Smb - ok
19:41:06.0844 5552 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:41:06.0848 5552 SNMPTRAP - ok
19:41:06.0885 5552 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:41:06.0886 5552 spldr - ok
19:41:06.0929 5552 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:41:06.0943 5552 Spooler - ok
19:41:06.0988 5552 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:41:07.0006 5552 srv - ok
19:41:07.0028 5552 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:41:07.0030 5552 srv2 - ok
19:41:07.0071 5552 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:41:07.0073 5552 srvnet - ok
19:41:07.0113 5552 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:41:07.0127 5552 SSDPSRV - ok
19:41:07.0150 5552 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:41:07.0165 5552 SstpSvc - ok
19:41:07.0233 5552 Steam Client Service - ok
19:41:07.0296 5552 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:41:07.0326 5552 stisvc - ok
19:41:07.0379 5552 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
19:41:07.0387 5552 StkAMini - ok
19:41:07.0433 5552 StkASSrv (5ccfe3b03f97005d221ba897c9a20b38) C:\Windows\System32\StkASv2K.exe
19:41:07.0436 5552 StkASSrv - ok
19:41:07.0457 5552 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
19:41:07.0468 5552 StkScan - ok
19:41:07.0508 5552 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:41:07.0509 5552 swenum - ok
19:41:07.0563 5552 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:41:07.0568 5552 swprv - ok
19:41:07.0592 5552 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:41:07.0593 5552 Symc8xx - ok
19:41:07.0619 5552 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:41:07.0621 5552 Sym_hi - ok
19:41:07.0641 5552 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:41:07.0643 5552 Sym_u3 - ok
19:41:07.0677 5552 SynTP (93d33a3a0a4516584a1394c7821bae2e) C:\Windows\system32\DRIVERS\SynTP.sys
19:41:07.0689 5552 SynTP - ok
19:41:07.0761 5552 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:41:07.0776 5552 SysMain - ok
19:41:07.0828 5552 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:41:07.0832 5552 TabletInputService - ok
19:41:07.0881 5552 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:41:07.0892 5552 TapiSrv - ok
19:41:07.0912 5552 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:41:07.0915 5552 TBS - ok
19:41:08.0012 5552 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
19:41:08.0028 5552 Tcpip - ok
19:41:08.0043 5552 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
19:41:08.0048 5552 Tcpip6 - ok
19:41:08.0065 5552 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
19:41:08.0066 5552 tcpipreg - ok
19:41:08.0097 5552 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:41:08.0098 5552 TDPIPE - ok
19:41:08.0121 5552 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:41:08.0122 5552 TDTCP - ok
19:41:08.0152 5552 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:41:08.0154 5552 tdx - ok
19:41:08.0189 5552 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:41:08.0191 5552 TermDD - ok
19:41:08.0251 5552 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:41:08.0293 5552 TermService - ok
19:41:08.0359 5552 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:41:08.0363 5552 Themes - ok
19:41:08.0391 5552 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:41:08.0394 5552 THREADORDER - ok
19:41:08.0421 5552 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:41:08.0425 5552 TrkWks - ok
19:41:08.0479 5552 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:41:08.0480 5552 TrustedInstaller - ok
19:41:08.0521 5552 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:08.0523 5552 tssecsrv - ok
19:41:08.0545 5552 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:41:08.0546 5552 tunmp - ok
19:41:08.0564 5552 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:41:08.0567 5552 tunnel - ok
19:41:08.0591 5552 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:41:08.0593 5552 uagp35 - ok
19:41:08.0610 5552 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
19:41:08.0611 5552 UBHelper - ok
19:41:08.0653 5552 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:41:08.0666 5552 udfs - ok
19:41:08.0728 5552 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:41:08.0732 5552 UI0Detect - ok
19:41:08.0762 5552 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:41:08.0764 5552 uliagpkx - ok
19:41:08.0801 5552 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:41:08.0813 5552 uliahci - ok
19:41:08.0841 5552 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:41:08.0843 5552 UlSata - ok
19:41:08.0869 5552 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:41:08.0884 5552 ulsata2 - ok
19:41:08.0910 5552 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:41:08.0911 5552 umbus - ok
19:41:08.0949 5552 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:41:08.0958 5552 upnphost - ok
19:41:09.0091 5552 UrlFilter (25135422ac9efa051b6f17420b84e519) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
19:41:09.0092 5552 UrlFilter - ok
19:41:09.0142 5552 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:41:09.0145 5552 usbaudio - ok
19:41:09.0181 5552 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:09.0183 5552 usbccgp - ok
19:41:09.0214 5552 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:41:09.0216 5552 usbcir - ok
19:41:09.0254 5552 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:41:09.0255 5552 usbehci - ok
19:41:09.0285 5552 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:41:09.0307 5552 usbhub - ok
19:41:09.0336 5552 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:41:09.0337 5552 usbohci - ok
19:41:09.0368 5552 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:41:09.0369 5552 usbprint - ok
19:41:09.0403 5552 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:41:09.0405 5552 usbscan - ok
19:41:09.0428 5552 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:09.0430 5552 USBSTOR - ok
19:41:09.0454 5552 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:41:09.0455 5552 usbuhci - ok
19:41:09.0482 5552 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:41:09.0497 5552 usbvideo - ok
19:41:09.0534 5552 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:41:09.0538 5552 UxSms - ok
19:41:09.0598 5552 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:41:09.0609 5552 vds - ok
19:41:09.0644 5552 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
19:41:09.0646 5552 vfs101x - ok
19:41:09.0721 5552 vfsFPService (edfb7f3dec6e0c1f820be678e1fcaf02) C:\Windows\system32\vfsFPService.exe
19:41:09.0742 5552 vfsFPService - ok
19:41:09.0769 5552 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:09.0770 5552 vga - ok
19:41:09.0781 5552 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:41:09.0783 5552 VgaSave - ok
19:41:09.0812 5552 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:41:09.0814 5552 viaagp - ok
19:41:09.0839 5552 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:41:09.0841 5552 ViaC7 - ok
19:41:09.0861 5552 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:41:09.0862 5552 viaide - ok
19:41:09.0888 5552 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:41:09.0889 5552 volmgr - ok
19:41:09.0936 5552 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:41:09.0940 5552 volmgrx - ok
19:41:09.0982 5552 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:41:09.0986 5552 volsnap - ok
19:41:10.0020 5552 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:41:10.0034 5552 vsmraid - ok
19:41:10.0144 5552 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:41:10.0177 5552 VSS - ok
19:41:10.0223 5552 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:41:10.0252 5552 W32Time - ok
19:41:10.0324 5552 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:41:10.0325 5552 WacomPen - ok
19:41:10.0347 5552 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:10.0349 5552 Wanarp - ok
19:41:10.0355 5552 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:10.0357 5552 Wanarpv6 - ok
19:41:10.0423 5552 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:41:10.0431 5552 wcncsvc - ok
19:41:10.0467 5552 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:41:10.0471 5552 WcsPlugInService - ok
19:41:10.0498 5552 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:41:10.0499 5552 Wd - ok
19:41:10.0571 5552 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:41:10.0580 5552 Wdf01000 - ok
19:41:10.0604 5552 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:41:10.0612 5552 WdiServiceHost - ok
19:41:10.0620 5552 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:41:10.0624 5552 WdiSystemHost - ok
19:41:10.0678 5552 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:41:10.0684 5552 WebClient - ok
19:41:10.0722 5552 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:41:10.0727 5552 Wecsvc - ok
19:41:10.0746 5552 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:41:10.0751 5552 wercplsupport - ok
19:41:10.0786 5552 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:41:10.0803 5552 WerSvc - ok
19:41:10.0876 5552 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:41:10.0885 5552 WinDefend - ok
19:41:10.0904 5552 WinHttpAutoProxySvc - ok
19:41:10.0970 5552 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:41:10.0985 5552 Winmgmt - ok
19:41:11.0117 5552 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:41:11.0152 5552 WinRM - ok
19:41:11.0230 5552 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
19:41:11.0232 5552 WinUSB - ok
19:41:11.0300 5552 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:41:11.0318 5552 Wlansvc - ok
19:41:11.0576 5552 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:41:11.0656 5552 wlidsvc - ok
19:41:11.0817 5552 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:41:11.0818 5552 WmiAcpi - ok
19:41:11.0920 5552 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:41:11.0922 5552 wmiApSrv - ok
19:41:12.0034 5552 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:41:12.0053 5552 WMPNetworkSvc - ok
19:41:12.0086 5552 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:41:12.0099 5552 WPCSvc - ok
19:41:12.0134 5552 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:41:12.0151 5552 WPDBusEnum - ok
19:41:12.0313 5552 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:41:12.0328 5552 WPFFontCache_v0400 - ok
19:41:12.0395 5552 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:41:12.0396 5552 ws2ifsl - ok
19:41:12.0423 5552 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:41:12.0428 5552 wscsvc - ok
19:41:12.0436 5552 WSearch - ok
19:41:12.0650 5552 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:41:12.0700 5552 wuauserv - ok
19:41:12.0873 5552 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:12.0876 5552 WUDFRd - ok
19:41:12.0916 5552 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:41:12.0921 5552 wudfsvc - ok
19:41:12.0992 5552 MBR (0x1B8) (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0
19:41:13.0608 5552 \Device\Harddisk0\DR0 - ok
19:41:13.0612 5552 Boot (0x1200) (726694548a6cf739c51048094fb68a4d) \Device\Harddisk0\DR0\Partition0
19:41:13.0613 5552 \Device\Harddisk0\DR0\Partition0 - ok
19:41:13.0657 5552 Boot (0x1200) (5b142dc0ef14fe27e82e89f059c76b0a) \Device\Harddisk0\DR0\Partition1
19:41:13.0659 5552 \Device\Harddisk0\DR0\Partition1 - ok
19:41:13.0660 5552 ============================================================
19:41:13.0660 5552 Scan finished
19:41:13.0660 5552 ============================================================
19:41:13.0669 4452 Detected object count: 1
19:41:13.0669 4452 Actual detected object count: 1
19:42:07.0035 4452 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:42:07.0035 4452 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:42:41.0539 2184 Deinitialize success

BY THE WAY i skipped due to no cure, please tell me if i need to delete it.

:edit:

i cant do combo fix, i need administrative rights it says, i opened as admin also.

:2nd edit:

i still have black screen in normal mode.

Edited by dxpoo, 14 July 2012 - 03:59 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 14 July 2012 - 04:29 PM

Hello,

Can you run Combofix in Safemode?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 16 July 2012 - 11:06 AM

still get that message about administrative rights, and also a message came up saying windows prevented an unexpected shutdown. (yes i was on safe mode)
And during startup to normal mode (as it says welcome on vista) it came up with this error

"The application failed to initialize properly (0xc0000022). Click OK to terminate the application."

or something allong the lines of that, any help would be nice.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA

Posted 16 July 2012 - 04:16 PM

Restore Permissions for Combofix.exe

Please download Inherit by sUBs

  • Drag and drop Combofix onto Inherit
  • This shall restore permissions to the application
  • The application should now run normally
Please indicate in your next post if this was successful.

Please try and run Combofix.


Let me know how it goes.

Edited by fireman4it, 16 July 2012 - 04:17 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 17 July 2012 - 12:09 PM

it did not work, (at first i double clicked the program in normal mode, but nothing happened, i didnt read correctly)
then i went into safe mode, dropped combo fix on the program, tried opening it, nothing happened.

Went on to normal mode did the same thing, it asked for an update (combo fix) i did, and after the update, it said i need administrative rights again or something similar, so it was not successful sadly.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 17 July 2012 - 01:39 PM

Hello,

Do you have a USB FLash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 17 July 2012 - 03:05 PM

yes i do

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA

Posted 17 July 2012 - 03:49 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 18 July 2012 - 11:57 AM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 18-07-2012 17:42:17
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-04-04] (Synaptics, Inc.)
HKLM\...\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN [4371768 2011-03-25] (Virgin Media)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Arjann\...\Run: [Google Update] "C:\Users\Arjann\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-08] (Google Inc.)
HKU\Arjann\...\Run: [Akamai NetSession Interface] "C:\Users\Arjann\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\Default\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default User\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

================================ Services (Whitelisted) ==================

2 BUNAgentSvc; "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.)
2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
3 npggsvc; C:\Windows\system32\GameMon.des -service [3928280 2012-05-06] (INCA Internet Co., Ltd.)
2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-06-17] ()
2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [189248 2011-06-17] ()
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-07-19] (Acer Incorporated)
2 ServicepointService; "C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" [689464 2011-03-25] (Radialpoint Inc.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-05-02] (Skype Technologies)
2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-23] (Syntek America Inc.)
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]

========================== Drivers (Whitelisted) =============

1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
3 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [20336 2012-01-05] (IObit)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2007-01-25] ()
3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-04] (Atheros Communications, Inc.)
3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [29184 2006-05-29] (http://libusb-win32.sourceforge.net)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34152 2008-06-19] (McAfee, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [30600 2012-04-28] (IObit.com)
3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-26] (Syntek America Inc.)
3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-01] (Syntek America Inc.)
3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [19792 2012-04-28] (IObit.com)
3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 17:42 - 2012-07-18 17:42 - 00000000 ____D C:\FRST
2012-07-17 09:03 - 2012-07-17 09:06 - 00000000 ___SD C:\32788R22FWJFW
2012-07-17 08:44 - 2012-07-17 08:44 - 00085504 ____A C:\Users\Arjann\Desktop\Inherit.exe
2012-07-14 10:54 - 2012-07-14 10:54 - 00000000 ____D C:\Qoobox
2012-07-14 10:44 - 2012-07-17 09:04 - 04579127 ____R (Swearware) C:\Users\Arjann\Desktop\ComboFix.exe
2012-07-14 10:38 - 2012-07-14 10:38 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Arjann\Desktop\tdsskiller.exe
2012-07-14 10:37 - 2012-07-14 10:37 - 00000000 ____D C:\_OTL
2012-07-13 08:37 - 2012-07-13 08:38 - 04731392 ____A (AVAST Software) C:\Users\Arjann\Downloads\aswMBR.exe
2012-07-13 08:35 - 2012-07-13 08:35 - 00053434 ____A C:\Users\Arjann\Downloads\Extras.Txt
2012-07-13 08:33 - 2012-07-13 08:33 - 00096184 ____A C:\Users\Arjann\Downloads\OTL.Txt
2012-07-13 08:22 - 2012-07-13 08:22 - 00596480 ____A (OldTimer Tools) C:\Users\Arjann\Downloads\OTL.exe
2012-07-12 13:17 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 13:14 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 13:14 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 13:14 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 13:14 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 13:14 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 13:14 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 13:14 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 13:14 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 13:14 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 13:14 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 13:14 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 13:14 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 13:14 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 13:14 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 11:28 - 2012-07-12 11:39 - 387155565 ____A C:\Users\Arjann\Downloads\[LittleAngelsHentai.net] Mu-Soft - Hizashi No Naka No Riaru.zip
2012-07-12 10:50 - 2012-07-12 10:58 - 407639493 ____A C:\Users\Arjann\Downloads\[Ekicon_Research_Society]_-_Meshimase_Shimai_Donburi.part2.rar
2012-07-12 10:49 - 2012-07-12 10:58 - 414187520 ____A C:\Users\Arjann\Downloads\[Ekicon_Research_Society]_-_Meshimase_Shimai_Donburi.part1.rar
2012-07-12 09:13 - 2012-07-12 09:16 - 100504196 ____A C:\Users\Arjann\Downloads\littleangelshentai.net - [pumpkin][023] Seito Youroku.7z
2012-07-12 09:07 - 2012-07-12 09:08 - 32436078 ____A C:\Users\Arjann\Downloads\RJ017031.rar
2012-07-12 07:34 - 2012-07-12 07:34 - 00294216 ____A C:\Users\Arjann\Downloads\gmer.zip
2012-07-12 07:33 - 2012-07-12 07:33 - 00302592 ____A C:\Users\Arjann\Downloads\lytgwsqu.exe
2012-07-12 07:16 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-12 07:16 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 07:16 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 07:16 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 07:16 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 07:16 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-09 09:40 - 2012-07-09 09:43 - 200320198 ____A C:\Users\Arjann\Downloads\RJ035490.rar
2012-07-09 09:29 - 2012-07-09 09:31 - 207157293 ____A C:\Users\Arjann\Downloads\SdSdSdTA_-_01_(704x400_x264_AAC)_[8D2A1D81].7z
2012-07-09 09:28 - 2012-07-09 09:37 - 167640198 ____A C:\Users\Arjann\Downloads\[littleangelshentai.net] Nighthawk - Hikage de sukusuku.7z
2012-07-09 09:16 - 2012-07-09 09:20 - 80568567 ____A C:\Users\Arjann\Downloads\(?????) [120520] [??????] ??????!!!2 ???????? RJ095886.zip
2012-07-09 09:13 - 2012-07-09 09:24 - 208530938 ____A C:\Users\Arjann\Downloads\[holy water club] Muma no Omocha.7z
2012-07-06 08:10 - 2012-07-06 08:10 - 186322960 ____A C:\Windows\MEMORY.DMP
2012-07-06 08:10 - 2012-07-06 08:10 - 00131088 ____A C:\Windows\Minidump\Mini070612-01.dmp
2012-07-05 08:05 - 2012-07-05 08:06 - 70463008 ____A (Microsoft Corporation) C:\Users\Arjann\Downloads\msert.exe
2012-07-02 08:22 - 2012-07-02 08:22 - 02322184 ____A (ESET) C:\Users\Arjann\Downloads\esetsmartinstaller_enu.exe
2012-07-01 06:44 - 2012-07-01 06:48 - 00000000 ____A C:\Windows\System32\sfcdetails.txt
2012-06-30 11:37 - 2012-06-30 11:37 - 00000000 __SHD C:\found.000
2012-06-29 08:01 - 2012-06-29 08:01 - 00000000 ____D C:\Users\Arjann\Documents\??????????
2012-06-28 07:36 - 2012-06-28 07:46 - 00000000 ____A C:\Users\Arjann\Downloads\[amami-k] L0li Movie.part1.rar
2012-06-28 07:36 - 2012-06-28 07:38 - 35852040 ____A C:\Users\Arjann\Downloads\[amami-k] L0li Movie.part2.rar
2012-06-23 08:25 - 2012-06-23 08:25 - 00000000 ____D C:\Users\Arjann\AppData\Local\Aeria Games
2012-06-22 11:54 - 2012-06-22 11:55 - 00477792 ____A (Aeria Games & Entertainment) C:\Users\Arjann\Downloads\warenstory_us_downloader.exe
2012-06-22 07:57 - 2012-06-22 08:14 - 31232000 ____A C:\Users\Arjann\Downloads\yuifa03.rar.crdownload
2012-06-21 10:23 - 2012-06-21 10:23 - 00021156 ____A C:\Users\Arjann\Downloads\[Yuji Serizawa] Banana Shake.rar.torrent
2012-06-21 07:42 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 07:42 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 07:42 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 07:42 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 07:42 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 07:42 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 07:42 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 07:42 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 07:42 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-18 08:35 - 2011-07-01 07:52 - 01178785 ____A C:\Windows\WindowsUpdate.log
2012-07-18 08:35 - 2009-11-26 07:53 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-07-18 08:35 - 2006-11-02 05:01 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-18 08:35 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 08:35 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-18 08:35 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 07:58 - 2010-08-08 12:49 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-712691422-3369108793-3596480014-1000UA.job
2012-07-18 07:53 - 2009-06-24 14:10 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-07-18 07:52 - 2012-06-14 07:17 - 00026206 ____A C:\Windows\PFRO.log
2012-07-18 07:52 - 2009-08-27 12:37 - 00037013 ____A C:\Users\All Users\nvModes.001
2012-07-18 07:52 - 2009-01-08 21:19 - 00000147 ____A C:\Windows\System32\agent.log
2012-07-17 09:04 - 2012-07-14 10:44 - 04579127 ____R (Swearware) C:\Users\Arjann\Desktop\ComboFix.exe
2012-07-17 08:44 - 2012-07-17 08:44 - 00085504 ____A C:\Users\Arjann\Desktop\Inherit.exe
2012-07-14 10:38 - 2012-07-14 10:38 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Arjann\Desktop\tdsskiller.exe
2012-07-14 03:58 - 2010-08-08 12:49 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-712691422-3369108793-3596480014-1000Core.job
2012-07-13 08:38 - 2012-07-13 08:37 - 04731392 ____A (AVAST Software) C:\Users\Arjann\Downloads\aswMBR.exe
2012-07-13 08:35 - 2012-07-13 08:35 - 00053434 ____A C:\Users\Arjann\Downloads\Extras.Txt
2012-07-13 08:33 - 2012-07-13 08:33 - 00096184 ____A C:\Users\Arjann\Downloads\OTL.Txt
2012-07-13 08:22 - 2012-07-13 08:22 - 00596480 ____A (OldTimer Tools) C:\Users\Arjann\Downloads\OTL.exe
2012-07-13 07:45 - 2006-11-02 04:47 - 00360544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 13:15 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-12 12:49 - 2010-08-08 12:51 - 00002051 ____A C:\Users\Arjann\Desktop\Google Chrome.lnk
2012-07-12 11:39 - 2012-07-12 11:28 - 387155565 ____A C:\Users\Arjann\Downloads\[LittleAngelsHentai.net] Mu-Soft - Hizashi No Naka No Riaru.zip
2012-07-12 10:58 - 2012-07-12 10:50 - 407639493 ____A C:\Users\Arjann\Downloads\[Ekicon_Research_Society]_-_Meshimase_Shimai_Donburi.part2.rar
2012-07-12 10:58 - 2012-07-12 10:49 - 414187520 ____A C:\Users\Arjann\Downloads\[Ekicon_Research_Society]_-_Meshimase_Shimai_Donburi.part1.rar
2012-07-12 09:16 - 2012-07-12 09:13 - 100504196 ____A C:\Users\Arjann\Downloads\littleangelshentai.net - [pumpkin][023] Seito Youroku.7z
2012-07-12 09:08 - 2012-07-12 09:07 - 32436078 ____A C:\Users\Arjann\Downloads\RJ017031.rar
2012-07-12 07:34 - 2012-07-12 07:34 - 00294216 ____A C:\Users\Arjann\Downloads\gmer.zip
2012-07-12 07:33 - 2012-07-12 07:33 - 00302592 ____A C:\Users\Arjann\Downloads\lytgwsqu.exe
2012-07-09 09:43 - 2012-07-09 09:40 - 200320198 ____A C:\Users\Arjann\Downloads\RJ035490.rar
2012-07-09 09:37 - 2012-07-09 09:28 - 167640198 ____A C:\Users\Arjann\Downloads\[littleangelshentai.net] Nighthawk - Hikage de sukusuku.7z
2012-07-09 09:31 - 2012-07-09 09:29 - 207157293 ____A C:\Users\Arjann\Downloads\SdSdSdTA_-_01_(704x400_x264_AAC)_[8D2A1D81].7z
2012-07-09 09:24 - 2012-07-09 09:13 - 208530938 ____A C:\Users\Arjann\Downloads\[holy water club] Muma no Omocha.7z
2012-07-09 09:20 - 2012-07-09 09:16 - 80568567 ____A C:\Users\Arjann\Downloads\(?????) [120520] [??????] ??????!!!2 ???????? RJ095886.zip
2012-07-06 08:10 - 2012-07-06 08:10 - 186322960 ____A C:\Windows\MEMORY.DMP
2012-07-06 08:10 - 2012-07-06 08:10 - 00131088 ____A C:\Windows\Minidump\Mini070612-01.dmp
2012-07-05 08:06 - 2012-07-05 08:05 - 70463008 ____A (Microsoft Corporation) C:\Users\Arjann\Downloads\msert.exe
2012-07-02 08:22 - 2012-07-02 08:22 - 02322184 ____A (ESET) C:\Users\Arjann\Downloads\esetsmartinstaller_enu.exe
2012-07-01 06:48 - 2012-07-01 06:44 - 00000000 ____A C:\Windows\System32\sfcdetails.txt
2012-06-30 13:28 - 2010-03-14 07:00 - 00008592 ____A C:\Users\Arjann\AppData\Local\d3d9caps.dat
2012-06-28 07:46 - 2012-06-28 07:36 - 00000000 ____A C:\Users\Arjann\Downloads\[amami-k] L0li Movie.part1.rar
2012-06-28 07:38 - 2012-06-28 07:36 - 35852040 ____A C:\Users\Arjann\Downloads\[amami-k] L0li Movie.part2.rar
2012-06-22 11:55 - 2012-06-22 11:54 - 00477792 ____A (Aeria Games & Entertainment) C:\Users\Arjann\Downloads\warenstory_us_downloader.exe
2012-06-22 08:14 - 2012-06-22 07:57 - 31232000 ____A C:\Users\Arjann\Downloads\yuifa03.rar.crdownload
2012-06-21 11:37 - 2012-04-18 16:28 - 00000038 ____A C:\Windows\AviSplitter.INI
2012-06-21 10:23 - 2012-06-21 10:23 - 00021156 ____A C:\Users\Arjann\Downloads\[Yuji Serizawa] Banana Shake.rar.torrent
2012-06-16 08:24 - 2012-06-16 08:24 - 00000374 ____A C:\Users\Arjann\Downloads\ot-musumate.rar
2012-06-14 08:09 - 2006-11-02 02:33 - 00766296 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 09:49 - 2012-06-13 09:49 - 00000000 ____A C:\Users\Arjann\Downloads\BF3C.tmp
2012-06-13 05:40 - 2012-07-12 13:17 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 09:47 - 2012-07-12 07:16 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-07 17:14 - 2009-06-24 14:03 - 00096424 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-06-07 16:01 - 2012-06-07 16:00 - 28484689 ____A C:\Users\Arjann\Downloads\boom.7z
2012-06-07 15:28 - 2012-06-07 15:27 - 10803599 ____A C:\Users\Arjann\Downloads\s3_m_patch.zip
2012-06-07 15:08 - 2012-06-07 15:08 - 01453162 ____A C:\Users\Arjann\Downloads\NTLEA.rar
2012-06-07 09:28 - 2012-06-07 09:28 - 00880528 ____A (BitTorrent, Inc.) C:\Users\Arjann\Downloads\uTorrent (1).exe
2012-06-07 08:26 - 2012-06-07 08:17 - 201576775 ____A C:\Users\Arjann\Downloads\PL2 add-ons.rar
2012-06-07 08:16 - 2012-06-07 08:07 - 209467037 ____A C:\Users\Arjann\Downloads\Polygon Love 2.rar
2012-06-06 14:17 - 2012-06-06 14:16 - 39483256 ____A (Apple Inc.) C:\Users\Arjann\Downloads\QuickTimeInstaller.exe
2012-06-06 14:08 - 2009-08-22 13:02 - 00050688 ____A C:\Users\Arjann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-05 08:47 - 2012-07-12 07:16 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-12 07:16 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-12 07:16 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-03 06:30 - 2012-06-03 06:29 - 01575269 ____A C:\Users\Arjann\Desktop\mcpatcher-2.3.7.exe
2012-06-03 06:12 - 2012-06-03 06:10 - 09635922 ____A C:\Users\Arjann\Downloads\AzasAridPack.zip
2012-06-03 06:11 - 2012-06-03 06:11 - 00256489 ____A C:\Users\Arjann\Downloads\OptiFine_1.2.5_HD_S_B2.zip
2012-06-02 14:37 - 2011-11-10 11:20 - 00000895 ____A C:\Users\Arjann\Desktop\funny school joke.txt
2012-06-02 14:19 - 2012-06-21 07:42 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 07:42 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 07:42 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 07:42 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 07:42 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 07:42 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 07:42 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 07:42 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-21 07:42 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-12 13:14 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-12 13:14 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-12 13:14 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-12 13:14 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-12 13:14 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 13:14 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-12 13:14 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-12 13:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 13:14 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 13:14 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-12 13:14 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-12 13:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 13:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 13:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-12 07:16 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-12 07:16 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-17 08:02 - 2012-05-17 08:03 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-17 08:02 - 2012-05-17 08:03 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-17 08:01 - 2012-05-17 08:01 - 00892360 ____A (Oracle Corporation) C:\Users\Arjann\Downloads\chromeinstall-7u4.exe
2012-05-15 07:34 - 2011-07-24 05:48 - 00000970 ____A C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2012-05-15 07:33 - 2012-05-15 07:32 - 19551736 ____A (IObit ) C:\Users\Arjann\Downloads\imf-setup (3).exe
2012-05-13 04:38 - 2009-11-22 16:04 - 00000378 ____A C:\Windows\wininit.ini
2012-05-09 08:04 - 2012-05-09 08:03 - 00892360 ____A (Oracle Corporation) C:\Users\Arjann\Downloads\jre-7u4-windows-i586-iftw.exe
2012-05-09 07:54 - 2012-05-09 07:54 - 00359656 ____A (Microsoft Corporation) C:\Users\Arjann\Downloads\msicuu2 (1).exe
2012-05-09 07:52 - 2012-05-09 07:51 - 00359656 ____A (Microsoft Corporation) C:\Users\Arjann\Downloads\msicuu2.exe
2012-05-06 15:35 - 2010-01-13 11:18 - 03928280 ____A (INCA Internet Co., Ltd.) C:\Windows\System32\GameMon.des
2012-05-01 07:37 - 2011-11-29 08:48 - 00002154 ____A C:\Windows\epplauncher.mif
2012-05-01 06:03 - 2012-06-14 07:39 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 12:01 - 2012-04-27 12:01 - 19645473 ____A C:\Users\Arjann\Downloads\Settlecraft V_1_2_6.zip
2012-04-27 11:45 - 2012-04-27 11:45 - 00051131 ____A C:\Users\Arjann\Downloads\TooManyItems2012_04_13_1.2.5.zip
2012-04-26 08:10 - 2012-04-26 08:10 - 00077691 ____A C:\Users\Arjann\Downloads\mod_thx_helicopter_CLIENT_mc125_v017.zip
2012-04-26 08:10 - 2012-04-26 08:10 - 00077691 ____A C:\Users\Arjann\Downloads\mod_thx_helicopter_CLIENT_mc125_v017 (1).zip
2012-04-26 08:10 - 2012-04-26 08:10 - 00070798 ____A C:\Users\Arjann\Downloads\mod_thx_helicopter_SERVER_mc125_v017.zip
2012-04-26 07:48 - 2012-04-26 07:48 - 01548390 ____A C:\Users\Arjann\Downloads\whale mod v2.0.rar
2012-04-26 07:44 - 2012-04-26 07:42 - 51722156 ____A C:\Users\Arjann\Downloads\MoreCreepsv2.56.rar
2012-04-26 07:30 - 2012-04-26 07:30 - 00535241 ____A C:\Users\Arjann\Downloads\MinecraftForge-3.1.3.99-Client.zip
2012-04-26 07:26 - 2012-04-26 07:26 - 05083750 ____A C:\Users\Arjann\Downloads\DrZharks MoCreatures Mov v3.5.0.zip
2012-04-26 07:25 - 2012-04-26 07:25 - 01043780 ____A C:\Users\Arjann\Downloads\GuiAPI-0.14.2-1.2.5.zip
2012-04-26 07:13 - 2012-04-26 07:13 - 00026472 ____A C:\Users\Arjann\Downloads\ModLoaderMP 1.2.5 v1.zip
2012-04-25 12:28 - 2012-04-25 12:28 - 00174147 ____A C:\Users\Arjann\Downloads\reptile-mod-1.2.5-20120331.zip
2012-04-25 11:59 - 2012-04-25 11:59 - 02323158 ____A C:\Users\Arjann\Downloads\tornadoes v1.1 for MC v1.2.5.zip
2012-04-25 11:51 - 2012-04-25 11:51 - 00046737 ____A C:\Users\Arjann\Downloads\AudioMod (2).zip
2012-04-25 11:35 - 2012-04-25 11:35 - 00103347 ____A C:\Users\Arjann\Downloads\ModLoader (3).zip
2012-04-25 11:34 - 2012-04-25 11:34 - 00003294 ____A C:\Users\Arjann\Downloads\Timber! (1.2.4).zip
2012-04-25 11:04 - 2012-04-25 11:04 - 00278561 ____A C:\Users\Arjann\Desktop\Minecraft.exe
2012-04-23 12:27 - 2012-04-23 12:27 - 00196400 ____A C:\Users\Arjann\Downloads\usbwp (1).rar
2012-04-23 10:21 - 2012-04-23 10:21 - 00196400 ____A C:\Users\Arjann\Downloads\usbwp.rar
2012-04-23 08:00 - 2012-06-14 07:40 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:00 - 2012-06-14 07:40 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:00 - 2012-06-14 07:40 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 4092.16 MB
Available physical RAM: 3737.2 MB
Total Pagefile: 3957.9 MB
Available Pagefile: 3803.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:12.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:137.5 GB) (Free:135.8 GB) NTFS
4 Drive f: () (Removable) (Total:0.98 GB) (Free:0.32 GB) FAT
5 Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.66 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1005 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 13 GB 1024 KB
Partition 2 Primary 144 GB 13 GB
Partition 3 Primary 138 GB 157 GB
Partition 4 OEM 3630 MB 295 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 X PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER NTFS Partition 144 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 138 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 NTFS Partition 3630 MB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1004 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1004 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 07:59

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users