Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

popup and redirect on firefox


  • This topic is locked This topic is locked
25 replies to this topic

#1 emily m

emily m

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 15 September 2012 - 07:11 PM

i have a redirect and pop up malware id like assistance in removing, here is the dds log, and since im on 64 bit windows, i didnt run gmer. good luck and thanks
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lenn at 16:46:28 on 2012-09-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2544 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://AlienwareArena.com
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Darksiders] rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [FAStartup]
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe"
dRun: [Darksiders] rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{28F4B7FF-2441-498B-BD90-39F8E45233E1} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BDE77F38-DFDE-4E68-A955-E55820146C0A} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BDE77F38-DFDE-4E68-A955-E55820146C0A}\144545438383 : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [FAStartup]
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\a7k73axp.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 399432]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-6-27 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-19 2348352]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-27 114144]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-8-10 14544]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-27 98208]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-27 13336]
.
=============== Created Last 30 ================
.
2012-09-15 20:30:40 -------- d-----w- C:\Users\Lenn\AppData\Local\{37FF920D-BA9D-4F9E-BB99-171C786E724B}
2012-09-15 06:02:36 -------- d-----w- C:\Program Files\Defraggler
2012-09-14 20:45:31 -------- d-----w- C:\Users\Lenn\AppData\Local\{F88A37B0-F173-4044-B30E-10E1F690C6F9}
2012-09-14 02:06:56 -------- d-----w- C:\Users\Lenn\AppData\Local\{025097C2-D0C0-43D4-9E39-DC9518B25C8B}
2012-09-13 13:16:20 -------- d-----w- C:\Users\Lenn\AppData\Local\{9AA3CAFD-C83D-4890-9710-D6E3E516E87F}
2012-09-12 19:51:20 -------- d-----w- C:\Users\Lenn\AppData\Local\{FFFD974A-E88F-43F6-AF6B-1B0666C848F0}
2012-09-11 21:33:02 -------- d-----w- C:\Users\Lenn\AppData\Local\{D90907BC-9001-4D04-8AF5-F46FF7982851}
2012-09-11 09:22:32 -------- d-----w- C:\Users\Lenn\AppData\Local\{F3E44B4A-84B9-4DC8-AC29-AB1302FBA00B}
2012-09-10 21:22:05 -------- d-----w- C:\Users\Lenn\AppData\Local\{6EA931FF-6DBC-40C9-810E-550F4A9789EF}
2012-09-10 21:02:43 -------- d-----w- C:\Users\Lenn\AppData\Local\{DD14847E-E9FC-4F2E-AE64-6934C4DE1C6B}
2012-09-10 20:16:23 -------- d-----w- C:\Users\Lenn\AppData\Local\{EFCFAC1B-BD22-4DC6-95C4-9DBE7557F40D}
2012-09-09 21:10:38 -------- d-----w- C:\Users\Lenn\AppData\Local\{52E24DC8-4504-4A37-89DC-5E956F223F33}
2012-09-09 00:42:05 -------- d-----w- C:\Users\Lenn\AppData\Local\{C1467C6F-E6EC-47BE-A4DC-F9507115E6FD}
2012-09-08 12:41:41 -------- d-----w- C:\Users\Lenn\AppData\Local\{F1A988FE-4B19-495F-AF2E-2CE4B7758C3D}
2012-09-07 22:48:09 -------- d-----w- C:\Users\Lenn\AppData\Local\{D996CCEA-896C-4437-ABB6-4775D69B0D4D}
2012-09-07 10:47:45 -------- d-----w- C:\Users\Lenn\AppData\Local\{BC3629A6-C3CB-459B-8CE1-D5FE5692DD1C}
2012-09-06 18:01:35 -------- d-----w- C:\Users\Lenn\AppData\Local\{8EF2D7F8-F7B7-4478-868E-46B8EE6D5142}
2012-09-06 00:29:18 -------- d-----w- C:\Users\Lenn\AppData\Local\{632CEB3F-823D-41CE-B0C1-3840D1BB2EB4}
2012-09-05 12:28:42 -------- d-----w- C:\Users\Lenn\AppData\Local\{13A46834-4454-4377-9064-6B6679FAD999}
2012-09-05 00:28:07 -------- d-----w- C:\Users\Lenn\AppData\Local\{E8A49033-E875-4BDD-A1FE-AB1987B8CE38}
2012-09-04 12:27:32 -------- d-----w- C:\Users\Lenn\AppData\Local\{4E4C9431-FC06-460A-BE10-9AF7B4829023}
2012-09-04 00:27:09 -------- d-----w- C:\Users\Lenn\AppData\Local\{27BE2B34-A34F-429F-BB85-7519C3C9B7E1}
2012-09-03 21:41:42 -------- d-----w- C:\Users\Lenn\AppData\Local\ElevatedDiagnostics
2012-09-03 21:27:05 -------- d-----w- C:\Users\Lenn\AppData\Local\{EBC6FD99-A77F-4B92-A94B-EDA886900154}
2012-09-02 23:37:51 -------- d-----w- C:\Users\Lenn\AppData\Local\{479DDC50-BDBC-4224-BC05-FCBFE3D050D7}
2012-09-02 11:37:16 -------- d-----w- C:\Users\Lenn\AppData\Local\{444DCA1A-36F3-4536-AE92-3A4E9E6D9CCD}
2012-09-01 23:36:37 -------- d-----w- C:\Users\Lenn\AppData\Local\{7EE78ECF-E081-48AF-B2FE-C67C34175B78}
2012-09-01 11:33:06 -------- d-----w- C:\Users\Lenn\AppData\Local\{02D3B01D-EF87-4D87-9A20-FFBC5EC9901F}
2012-08-31 23:32:31 -------- d-----w- C:\Users\Lenn\AppData\Local\{69205605-7CE2-4C6B-A3D6-793B0F22C699}
2012-08-31 11:32:07 -------- d-----w- C:\Users\Lenn\AppData\Local\{BA8747F5-7619-4CE7-88CB-87A1E337CB29}
2012-08-30 21:57:59 -------- d-----w- C:\Users\Lenn\AppData\Local\{057C2EFA-9176-4395-97A8-79211A4C1EE5}
2012-08-30 05:25:04 -------- d-----w- C:\Users\Lenn\AppData\Local\{708952C1-BD54-4CA6-8371-52A34B2B8B08}
2012-08-29 17:24:38 -------- d-----w- C:\Users\Lenn\AppData\Local\{7B709B33-AD3A-436B-8EB0-5F6D75291B83}
2012-08-28 20:36:45 -------- d-----w- C:\Users\Lenn\AppData\Local\{15A49562-9502-4B81-9210-6B1966BCD90F}
2012-08-27 23:01:22 -------- d-----w- C:\Users\Lenn\AppData\Local\{DF9A8459-E1F6-4E23-A2D7-0D04B9EC82BC}
2012-08-27 00:48:31 -------- d-----w- C:\Users\Lenn\AppData\Local\{1A235A89-B47D-44B5-BCC9-BBCA68990ACC}
2012-08-26 12:48:08 -------- d-----w- C:\Users\Lenn\AppData\Local\{6C842566-44C8-4CC7-A1A8-0C8B0C6AE9CC}
2012-08-25 22:20:36 -------- d-----w- C:\Users\Lenn\AppData\Local\{DFD2729B-20D1-48AE-A285-A884665A2414}
2012-08-25 10:20:12 -------- d-----w- C:\Users\Lenn\AppData\Local\{61C3CAF9-9ABA-4A2A-A1A9-80E1814D4F91}
2012-08-24 19:51:24 -------- d-----w- C:\Users\Lenn\AppData\Local\{064B64CC-E254-44E8-9519-D519A4F199A2}
2012-08-23 20:24:32 -------- d-----w- C:\Users\Lenn\AppData\Local\{37FD1604-F961-4D19-BFB3-2C6E960B1076}
2012-08-22 23:09:44 -------- d-----w- C:\Users\Lenn\AppData\Local\{D5A3B11D-9BEE-4A14-8065-B9EAD7936B18}
2012-08-22 11:09:19 -------- d-----w- C:\Users\Lenn\AppData\Local\{2F989BE3-96B5-472A-8CA2-9F9018F86269}
2012-08-21 20:30:54 -------- d-----w- C:\Users\Lenn\AppData\Local\{09D97020-CF10-46EE-9CDE-86AF9ECE284E}
2012-08-20 20:41:36 -------- d-----w- C:\Users\Lenn\AppData\Local\{18248254-B86B-43C1-ADE6-B1436B73B0D4}
2012-08-19 18:42:36 -------- d-----w- C:\Users\Lenn\AppData\Local\{CAECA3A3-FB2C-48CA-AC67-F6DCA2CB296B}
2012-08-19 01:39:16 -------- d-----w- C:\Users\Lenn\AppData\Local\{32EA0BA3-34EF-4B2F-9345-D02903B80BDD}
2012-08-18 13:33:46 -------- d-----w- C:\Users\Lenn\AppData\Local\{2019AA76-3ED7-4C0F-83CA-8BA0FC3F2A4D}
2012-08-18 13:33:35 -------- d-----w- C:\Users\Lenn\AppData\Local\{CD67ACAC-FAD6-4855-925A-9627E16EACF0}
2012-08-17 23:56:00 -------- d-----w- C:\Users\Lenn\AppData\Local\{790D0513-898A-4890-A111-8E2716643E13}
2012-08-17 23:55:49 -------- d-----w- C:\Users\Lenn\AppData\Local\{8B147CC2-95EC-48CB-9E99-232E285E7919}
2012-08-17 04:40:43 -------- d-----w- C:\Users\Lenn\AppData\Local\{F62CD546-F2DD-49B3-96A5-3C366A346B14}
2012-08-17 04:40:22 -------- d-----w- C:\Users\Lenn\AppData\Local\{E62D0155-A59E-4B62-852D-FE6004CC6ABB}
.
==================== Find3M ====================
.
2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 03:11:22 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 03:11:22 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-05 23:26:41 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
.
============= FINISH: 16:47:35.08 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 15 September 2012 - 09:10 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 emily m

emily m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 15 September 2012 - 10:32 PM

here

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Lenn [Admin rights]
Mode : Scan -- Date : 09/15/2012 20:29:44

Bad processes : 0

Registry Entries : 16
[RUN][BLACKLIST DLL] HKCU\[...]\Run : Darksiders (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W) -> FOUND
[RUN][BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Darksiders (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Chromium (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Chromium\qmgwvku.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Adobe (rundll32.exe "C:\Users\Lenn\AppData\Local\assembly\Adobe\osqxp.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Darksiders (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Chromium (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Chromium\qmgwvku.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Adobe (rundll32.exe "C:\Users\Lenn\AppData\Local\assembly\Adobe\osqxp.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Darksiders (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-21-1591494213-445130405-732833371-1002[...]\Run : Darksiders (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Darksiders (rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Darksiders\puozlkmyj.dll",winampGetInModule2W) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

Infection :

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 9125803a6fe090456d195db315c09c29
[BSP] 94df5162b901c62252896957cf6445a9 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 21732 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 44589056 | Size: 283472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
# AdwCleaner v2.001 - Logfile created 09/15/2012 at 20:25:57
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Lenn - LENN-PC
# Boot Mode : Normal
# Running from : C:\Users\Lenn\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\a7k73axp.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1060 octets] - [15/09/2012 20:25:57]

########## EOF - C:\AdwCleaner[S1].txt - [1120 octets] ##########
Results of screen317's Security Check version 0.99.50
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.3.300.265 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 15 September 2012 - 10:56 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 emily m

emily m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 16 September 2012 - 12:48 AM

not to be a pest, but is there any alternative to combofix? last time i was recommended to use it, it absolutely destroyed my computer, and i had to reinstall windows 7 just to get it to work again.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 16 September 2012 - 07:31 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 emily m

emily m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 16 September 2012 - 09:01 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03
Ran by SYSTEM at 16-09-2012 06:45:49
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [] [x]
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1362544 2010-08-13] ()
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKU\Lenn\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Chromium] rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Chromium\qmgwvku.dll",CreateInstance [x]
HKU\UpdatusUser\...\Run: [Adobe] rundll32.exe "C:\Users\Lenn\AppData\Local\assembly\Adobe\osqxp.dll",CreateInstance [x]
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe" [339168 2010-08-11] ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Lsa: [Notification Packages] scecli FAPassSync

==================== Services (Whitelisted) ===================

2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) =====================

0 johci; C:\Windows\System32\Drivers\johci.sys [24176 2010-04-16] (JMicron Technology Corp.)
3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-15 22:25 - 2012-09-15 22:26 - 00001189 ____A C:\AdwCleaner[S1].txt
2012-09-15 18:47 - 2012-09-15 18:48 - 00302592 ____A C:\Users\Lenn\Downloads\n3qzd32o.exe
2012-09-15 15:30 - 2012-09-15 15:30 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{37FF920D-BA9D-4F9E-BB99-171C786E724B}
2012-09-15 15:30 - 2012-09-15 15:30 - 00000000 ____D C:\Users\Lenn\Local Settings\{37FF920D-BA9D-4F9E-BB99-171C786E724B}
2012-09-15 15:30 - 2012-09-15 15:30 - 00000000 ____D C:\Users\Lenn\AppData\Local\{37FF920D-BA9D-4F9E-BB99-171C786E724B}
2012-09-15 02:20 - 2012-09-16 08:42 - 00001130 ____A C:\Windows\setupact.log
2012-09-15 02:20 - 2012-09-16 01:23 - 00002266 ____A C:\Windows\PFRO.log
2012-09-15 02:20 - 2012-09-15 02:20 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 01:20 - 2012-09-15 01:20 - 00229441 ____A C:\Users\Lenn\Downloads\nvidiaInspector.zip
2012-09-15 01:20 - 2012-09-15 01:20 - 00000000 ____D C:\Users\Lenn\Downloads\nvidiaInspector
2012-09-15 01:14 - 2011-12-20 12:15 - 01572672 ____A (Gamania Inc.) C:\Users\Lenn\My Documents\_BFUninstall.exe
2012-09-15 01:14 - 2011-12-20 12:15 - 01572672 ____A (Gamania Inc.) C:\Users\Lenn\Documents\_BFUninstall.exe
2012-09-15 01:02 - 2012-09-15 01:02 - 00000000 ____D C:\Program Files\Defraggler
2012-09-14 15:45 - 2012-09-14 15:45 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{F88A37B0-F173-4044-B30E-10E1F690C6F9}
2012-09-14 15:45 - 2012-09-14 15:45 - 00000000 ____D C:\Users\Lenn\Local Settings\{F88A37B0-F173-4044-B30E-10E1F690C6F9}
2012-09-14 15:45 - 2012-09-14 15:45 - 00000000 ____D C:\Users\Lenn\AppData\Local\{F88A37B0-F173-4044-B30E-10E1F690C6F9}
2012-09-14 02:25 - 2012-09-14 02:29 - 35559306 ____A C:\Users\Lenn\Downloads\starrandshannon.avi
2012-09-13 21:06 - 2012-09-13 21:07 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{025097C2-D0C0-43D4-9E39-DC9518B25C8B}
2012-09-13 21:06 - 2012-09-13 21:07 - 00000000 ____D C:\Users\Lenn\Local Settings\{025097C2-D0C0-43D4-9E39-DC9518B25C8B}
2012-09-13 21:06 - 2012-09-13 21:07 - 00000000 ____D C:\Users\Lenn\AppData\Local\{025097C2-D0C0-43D4-9E39-DC9518B25C8B}
2012-09-13 08:16 - 2012-09-13 08:16 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{9AA3CAFD-C83D-4890-9710-D6E3E516E87F}
2012-09-13 08:16 - 2012-09-13 08:16 - 00000000 ____D C:\Users\Lenn\Local Settings\{9AA3CAFD-C83D-4890-9710-D6E3E516E87F}
2012-09-13 08:16 - 2012-09-13 08:16 - 00000000 ____D C:\Users\Lenn\AppData\Local\{9AA3CAFD-C83D-4890-9710-D6E3E516E87F}
2012-09-12 14:51 - 2012-09-12 14:51 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{FFFD974A-E88F-43F6-AF6B-1B0666C848F0}
2012-09-12 14:51 - 2012-09-12 14:51 - 00000000 ____D C:\Users\Lenn\Local Settings\{FFFD974A-E88F-43F6-AF6B-1B0666C848F0}
2012-09-12 14:51 - 2012-09-12 14:51 - 00000000 ____D C:\Users\Lenn\AppData\Local\{FFFD974A-E88F-43F6-AF6B-1B0666C848F0}
2012-09-11 16:33 - 2012-09-11 16:33 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{D90907BC-9001-4D04-8AF5-F46FF7982851}
2012-09-11 16:33 - 2012-09-11 16:33 - 00000000 ____D C:\Users\Lenn\Local Settings\{D90907BC-9001-4D04-8AF5-F46FF7982851}
2012-09-11 16:33 - 2012-09-11 16:33 - 00000000 ____D C:\Users\Lenn\AppData\Local\{D90907BC-9001-4D04-8AF5-F46FF7982851}
2012-09-11 04:22 - 2012-09-11 04:22 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{F3E44B4A-84B9-4DC8-AC29-AB1302FBA00B}
2012-09-11 04:22 - 2012-09-11 04:22 - 00000000 ____D C:\Users\Lenn\Local Settings\{F3E44B4A-84B9-4DC8-AC29-AB1302FBA00B}
2012-09-11 04:22 - 2012-09-11 04:22 - 00000000 ____D C:\Users\Lenn\AppData\Local\{F3E44B4A-84B9-4DC8-AC29-AB1302FBA00B}
2012-09-10 18:53 - 2012-09-10 19:05 - 00065536 ____A C:\Users\Lenn\Downloads\Zelda - a Link to the Past.sav
2012-09-10 18:52 - 2012-09-10 18:52 - 03965190 ____A C:\Users\Lenn\Downloads\Zelda - a Link to the Past.zip
2012-09-10 18:52 - 2012-09-10 18:52 - 00000000 ____D C:\Users\Lenn\Downloads\VisualBoyAdvance-1.8.0-beta3
2012-09-10 18:50 - 2012-09-10 18:50 - 00659797 ____A C:\Users\Lenn\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2012-09-10 16:22 - 2012-09-10 16:22 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{6EA931FF-6DBC-40C9-810E-550F4A9789EF}
2012-09-10 16:22 - 2012-09-10 16:22 - 00000000 ____D C:\Users\Lenn\Local Settings\{6EA931FF-6DBC-40C9-810E-550F4A9789EF}
2012-09-10 16:22 - 2012-09-10 16:22 - 00000000 ____D C:\Users\Lenn\AppData\Local\{6EA931FF-6DBC-40C9-810E-550F4A9789EF}
2012-09-10 16:02 - 2012-09-10 16:02 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{DD14847E-E9FC-4F2E-AE64-6934C4DE1C6B}
2012-09-10 16:02 - 2012-09-10 16:02 - 00000000 ____D C:\Users\Lenn\Local Settings\{DD14847E-E9FC-4F2E-AE64-6934C4DE1C6B}
2012-09-10 16:02 - 2012-09-10 16:02 - 00000000 ____D C:\Users\Lenn\AppData\Local\{DD14847E-E9FC-4F2E-AE64-6934C4DE1C6B}
2012-09-10 15:16 - 2012-09-10 15:16 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{EFCFAC1B-BD22-4DC6-95C4-9DBE7557F40D}
2012-09-10 15:16 - 2012-09-10 15:16 - 00000000 ____D C:\Users\Lenn\Local Settings\{EFCFAC1B-BD22-4DC6-95C4-9DBE7557F40D}
2012-09-10 15:16 - 2012-09-10 15:16 - 00000000 ____D C:\Users\Lenn\AppData\Local\{EFCFAC1B-BD22-4DC6-95C4-9DBE7557F40D}
2012-09-10 10:23 - 2012-09-11 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-09 16:10 - 2012-09-09 16:10 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{52E24DC8-4504-4A37-89DC-5E956F223F33}
2012-09-09 16:10 - 2012-09-09 16:10 - 00000000 ____D C:\Users\Lenn\Local Settings\{52E24DC8-4504-4A37-89DC-5E956F223F33}
2012-09-09 16:10 - 2012-09-09 16:10 - 00000000 ____D C:\Users\Lenn\AppData\Local\{52E24DC8-4504-4A37-89DC-5E956F223F33}
2012-09-08 19:42 - 2012-09-08 19:42 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{C1467C6F-E6EC-47BE-A4DC-F9507115E6FD}
2012-09-08 19:42 - 2012-09-08 19:42 - 00000000 ____D C:\Users\Lenn\Local Settings\{C1467C6F-E6EC-47BE-A4DC-F9507115E6FD}
2012-09-08 19:42 - 2012-09-08 19:42 - 00000000 ____D C:\Users\Lenn\AppData\Local\{C1467C6F-E6EC-47BE-A4DC-F9507115E6FD}
2012-09-08 07:41 - 2012-09-08 07:41 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{F1A988FE-4B19-495F-AF2E-2CE4B7758C3D}
2012-09-08 07:41 - 2012-09-08 07:41 - 00000000 ____D C:\Users\Lenn\Local Settings\{F1A988FE-4B19-495F-AF2E-2CE4B7758C3D}
2012-09-08 07:41 - 2012-09-08 07:41 - 00000000 ____D C:\Users\Lenn\AppData\Local\{F1A988FE-4B19-495F-AF2E-2CE4B7758C3D}
2012-09-07 17:48 - 2012-09-07 17:48 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{D996CCEA-896C-4437-ABB6-4775D69B0D4D}
2012-09-07 17:48 - 2012-09-07 17:48 - 00000000 ____D C:\Users\Lenn\Local Settings\{D996CCEA-896C-4437-ABB6-4775D69B0D4D}
2012-09-07 17:48 - 2012-09-07 17:48 - 00000000 ____D C:\Users\Lenn\AppData\Local\{D996CCEA-896C-4437-ABB6-4775D69B0D4D}
2012-09-07 05:47 - 2012-09-07 05:47 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{BC3629A6-C3CB-459B-8CE1-D5FE5692DD1C}
2012-09-07 05:47 - 2012-09-07 05:47 - 00000000 ____D C:\Users\Lenn\Local Settings\{BC3629A6-C3CB-459B-8CE1-D5FE5692DD1C}
2012-09-07 05:47 - 2012-09-07 05:47 - 00000000 ____D C:\Users\Lenn\AppData\Local\{BC3629A6-C3CB-459B-8CE1-D5FE5692DD1C}
2012-09-06 13:01 - 2012-09-06 13:01 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{8EF2D7F8-F7B7-4478-868E-46B8EE6D5142}
2012-09-06 13:01 - 2012-09-06 13:01 - 00000000 ____D C:\Users\Lenn\Local Settings\{8EF2D7F8-F7B7-4478-868E-46B8EE6D5142}
2012-09-06 13:01 - 2012-09-06 13:01 - 00000000 ____D C:\Users\Lenn\AppData\Local\{8EF2D7F8-F7B7-4478-868E-46B8EE6D5142}
2012-09-05 19:29 - 2012-09-05 19:29 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{632CEB3F-823D-41CE-B0C1-3840D1BB2EB4}
2012-09-05 19:29 - 2012-09-05 19:29 - 00000000 ____D C:\Users\Lenn\Local Settings\{632CEB3F-823D-41CE-B0C1-3840D1BB2EB4}
2012-09-05 19:29 - 2012-09-05 19:29 - 00000000 ____D C:\Users\Lenn\AppData\Local\{632CEB3F-823D-41CE-B0C1-3840D1BB2EB4}
2012-09-05 07:28 - 2012-09-05 07:29 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{13A46834-4454-4377-9064-6B6679FAD999}
2012-09-05 07:28 - 2012-09-05 07:29 - 00000000 ____D C:\Users\Lenn\Local Settings\{13A46834-4454-4377-9064-6B6679FAD999}
2012-09-05 07:28 - 2012-09-05 07:29 - 00000000 ____D C:\Users\Lenn\AppData\Local\{13A46834-4454-4377-9064-6B6679FAD999}
2012-09-04 19:28 - 2012-09-04 19:28 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{E8A49033-E875-4BDD-A1FE-AB1987B8CE38}
2012-09-04 19:28 - 2012-09-04 19:28 - 00000000 ____D C:\Users\Lenn\Local Settings\{E8A49033-E875-4BDD-A1FE-AB1987B8CE38}
2012-09-04 19:28 - 2012-09-04 19:28 - 00000000 ____D C:\Users\Lenn\AppData\Local\{E8A49033-E875-4BDD-A1FE-AB1987B8CE38}
2012-09-04 07:27 - 2012-09-04 07:27 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{4E4C9431-FC06-460A-BE10-9AF7B4829023}
2012-09-04 07:27 - 2012-09-04 07:27 - 00000000 ____D C:\Users\Lenn\Local Settings\{4E4C9431-FC06-460A-BE10-9AF7B4829023}
2012-09-04 07:27 - 2012-09-04 07:27 - 00000000 ____D C:\Users\Lenn\AppData\Local\{4E4C9431-FC06-460A-BE10-9AF7B4829023}
2012-09-03 19:27 - 2012-09-03 19:27 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{27BE2B34-A34F-429F-BB85-7519C3C9B7E1}
2012-09-03 19:27 - 2012-09-03 19:27 - 00000000 ____D C:\Users\Lenn\Local Settings\{27BE2B34-A34F-429F-BB85-7519C3C9B7E1}
2012-09-03 19:27 - 2012-09-03 19:27 - 00000000 ____D C:\Users\Lenn\AppData\Local\{27BE2B34-A34F-429F-BB85-7519C3C9B7E1}
2012-09-03 16:27 - 2012-09-03 16:27 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{EBC6FD99-A77F-4B92-A94B-EDA886900154}
2012-09-03 16:27 - 2012-09-03 16:27 - 00000000 ____D C:\Users\Lenn\Local Settings\{EBC6FD99-A77F-4B92-A94B-EDA886900154}
2012-09-03 16:27 - 2012-09-03 16:27 - 00000000 ____D C:\Users\Lenn\AppData\Local\{EBC6FD99-A77F-4B92-A94B-EDA886900154}
2012-09-02 18:37 - 2012-09-02 18:38 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{479DDC50-BDBC-4224-BC05-FCBFE3D050D7}
2012-09-02 18:37 - 2012-09-02 18:38 - 00000000 ____D C:\Users\Lenn\Local Settings\{479DDC50-BDBC-4224-BC05-FCBFE3D050D7}
2012-09-02 18:37 - 2012-09-02 18:38 - 00000000 ____D C:\Users\Lenn\AppData\Local\{479DDC50-BDBC-4224-BC05-FCBFE3D050D7}
2012-09-02 06:37 - 2012-09-02 06:37 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{444DCA1A-36F3-4536-AE92-3A4E9E6D9CCD}
2012-09-02 06:37 - 2012-09-02 06:37 - 00000000 ____D C:\Users\Lenn\Local Settings\{444DCA1A-36F3-4536-AE92-3A4E9E6D9CCD}
2012-09-02 06:37 - 2012-09-02 06:37 - 00000000 ____D C:\Users\Lenn\AppData\Local\{444DCA1A-36F3-4536-AE92-3A4E9E6D9CCD}
2012-09-01 18:36 - 2012-09-01 18:36 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{7EE78ECF-E081-48AF-B2FE-C67C34175B78}
2012-09-01 18:36 - 2012-09-01 18:36 - 00000000 ____D C:\Users\Lenn\Local Settings\{7EE78ECF-E081-48AF-B2FE-C67C34175B78}
2012-09-01 18:36 - 2012-09-01 18:36 - 00000000 ____D C:\Users\Lenn\AppData\Local\{7EE78ECF-E081-48AF-B2FE-C67C34175B78}
2012-09-01 06:33 - 2012-09-01 06:33 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{02D3B01D-EF87-4D87-9A20-FFBC5EC9901F}
2012-09-01 06:33 - 2012-09-01 06:33 - 00000000 ____D C:\Users\Lenn\Local Settings\{02D3B01D-EF87-4D87-9A20-FFBC5EC9901F}
2012-09-01 06:33 - 2012-09-01 06:33 - 00000000 ____D C:\Users\Lenn\AppData\Local\{02D3B01D-EF87-4D87-9A20-FFBC5EC9901F}
2012-08-31 18:32 - 2012-08-31 18:32 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{69205605-7CE2-4C6B-A3D6-793B0F22C699}
2012-08-31 18:32 - 2012-08-31 18:32 - 00000000 ____D C:\Users\Lenn\Local Settings\{69205605-7CE2-4C6B-A3D6-793B0F22C699}
2012-08-31 18:32 - 2012-08-31 18:32 - 00000000 ____D C:\Users\Lenn\AppData\Local\{69205605-7CE2-4C6B-A3D6-793B0F22C699}
2012-08-31 06:32 - 2012-08-31 06:32 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{BA8747F5-7619-4CE7-88CB-87A1E337CB29}
2012-08-31 06:32 - 2012-08-31 06:32 - 00000000 ____D C:\Users\Lenn\Local Settings\{BA8747F5-7619-4CE7-88CB-87A1E337CB29}
2012-08-31 06:32 - 2012-08-31 06:32 - 00000000 ____D C:\Users\Lenn\AppData\Local\{BA8747F5-7619-4CE7-88CB-87A1E337CB29}
2012-08-30 16:57 - 2012-08-30 16:58 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{057C2EFA-9176-4395-97A8-79211A4C1EE5}
2012-08-30 16:57 - 2012-08-30 16:58 - 00000000 ____D C:\Users\Lenn\Local Settings\{057C2EFA-9176-4395-97A8-79211A4C1EE5}
2012-08-30 16:57 - 2012-08-30 16:58 - 00000000 ____D C:\Users\Lenn\AppData\Local\{057C2EFA-9176-4395-97A8-79211A4C1EE5}
2012-08-30 00:25 - 2012-08-30 00:25 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{708952C1-BD54-4CA6-8371-52A34B2B8B08}
2012-08-30 00:25 - 2012-08-30 00:25 - 00000000 ____D C:\Users\Lenn\Local Settings\{708952C1-BD54-4CA6-8371-52A34B2B8B08}
2012-08-30 00:25 - 2012-08-30 00:25 - 00000000 ____D C:\Users\Lenn\AppData\Local\{708952C1-BD54-4CA6-8371-52A34B2B8B08}
2012-08-29 12:24 - 2012-08-29 12:24 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{7B709B33-AD3A-436B-8EB0-5F6D75291B83}
2012-08-29 12:24 - 2012-08-29 12:24 - 00000000 ____D C:\Users\Lenn\Local Settings\{7B709B33-AD3A-436B-8EB0-5F6D75291B83}
2012-08-29 12:24 - 2012-08-29 12:24 - 00000000 ____D C:\Users\Lenn\AppData\Local\{7B709B33-AD3A-436B-8EB0-5F6D75291B83}
2012-08-28 15:36 - 2012-08-28 15:36 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{15A49562-9502-4B81-9210-6B1966BCD90F}
2012-08-28 15:36 - 2012-08-28 15:36 - 00000000 ____D C:\Users\Lenn\Local Settings\{15A49562-9502-4B81-9210-6B1966BCD90F}
2012-08-28 15:36 - 2012-08-28 15:36 - 00000000 ____D C:\Users\Lenn\AppData\Local\{15A49562-9502-4B81-9210-6B1966BCD90F}
2012-08-27 18:01 - 2012-08-27 18:01 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{DF9A8459-E1F6-4E23-A2D7-0D04B9EC82BC}
2012-08-27 18:01 - 2012-08-27 18:01 - 00000000 ____D C:\Users\Lenn\Local Settings\{DF9A8459-E1F6-4E23-A2D7-0D04B9EC82BC}
2012-08-27 18:01 - 2012-08-27 18:01 - 00000000 ____D C:\Users\Lenn\AppData\Local\{DF9A8459-E1F6-4E23-A2D7-0D04B9EC82BC}
2012-08-27 04:33 - 2012-08-27 04:33 - 00000000 ____D C:\Users\Lenn\Downloads\Full_Fansite_Kit
2012-08-26 19:48 - 2012-08-26 19:48 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{1A235A89-B47D-44B5-BCC9-BBCA68990ACC}
2012-08-26 19:48 - 2012-08-26 19:48 - 00000000 ____D C:\Users\Lenn\Local Settings\{1A235A89-B47D-44B5-BCC9-BBCA68990ACC}
2012-08-26 19:48 - 2012-08-26 19:48 - 00000000 ____D C:\Users\Lenn\AppData\Local\{1A235A89-B47D-44B5-BCC9-BBCA68990ACC}
2012-08-26 07:48 - 2012-08-26 07:48 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{6C842566-44C8-4CC7-A1A8-0C8B0C6AE9CC}
2012-08-26 07:48 - 2012-08-26 07:48 - 00000000 ____D C:\Users\Lenn\Local Settings\{6C842566-44C8-4CC7-A1A8-0C8B0C6AE9CC}
2012-08-26 07:48 - 2012-08-26 07:48 - 00000000 ____D C:\Users\Lenn\AppData\Local\{6C842566-44C8-4CC7-A1A8-0C8B0C6AE9CC}
2012-08-25 17:20 - 2012-08-25 17:20 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{DFD2729B-20D1-48AE-A285-A884665A2414}
2012-08-25 17:20 - 2012-08-25 17:20 - 00000000 ____D C:\Users\Lenn\Local Settings\{DFD2729B-20D1-48AE-A285-A884665A2414}
2012-08-25 17:20 - 2012-08-25 17:20 - 00000000 ____D C:\Users\Lenn\AppData\Local\{DFD2729B-20D1-48AE-A285-A884665A2414}
2012-08-25 05:20 - 2012-08-25 05:20 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{61C3CAF9-9ABA-4A2A-A1A9-80E1814D4F91}
2012-08-25 05:20 - 2012-08-25 05:20 - 00000000 ____D C:\Users\Lenn\Local Settings\{61C3CAF9-9ABA-4A2A-A1A9-80E1814D4F91}
2012-08-25 05:20 - 2012-08-25 05:20 - 00000000 ____D C:\Users\Lenn\AppData\Local\{61C3CAF9-9ABA-4A2A-A1A9-80E1814D4F91}
2012-08-24 14:51 - 2012-08-24 14:51 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{064B64CC-E254-44E8-9519-D519A4F199A2}
2012-08-24 14:51 - 2012-08-24 14:51 - 00000000 ____D C:\Users\Lenn\Local Settings\{064B64CC-E254-44E8-9519-D519A4F199A2}
2012-08-24 14:51 - 2012-08-24 14:51 - 00000000 ____D C:\Users\Lenn\AppData\Local\{064B64CC-E254-44E8-9519-D519A4F199A2}
2012-08-23 15:24 - 2012-08-23 15:24 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{37FD1604-F961-4D19-BFB3-2C6E960B1076}
2012-08-23 15:24 - 2012-08-23 15:24 - 00000000 ____D C:\Users\Lenn\Local Settings\{37FD1604-F961-4D19-BFB3-2C6E960B1076}
2012-08-23 15:24 - 2012-08-23 15:24 - 00000000 ____D C:\Users\Lenn\AppData\Local\{37FD1604-F961-4D19-BFB3-2C6E960B1076}
2012-08-22 18:09 - 2012-08-22 18:10 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{D5A3B11D-9BEE-4A14-8065-B9EAD7936B18}
2012-08-22 18:09 - 2012-08-22 18:10 - 00000000 ____D C:\Users\Lenn\Local Settings\{D5A3B11D-9BEE-4A14-8065-B9EAD7936B18}
2012-08-22 18:09 - 2012-08-22 18:10 - 00000000 ____D C:\Users\Lenn\AppData\Local\{D5A3B11D-9BEE-4A14-8065-B9EAD7936B18}
2012-08-22 06:09 - 2012-08-22 06:09 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{2F989BE3-96B5-472A-8CA2-9F9018F86269}
2012-08-22 06:09 - 2012-08-22 06:09 - 00000000 ____D C:\Users\Lenn\Local Settings\{2F989BE3-96B5-472A-8CA2-9F9018F86269}
2012-08-22 06:09 - 2012-08-22 06:09 - 00000000 ____D C:\Users\Lenn\AppData\Local\{2F989BE3-96B5-472A-8CA2-9F9018F86269}
2012-08-21 15:30 - 2012-08-21 15:31 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{09D97020-CF10-46EE-9CDE-86AF9ECE284E}
2012-08-21 15:30 - 2012-08-21 15:31 - 00000000 ____D C:\Users\Lenn\Local Settings\{09D97020-CF10-46EE-9CDE-86AF9ECE284E}
2012-08-21 15:30 - 2012-08-21 15:31 - 00000000 ____D C:\Users\Lenn\AppData\Local\{09D97020-CF10-46EE-9CDE-86AF9ECE284E}
2012-08-20 15:41 - 2012-08-20 15:41 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{18248254-B86B-43C1-ADE6-B1436B73B0D4}
2012-08-20 15:41 - 2012-08-20 15:41 - 00000000 ____D C:\Users\Lenn\Local Settings\{18248254-B86B-43C1-ADE6-B1436B73B0D4}
2012-08-20 15:41 - 2012-08-20 15:41 - 00000000 ____D C:\Users\Lenn\AppData\Local\{18248254-B86B-43C1-ADE6-B1436B73B0D4}
2012-08-19 13:42 - 2012-08-19 13:42 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{CAECA3A3-FB2C-48CA-AC67-F6DCA2CB296B}
2012-08-19 13:42 - 2012-08-19 13:42 - 00000000 ____D C:\Users\Lenn\Local Settings\{CAECA3A3-FB2C-48CA-AC67-F6DCA2CB296B}
2012-08-19 13:42 - 2012-08-19 13:42 - 00000000 ____D C:\Users\Lenn\AppData\Local\{CAECA3A3-FB2C-48CA-AC67-F6DCA2CB296B}
2012-08-18 22:35 - 2012-08-18 22:35 - 00509923 ____A C:\Users\Lenn\Downloads\IMG_0843.MOV
2012-08-18 20:39 - 2012-08-18 20:39 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{32EA0BA3-34EF-4B2F-9345-D02903B80BDD}
2012-08-18 20:39 - 2012-08-18 20:39 - 00000000 ____D C:\Users\Lenn\Local Settings\{32EA0BA3-34EF-4B2F-9345-D02903B80BDD}
2012-08-18 20:39 - 2012-08-18 20:39 - 00000000 ____D C:\Users\Lenn\AppData\Local\{32EA0BA3-34EF-4B2F-9345-D02903B80BDD}
2012-08-18 08:33 - 2012-08-18 08:33 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{CD67ACAC-FAD6-4855-925A-9627E16EACF0}
2012-08-18 08:33 - 2012-08-18 08:33 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{2019AA76-3ED7-4C0F-83CA-8BA0FC3F2A4D}
2012-08-18 08:33 - 2012-08-18 08:33 - 00000000 ____D C:\Users\Lenn\Local Settings\{CD67ACAC-FAD6-4855-925A-9627E16EACF0}
2012-08-18 08:33 - 2012-08-18 08:33 - 00000000 ____D C:\Users\Lenn\Local Settings\{2019AA76-3ED7-4C0F-83CA-8BA0FC3F2A4D}
2012-08-18 08:33 - 2012-08-18 08:33 - 00000000 ____D C:\Users\Lenn\AppData\Local\{CD67ACAC-FAD6-4855-925A-9627E16EACF0}
2012-08-18 08:33 - 2012-08-18 08:33 - 00000000 ____D C:\Users\Lenn\AppData\Local\{2019AA76-3ED7-4C0F-83CA-8BA0FC3F2A4D}
2012-08-17 18:56 - 2012-08-17 18:56 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{790D0513-898A-4890-A111-8E2716643E13}
2012-08-17 18:56 - 2012-08-17 18:56 - 00000000 ____D C:\Users\Lenn\Local Settings\{790D0513-898A-4890-A111-8E2716643E13}
2012-08-17 18:56 - 2012-08-17 18:56 - 00000000 ____D C:\Users\Lenn\AppData\Local\{790D0513-898A-4890-A111-8E2716643E13}
2012-08-17 18:55 - 2012-08-17 18:55 - 00000000 ____D C:\Users\Lenn\Local Settings\Application Data\{8B147CC2-95EC-48CB-9E99-232E285E7919}
2012-08-17 18:55 - 2012-08-17 18:55 - 00000000 ____D C:\Users\Lenn\Local Settings\{8B147CC2-95EC-48CB-9E99-232E285E7919}
2012-08-17 18:55 - 2012-08-17 18:55 - 00000000 ____D C:\Users\Lenn\AppData\Local\{8B147CC2-95EC-48CB-9E99-232E285E7919}


==================== 3 Months Modified Files ==================

2012-09-16 08:42 - 2012-09-15 02:20 - 00001130 ____A C:\Windows\setupact.log
2012-09-16 08:42 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-16 08:40 - 2009-07-14 00:10 - 01845438 ____A C:\Windows\WindowsUpdate.log
2012-09-16 08:39 - 2009-07-14 00:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-16 01:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-16 01:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-16 01:23 - 2012-09-15 02:20 - 00002266 ____A C:\Windows\PFRO.log
2012-09-15 22:26 - 2012-09-15 22:25 - 00001189 ____A C:\AdwCleaner[S1].txt
2012-09-15 18:48 - 2012-09-15 18:47 - 00302592 ____A C:\Users\Lenn\Downloads\n3qzd32o.exe
2012-09-15 02:20 - 2012-09-15 02:20 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 01:20 - 2012-09-15 01:20 - 00229441 ____A C:\Users\Lenn\Downloads\nvidiaInspector.zip
2012-09-14 03:54 - 2012-07-22 23:43 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 03:54 - 2012-07-22 23:43 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 02:29 - 2012-09-14 02:25 - 35559306 ____A C:\Users\Lenn\Downloads\starrandshannon.avi
2012-09-10 19:05 - 2012-09-10 18:53 - 00065536 ____A C:\Users\Lenn\Downloads\Zelda - a Link to the Past.sav
2012-09-10 18:52 - 2012-09-10 18:52 - 03965190 ____A C:\Users\Lenn\Downloads\Zelda - a Link to the Past.zip
2012-09-10 18:50 - 2012-09-10 18:50 - 00659797 ____A C:\Users\Lenn\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2012-09-07 19:04 - 2012-07-22 23:43 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 06:11 - 2009-07-14 00:08 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-23 22:11 - 2012-07-20 13:35 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-23 22:11 - 2012-07-20 13:35 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-18 22:35 - 2012-08-18 22:35 - 00509923 ____A C:\Users\Lenn\Downloads\IMG_0843.MOV
2012-08-13 19:21 - 2012-08-13 19:21 - 00002398 ____A C:\1.xml
2012-08-13 18:54 - 2012-08-13 18:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-08-11 06:37 - 2012-08-11 06:37 - 00001169 ____A C:\Users\Lenn\Desktop\Diablo III.lnk
2012-08-10 17:52 - 2012-08-10 17:52 - 04359432 ____A (IObit ) C:\Users\Lenn\Downloads\gamebooster.exe
2012-08-10 17:52 - 2012-08-10 17:52 - 00001144 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
2012-08-10 17:52 - 2012-08-10 17:52 - 00001144 ____A C:\Users\All Users\Desktop\Switch to Gaming Mode.lnk
2012-08-10 17:52 - 2012-08-10 17:52 - 00001132 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
2012-08-10 17:52 - 2012-08-10 17:52 - 00001132 ____A C:\Users\All Users\Desktop\Game Booster 3.lnk
2012-08-07 23:39 - 2012-08-07 23:39 - 06523640 ____A (Macrovision Corporation) C:\Users\Lenn\Downloads\NCsoftLauncherSetup.exe
2012-08-07 05:01 - 2012-08-07 05:01 - 00000011 ____A C:\Users\Lenn\My Documents\edge knife sharpener.txt
2012-08-07 05:01 - 2012-08-07 05:01 - 00000011 ____A C:\Users\Lenn\Documents\edge knife sharpener.txt
2012-08-05 20:09 - 2012-08-05 20:09 - 00001176 ____A C:\Users\UpdatusUser\Desktop\Perfect World International.lnk
2012-08-05 18:26 - 2012-08-05 19:48 - 00258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-07-29 19:29 - 2012-07-19 10:41 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-29 19:29 - 2012-07-19 10:41 - 00000868 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-07-29 19:29 - 2011-06-27 12:25 - 00001887 ____A C:\Users\Public\Desktop\Alienware Command Center.lnk
2012-07-29 19:29 - 2011-06-27 12:25 - 00001887 ____A C:\Users\All Users\Desktop\Alienware Command Center.lnk
2012-07-27 15:57 - 2012-07-27 15:57 - 00001092 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-27 15:57 - 2012-07-27 15:57 - 00001092 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-07-23 23:48 - 2012-07-23 23:48 - 00004096 ____A C:\Windows\d3dx.dat
2012-07-23 22:23 - 2012-07-23 22:23 - 00000221 ____A C:\Users\Lenn\Desktop\FINAL FANTASY XI Ultimate Collection - Abyssea Edition.url
2012-07-23 22:23 - 2011-06-27 12:40 - 00000951 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-23 22:23 - 2011-06-27 12:40 - 00000951 ____A C:\Users\All Users\Desktop\Steam.lnk
2012-07-22 23:49 - 2012-07-22 23:49 - 00245324 ____A C:\Users\Lenn\Downloads\gpupeopsopengl178.zip
2012-07-22 23:39 - 2012-07-22 23:39 - 00529265 ____A C:\Users\Lenn\Downloads\epsxe170.zip
2012-07-22 23:14 - 2012-07-22 23:14 - 00024150 ____A C:\Users\Lenn\Downloads\ecm100.zip
2012-07-22 13:51 - 2012-07-22 13:51 - 00001718 ____A C:\Users\Lenn\Desktop\FFXIVWindower launcher - Shortcut.lnk
2012-07-22 00:50 - 2012-07-22 00:50 - 00450446 ____A C:\Users\Lenn\Downloads\FFEVO FFXIV Windower Installer.rar
2012-07-21 10:51 - 2012-07-21 10:51 - 00000126 ____A C:\Users\Lenn\My Documents\dsdfd.txt
2012-07-21 10:51 - 2012-07-21 10:51 - 00000126 ____A C:\Users\Lenn\Documents\dsdfd.txt
2012-07-21 08:33 - 2009-07-13 23:45 - 00275080 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-21 01:12 - 2012-07-21 01:12 - 00749599 ____A C:\Users\Lenn\Downloads\JoyToKey_en.zip
2012-07-21 01:12 - 2012-07-21 01:12 - 00463080 ____A (CNET Download.com) C:\Users\Lenn\Downloads\cnet2_JoyToKey_en_zip.exe
2012-07-20 13:25 - 2012-07-20 13:25 - 01300920 ____A C:\Users\Lenn\Downloads\Mega Man X 3.zip
2012-07-20 13:22 - 2012-07-20 13:22 - 00867785 ____A C:\Users\Lenn\Downloads\zsnesw151.zip
2012-07-20 13:20 - 2012-07-20 13:20 - 00140408 ____A C:\Users\Lenn\Downloads\Landstalker - The Treasures of King Nole (U) [!].gs0
2012-07-20 13:20 - 2012-07-20 13:20 - 00002470 ____A C:\Users\Lenn\Downloads\Gens.cfg
2012-07-20 13:20 - 2012-07-20 13:20 - 00000064 ____A C:\Users\Lenn\Downloads\Landstalker - The Treasures of King Nole (U) [!].srm
2012-07-20 13:14 - 2012-07-20 13:14 - 00000040 ____A C:\Users\Lenn\Downloads\language.dat
2012-07-20 13:14 - 2012-07-20 13:13 - 01407661 ____A C:\Users\Lenn\Downloads\Landstalker - The Treasures of King Nole (U) [!].zip
2012-07-20 13:13 - 2012-07-20 13:13 - 00586839 ____A C:\Users\Lenn\Downloads\gens-win32-bin-2.14.zip
2012-07-20 12:36 - 2012-07-20 12:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-20 12:36 - 2012-07-20 12:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-20 12:32 - 2012-07-20 12:32 - 04117346 ____A C:\Users\Lenn\Downloads\MotioninJoy_071001_signed.zip
2012-07-20 11:38 - 2012-07-20 11:38 - 00001015 ____A C:\Users\Public\Desktop\GameStop App.lnk
2012-07-20 11:38 - 2012-07-20 11:38 - 00001015 ____A C:\Users\All Users\Desktop\GameStop App.lnk
2012-07-19 15:42 - 2012-07-19 15:42 - 00001027 ____A C:\Users\Lenn\Desktop\lol.launcher.admin - Shortcut.lnk
2012-07-19 11:59 - 2012-07-19 11:59 - 00001039 ____A C:\Users\Public\Desktop\ManyCam.lnk
2012-07-19 11:59 - 2012-07-19 11:59 - 00001039 ____A C:\Users\All Users\Desktop\ManyCam.lnk
2012-07-19 11:06 - 2012-07-19 09:03 - 00000058 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-07-19 09:11 - 2012-07-19 09:11 - 00001662 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2012-07-19 09:11 - 2012-07-19 09:11 - 00001662 ____A C:\Users\All Users\Desktop\TERA-Launcher.lnk
2012-07-19 09:03 - 2012-07-19 09:03 - 00057952 ____A C:\Users\Lenn\Local Settings\GDIPFONTCACHEV1.DAT
2012-07-19 09:03 - 2012-07-19 09:03 - 00057952 ____A C:\Users\Lenn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-19 09:03 - 2012-07-19 09:03 - 00057952 ____A C:\Users\Lenn\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-19 09:03 - 2012-07-19 09:03 - 00001057 ____A C:\Windows\System32\SENT.log
2012-07-19 09:03 - 2012-07-19 09:03 - 00000654 ____A C:\Windows\System32\RECV.log
2012-07-19 09:03 - 2012-07-19 09:00 - 00011185 ____A C:\Windows\System32\TEST.log
2012-07-19 08:59 - 2012-07-19 08:59 - 00000020 ___SH C:\Users\Lenn\ntuser.ini


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-24 01:05:27
Restore point made on: 2012-09-02 21:18:41
Restore point made on: 2012-09-15 01:08:20
Restore point made on: 2012-09-15 01:16:01

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3893.86 MB
Available physical RAM: 3322.93 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3316.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:276.83 GB) (Free:152.2 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.22 GB) (Free:12.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:7.21 GB) (Free:0 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7385 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 21 GB 40 MB
Partition 3 Primary 276 GB 21 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 D RECOVERY NTFS Partition 21 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 276 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7385 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-09-08 19:28

==================== End Of Log =============================
Farbar Recovery Scan Tool (x64) Version: 15-09-2012 03
Ran by SYSTEM at 2012-09-16 06:53:06
Running from E:\

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\WINDOWS\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 16 September 2012 - 09:31 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


HKU\UpdatusUser\...\Run: [Chromium] rundll32.exe "C:\Users\Lenn\AppData\Local\Macromedia\Chromium\qmgwvku.dll",CreateInstance [x]
HKU\UpdatusUser\...\Run: [Adobe] rundll32.exe "C:\Users\Lenn\AppData\Local\assembly\Adobe\osqxp.dll",CreateInstance [x]
C:\Users\Lenn\AppData\Local\Macromedia\Chromium\qmgwvku.dll
C:\Users\Lenn\AppData\Local\assembly\Adobe\osqxp.dll


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 emily m

emily m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 16 September 2012 - 03:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-09-2012 03
Ran by SYSTEM at 2012-09-16 13:52:30 Run:1
Running from E:\

==============================================

HKEY_USERS\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium Value deleted successfully.
HKEY_USERS\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Value deleted successfully.
C:\Users\Lenn\AppData\Local\Macromedia\Chromium\qmgwvku.dll not found.
C:\Users\Lenn\AppData\Local\assembly\Adobe\osqxp.dll not found.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 16 September 2012 - 05:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 emily m

emily m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 16 September 2012 - 06:31 PM

16:05:35.0532 3752 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:05:36.0044 3752 ============================================================
16:05:36.0044 3752 Current date / time: 2012/09/16 16:05:36.0044
16:05:36.0044 3752 SystemInfo:
16:05:36.0044 3752
16:05:36.0044 3752 OS Version: 6.1.7600 ServicePack: 0.0
16:05:36.0044 3752 Product type: Workstation
16:05:36.0045 3752 ComputerName: LENN-PC
16:05:36.0045 3752 UserName: Lenn
16:05:36.0045 3752 Windows directory: C:\Windows
16:05:36.0045 3752 System windows directory: C:\Windows
16:05:36.0045 3752 Running under WOW64
16:05:36.0045 3752 Processor architecture: Intel x64
16:05:36.0045 3752 Number of processors: 4
16:05:36.0045 3752 Page size: 0x1000
16:05:36.0045 3752 Boot type: Normal boot
16:05:36.0045 3752 ============================================================
16:05:37.0229 3752 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:05:37.0282 3752 ============================================================
16:05:37.0282 3752 \Device\Harddisk0\DR0:
16:05:37.0282 3752 MBR partitions:
16:05:37.0282 3752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2A72000
16:05:37.0282 3752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2A86000, BlocksNum 0x229A8000
16:05:37.0282 3752 ============================================================
16:05:37.0324 3752 C: <-> \Device\Harddisk0\DR0\Partition2
16:05:37.0325 3752 ============================================================
16:05:37.0325 3752 Initialize success
16:05:37.0325 3752 ============================================================
16:06:24.0611 4704 ============================================================
16:06:24.0611 4704 Scan started
16:06:24.0611 4704 Mode: Manual;
16:06:24.0611 4704 ============================================================
16:06:28.0375 4704 ================ Scan system memory ========================
16:06:28.0375 4704 System memory - ok
16:06:28.0376 4704 ================ Scan services =============================
16:06:28.0950 4704 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:06:28.0958 4704 1394ohci - ok
16:06:28.0988 4704 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:06:28.0996 4704 ACPI - ok
16:06:29.0022 4704 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:06:29.0024 4704 AcpiPmi - ok
16:06:29.0053 4704 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:06:29.0063 4704 adp94xx - ok
16:06:29.0100 4704 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:06:29.0119 4704 adpahci - ok
16:06:29.0130 4704 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:06:29.0136 4704 adpu320 - ok
16:06:29.0172 4704 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:06:29.0174 4704 AeLookupSvc - ok
16:06:29.0220 4704 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:06:29.0224 4704 AERTFilters - ok
16:06:29.0272 4704 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
16:06:29.0283 4704 AFD - ok
16:06:29.0345 4704 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:06:29.0348 4704 agp440 - ok
16:06:29.0367 4704 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:06:29.0371 4704 ALG - ok
16:06:29.0420 4704 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
16:06:29.0424 4704 AlienFusionService - ok
16:06:29.0434 4704 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:06:29.0436 4704 aliide - ok
16:06:29.0445 4704 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:06:29.0447 4704 amdide - ok
16:06:29.0460 4704 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:06:29.0463 4704 AmdK8 - ok
16:06:29.0480 4704 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:06:29.0484 4704 AmdPPM - ok
16:06:29.0519 4704 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:06:29.0524 4704 amdsata - ok
16:06:29.0555 4704 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:06:29.0561 4704 amdsbs - ok
16:06:29.0583 4704 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:06:29.0587 4704 amdxata - ok
16:06:29.0612 4704 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:06:29.0615 4704 AppID - ok
16:06:29.0641 4704 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:06:29.0644 4704 AppIDSvc - ok
16:06:29.0666 4704 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
16:06:29.0670 4704 Appinfo - ok
16:06:29.0684 4704 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:06:29.0686 4704 arc - ok
16:06:29.0739 4704 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:06:29.0744 4704 arcsas - ok
16:06:29.0760 4704 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:06:29.0762 4704 AsyncMac - ok
16:06:29.0778 4704 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:06:29.0781 4704 atapi - ok
16:06:29.0807 4704 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:06:29.0833 4704 AudioEndpointBuilder - ok
16:06:29.0857 4704 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:06:29.0864 4704 AudioSrv - ok
16:06:29.0918 4704 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:06:29.0922 4704 AxInstSV - ok
16:06:29.0952 4704 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:06:29.0985 4704 b06bdrv - ok
16:06:30.0007 4704 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:06:30.0015 4704 b57nd60a - ok
16:06:30.0044 4704 [ 5C0F919666954885D7760DFFE4B29A25 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
16:06:30.0047 4704 BCM42RLY - ok
16:06:30.0143 4704 [ BAB887A2B2786310A966881F074F4A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:06:30.0224 4704 BCM43XX - ok
16:06:30.0270 4704 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:06:30.0274 4704 BDESVC - ok
16:06:30.0294 4704 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:06:30.0297 4704 Beep - ok
16:06:30.0344 4704 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
16:06:30.0370 4704 BFE - ok
16:06:30.0414 4704 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
16:06:30.0441 4704 BITS - ok
16:06:30.0465 4704 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:06:30.0468 4704 blbdrive - ok
16:06:30.0477 4704 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:06:30.0480 4704 bowser - ok
16:06:30.0512 4704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:06:30.0515 4704 BrFiltLo - ok
16:06:30.0522 4704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:06:30.0525 4704 BrFiltUp - ok
16:06:30.0559 4704 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
16:06:30.0564 4704 Browser - ok
16:06:30.0589 4704 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:06:30.0596 4704 Brserid - ok
16:06:30.0604 4704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:06:30.0607 4704 BrSerWdm - ok
16:06:30.0619 4704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:06:30.0621 4704 BrUsbMdm - ok
16:06:30.0632 4704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:06:30.0636 4704 BrUsbSer - ok
16:06:30.0644 4704 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:06:30.0647 4704 BTHMODEM - ok
16:06:30.0689 4704 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:06:30.0695 4704 bthserv - ok
16:06:30.0742 4704 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:06:30.0746 4704 cdfs - ok
16:06:30.0766 4704 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:06:30.0771 4704 cdrom - ok
16:06:30.0796 4704 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
16:06:30.0800 4704 CertPropSvc - ok
16:06:30.0821 4704 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:06:30.0824 4704 circlass - ok
16:06:30.0849 4704 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:06:30.0875 4704 CLFS - ok
16:06:30.0987 4704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:06:31.0001 4704 clr_optimization_v2.0.50727_32 - ok
16:06:31.0123 4704 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:06:31.0132 4704 clr_optimization_v2.0.50727_64 - ok
16:06:31.0262 4704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:06:31.0493 4704 clr_optimization_v4.0.30319_32 - ok
16:06:31.0536 4704 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:06:31.0541 4704 clr_optimization_v4.0.30319_64 - ok
16:06:31.0568 4704 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:06:31.0571 4704 CmBatt - ok
16:06:31.0590 4704 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:06:31.0593 4704 cmdide - ok
16:06:31.0625 4704 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
16:06:31.0636 4704 CNG - ok
16:06:31.0652 4704 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:06:31.0655 4704 Compbatt - ok
16:06:31.0671 4704 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:06:31.0673 4704 CompositeBus - ok
16:06:31.0683 4704 COMSysApp - ok
16:06:31.0709 4704 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:06:31.0712 4704 crcdisk - ok
16:06:31.0749 4704 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:06:31.0754 4704 CryptSvc - ok
16:06:31.0778 4704 CtClsFlt - ok
16:06:31.0821 4704 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:06:31.0842 4704 DcomLaunch - ok
16:06:31.0876 4704 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:06:31.0884 4704 defragsvc - ok
16:06:31.0915 4704 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:06:31.0919 4704 DfsC - ok
16:06:31.0946 4704 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
16:06:31.0954 4704 Dhcp - ok
16:06:31.0982 4704 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:06:31.0985 4704 discache - ok
16:06:31.0995 4704 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:06:31.0998 4704 Disk - ok
16:06:32.0026 4704 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:06:32.0032 4704 Dnscache - ok
16:06:32.0052 4704 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
16:06:32.0060 4704 dot3svc - ok
16:06:32.0080 4704 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
16:06:32.0085 4704 DPS - ok
16:06:32.0105 4704 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:06:32.0108 4704 drmkaud - ok
16:06:32.0151 4704 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:06:32.0179 4704 DXGKrnl - ok
16:06:32.0205 4704 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:06:32.0210 4704 EapHost - ok
16:06:32.0300 4704 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:06:32.0477 4704 ebdrv - ok
16:06:32.0504 4704 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
16:06:32.0509 4704 EFS - ok
16:06:32.0565 4704 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:06:32.0591 4704 ehRecvr - ok
16:06:32.0605 4704 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:06:32.0610 4704 ehSched - ok
16:06:32.0652 4704 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:06:32.0702 4704 elxstor - ok
16:06:32.0739 4704 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS
16:06:32.0742 4704 EMSC - ok
16:06:32.0750 4704 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:06:32.0751 4704 ErrDev - ok
16:06:32.0806 4704 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:06:32.0823 4704 EventSystem - ok
16:06:32.0844 4704 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:06:32.0850 4704 exfat - ok
16:06:32.0897 4704 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
16:06:32.0904 4704 FACAP - ok
16:06:32.0994 4704 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
16:06:33.0078 4704 FAService - ok
16:06:33.0108 4704 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:06:33.0114 4704 fastfat - ok
16:06:33.0157 4704 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
16:06:33.0183 4704 Fax - ok
16:06:33.0211 4704 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:06:33.0213 4704 fdc - ok
16:06:33.0245 4704 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:06:33.0248 4704 fdPHost - ok
16:06:33.0259 4704 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:06:33.0264 4704 FDResPub - ok
16:06:33.0276 4704 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:06:33.0279 4704 FileInfo - ok
16:06:33.0311 4704 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:06:33.0314 4704 Filetrace - ok
16:06:33.0322 4704 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:06:33.0325 4704 flpydisk - ok
16:06:33.0338 4704 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:06:33.0368 4704 FltMgr - ok
16:06:33.0454 4704 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
16:06:33.0489 4704 FontCache - ok
16:06:33.0538 4704 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:06:33.0545 4704 FontCache3.0.0.0 - ok
16:06:33.0568 4704 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:06:33.0577 4704 FsDepends - ok
16:06:33.0619 4704 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:06:33.0623 4704 Fs_Rec - ok
16:06:33.0708 4704 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:06:33.0716 4704 fvevol - ok
16:06:33.0735 4704 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:06:33.0742 4704 gagp30kx - ok
16:06:33.0874 4704 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
16:06:33.0900 4704 gpsvc - ok
16:06:33.0922 4704 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:06:33.0926 4704 hcw85cir - ok
16:06:33.0980 4704 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:06:33.0985 4704 HDAudBus - ok
16:06:34.0008 4704 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:06:34.0014 4704 HidBatt - ok
16:06:34.0024 4704 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:06:34.0030 4704 HidBth - ok
16:06:34.0046 4704 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:06:34.0050 4704 HidIr - ok
16:06:34.0076 4704 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:06:34.0083 4704 hidserv - ok
16:06:34.0107 4704 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:06:34.0110 4704 HidUsb - ok
16:06:34.0147 4704 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:06:34.0151 4704 hkmsvc - ok
16:06:34.0173 4704 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:06:34.0181 4704 HomeGroupListener - ok
16:06:34.0216 4704 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:06:34.0224 4704 HomeGroupProvider - ok
16:06:34.0248 4704 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:06:34.0252 4704 HpSAMD - ok
16:06:34.0295 4704 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:06:34.0321 4704 HTTP - ok
16:06:34.0331 4704 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:06:34.0334 4704 hwpolicy - ok
16:06:34.0348 4704 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:06:34.0351 4704 i8042prt - ok
16:06:34.0374 4704 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:06:34.0380 4704 iaStor - ok
16:06:34.0451 4704 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:06:34.0456 4704 IAStorDataMgrSvc - ok
16:06:34.0491 4704 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:06:34.0500 4704 iaStorV - ok
16:06:34.0548 4704 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:06:34.0557 4704 IDriverT - ok
16:06:34.0602 4704 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:06:34.0628 4704 idsvc - ok
16:06:34.0892 4704 [ 31569A2E836C12014148BF7342716946 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:06:35.0146 4704 igfx - ok
16:06:35.0219 4704 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:06:35.0231 4704 iirsp - ok
16:06:35.0274 4704 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
16:06:35.0299 4704 IKEEXT - ok
16:06:35.0388 4704 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:06:35.0471 4704 IntcAzAudAddService - ok
16:06:35.0515 4704 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:06:35.0523 4704 IntcDAud - ok
16:06:35.0533 4704 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:06:35.0552 4704 intelide - ok
16:06:35.0588 4704 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:06:35.0591 4704 intelppm - ok
16:06:35.0615 4704 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:06:35.0620 4704 IPBusEnum - ok
16:06:35.0661 4704 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:35.0665 4704 IpFilterDriver - ok
16:06:35.0692 4704 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:06:35.0714 4704 iphlpsvc - ok
16:06:35.0724 4704 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:06:35.0727 4704 IPMIDRV - ok
16:06:35.0737 4704 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:06:35.0741 4704 IPNAT - ok
16:06:35.0763 4704 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:06:35.0766 4704 IRENUM - ok
16:06:35.0775 4704 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:06:35.0777 4704 isapnp - ok
16:06:35.0792 4704 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:06:35.0798 4704 iScsiPrt - ok
16:06:35.0828 4704 [ 1EA84FC4DF200FF77A823078532123BF ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
16:06:35.0832 4704 JMCR - ok
16:06:35.0854 4704 [ 0B585D18C93379227FA2A645181A6DA2 ] johci C:\Windows\system32\DRIVERS\johci.sys
16:06:35.0857 4704 johci - ok
16:06:35.0880 4704 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:06:35.0883 4704 kbdclass - ok
16:06:35.0904 4704 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:06:35.0907 4704 kbdhid - ok
16:06:35.0929 4704 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
16:06:35.0932 4704 KeyIso - ok
16:06:35.0959 4704 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:06:35.0963 4704 KSecDD - ok
16:06:35.0977 4704 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:06:35.0982 4704 KSecPkg - ok
16:06:35.0999 4704 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:06:36.0002 4704 ksthunk - ok
16:06:36.0035 4704 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:06:36.0052 4704 KtmRm - ok
16:06:36.0082 4704 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:06:36.0086 4704 L1C - ok
16:06:36.0120 4704 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:06:36.0127 4704 LanmanServer - ok
16:06:36.0171 4704 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:06:36.0178 4704 LanmanWorkstation - ok
16:06:36.0194 4704 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:06:36.0198 4704 lltdio - ok
16:06:36.0234 4704 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:06:36.0242 4704 lltdsvc - ok
16:06:36.0259 4704 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:06:36.0263 4704 lmhosts - ok
16:06:36.0299 4704 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:06:36.0302 4704 LSI_FC - ok
16:06:36.0327 4704 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:06:36.0330 4704 LSI_SAS - ok
16:06:36.0352 4704 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:06:36.0355 4704 LSI_SAS2 - ok
16:06:36.0372 4704 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:06:36.0378 4704 LSI_SCSI - ok
16:06:36.0392 4704 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:06:36.0396 4704 luafv - ok
16:06:36.0470 4704 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
16:06:36.0472 4704 ManyCam - ok
16:06:36.0510 4704 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:06:36.0513 4704 MBAMProtector - ok
16:06:36.0574 4704 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:06:36.0583 4704 MBAMScheduler - ok
16:06:36.0618 4704 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:06:36.0645 4704 MBAMService - ok
16:06:36.0672 4704 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
16:06:36.0674 4704 mcaudrv_simple - ok
16:06:36.0702 4704 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:06:36.0707 4704 Mcx2Svc - ok
16:06:36.0716 4704 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:06:36.0737 4704 megasas - ok
16:06:36.0770 4704 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:06:36.0777 4704 MegaSR - ok
16:06:36.0798 4704 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:06:36.0803 4704 MMCSS - ok
16:06:36.0811 4704 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:06:36.0832 4704 Modem - ok
16:06:36.0867 4704 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:06:36.0871 4704 monitor - ok
16:06:36.0898 4704 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
16:06:36.0902 4704 MotioninJoyXFilter - ok
16:06:36.0918 4704 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:06:36.0920 4704 mouclass - ok
16:06:36.0935 4704 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:06:36.0938 4704 mouhid - ok
16:06:36.0948 4704 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:06:36.0951 4704 mountmgr - ok
16:06:37.0007 4704 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:06:37.0011 4704 MozillaMaintenance - ok
16:06:37.0034 4704 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:06:37.0039 4704 mpio - ok
16:06:37.0060 4704 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:06:37.0064 4704 mpsdrv - ok
16:06:37.0092 4704 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:06:37.0118 4704 MpsSvc - ok
16:06:37.0130 4704 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:06:37.0134 4704 MRxDAV - ok
16:06:37.0162 4704 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:37.0167 4704 mrxsmb - ok
16:06:37.0187 4704 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:37.0194 4704 mrxsmb10 - ok
16:06:37.0215 4704 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:06:37.0220 4704 mrxsmb20 - ok
16:06:37.0229 4704 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:06:37.0231 4704 msahci - ok
16:06:37.0254 4704 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:06:37.0259 4704 msdsm - ok
16:06:37.0275 4704 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:06:37.0281 4704 MSDTC - ok
16:06:37.0297 4704 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:06:37.0299 4704 Msfs - ok
16:06:37.0308 4704 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:06:37.0310 4704 mshidkmdf - ok
16:06:37.0320 4704 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:06:37.0322 4704 msisadrv - ok
16:06:37.0361 4704 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:06:37.0367 4704 MSiSCSI - ok
16:06:37.0378 4704 msiserver - ok
16:06:37.0399 4704 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:06:37.0412 4704 MSKSSRV - ok
16:06:37.0446 4704 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:06:37.0449 4704 MSPCLOCK - ok
16:06:37.0461 4704 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:06:37.0463 4704 MSPQM - ok
16:06:37.0489 4704 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:06:37.0497 4704 MsRPC - ok
16:06:37.0509 4704 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:06:37.0512 4704 mssmbios - ok
16:06:37.0557 4704 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:06:37.0559 4704 MSTEE - ok
16:06:37.0567 4704 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:06:37.0569 4704 MTConfig - ok
16:06:37.0577 4704 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:06:37.0580 4704 Mup - ok
16:06:37.0624 4704 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
16:06:37.0645 4704 napagent - ok
16:06:37.0688 4704 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:06:37.0695 4704 NativeWifiP - ok
16:06:37.0728 4704 [ A3151B3463EEA7E47F618F115D0D142E ] NDIS C:\Windows\system32\drivers\ndis.sys
16:06:37.0753 4704 NDIS - ok
16:06:37.0776 4704 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:06:37.0779 4704 NdisCap - ok
16:06:37.0793 4704 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:06:37.0796 4704 NdisTapi - ok
16:06:37.0804 4704 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:06:37.0807 4704 Ndisuio - ok
16:06:37.0818 4704 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:06:37.0822 4704 NdisWan - ok
16:06:37.0832 4704 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:06:37.0834 4704 NDProxy - ok
16:06:37.0843 4704 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:06:37.0846 4704 NetBIOS - ok
16:06:37.0858 4704 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:06:37.0864 4704 NetBT - ok
16:06:37.0892 4704 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
16:06:37.0895 4704 Netlogon - ok
16:06:37.0920 4704 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:06:37.0930 4704 Netman - ok
16:06:37.0957 4704 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:06:37.0977 4704 netprofm - ok
16:06:38.0006 4704 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:38.0010 4704 NetTcpPortSharing - ok
16:06:38.0028 4704 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:06:38.0032 4704 nfrd960 - ok
16:06:38.0062 4704 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:06:38.0071 4704 NlaSvc - ok
16:06:38.0081 4704 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:06:38.0083 4704 Npfs - ok
16:06:38.0110 4704 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:06:38.0115 4704 nsi - ok
16:06:38.0121 4704 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:06:38.0123 4704 nsiproxy - ok
16:06:38.0183 4704 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:06:38.0226 4704 Ntfs - ok
16:06:38.0242 4704 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:06:38.0245 4704 Null - ok
16:06:38.0610 4704 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:06:38.0915 4704 nvlddmkm - ok
16:06:38.0960 4704 [ 3629B8C7257C6231A3CFB44359C68B1D ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:06:38.0963 4704 nvpciflt - ok
16:06:38.0994 4704 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:06:38.0999 4704 nvraid - ok
16:06:39.0046 4704 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:06:39.0051 4704 nvstor - ok
16:06:39.0108 4704 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:06:39.0136 4704 nvsvc - ok
16:06:39.0250 4704 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:06:39.0310 4704 nvUpdatusService - ok
16:06:39.0331 4704 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:06:39.0335 4704 nv_agp - ok
16:06:39.0353 4704 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:06:39.0357 4704 ohci1394 - ok
16:06:39.0379 4704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:06:39.0397 4704 p2pimsvc - ok
16:06:39.0418 4704 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:06:39.0435 4704 p2psvc - ok
16:06:39.0456 4704 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:06:39.0461 4704 Parport - ok
16:06:39.0491 4704 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:06:39.0494 4704 partmgr - ok
16:06:39.0504 4704 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:06:39.0510 4704 PcaSvc - ok
16:06:39.0556 4704 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
16:06:39.0561 4704 pci - ok
16:06:39.0578 4704 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:06:39.0580 4704 pciide - ok
16:06:39.0602 4704 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:06:39.0608 4704 pcmcia - ok
16:06:39.0616 4704 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:06:39.0619 4704 pcw - ok
16:06:39.0649 4704 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:06:39.0670 4704 PEAUTH - ok
16:06:39.0737 4704 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:06:39.0741 4704 PerfHost - ok
16:06:39.0798 4704 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
16:06:39.0840 4704 pla - ok
16:06:39.0876 4704 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:06:39.0894 4704 PlugPlay - ok
16:06:39.0913 4704 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:06:39.0919 4704 PNRPAutoReg - ok
16:06:39.0939 4704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:06:39.0945 4704 PNRPsvc - ok
16:06:39.0980 4704 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:06:40.0000 4704 PolicyAgent - ok
16:06:40.0033 4704 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:06:40.0040 4704 Power - ok
16:06:40.0055 4704 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:06:40.0059 4704 PptpMiniport - ok
16:06:40.0077 4704 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:06:40.0080 4704 Processor - ok
16:06:40.0106 4704 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
16:06:40.0113 4704 ProfSvc - ok
16:06:40.0128 4704 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:06:40.0131 4704 ProtectedStorage - ok
16:06:40.0148 4704 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:06:40.0152 4704 Psched - ok
16:06:40.0207 4704 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:06:40.0252 4704 ql2300 - ok
16:06:40.0261 4704 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:06:40.0265 4704 ql40xx - ok
16:06:40.0282 4704 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:06:40.0291 4704 QWAVE - ok
16:06:40.0299 4704 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:06:40.0301 4704 QWAVEdrv - ok
16:06:40.0308 4704 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:06:40.0311 4704 RasAcd - ok
16:06:40.0339 4704 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:06:40.0342 4704 RasAgileVpn - ok
16:06:40.0366 4704 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:06:40.0373 4704 RasAuto - ok
16:06:40.0386 4704 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:06:40.0389 4704 Rasl2tp - ok
16:06:40.0417 4704 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
16:06:40.0434 4704 RasMan - ok
16:06:40.0443 4704 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:06:40.0446 4704 RasPppoe - ok
16:06:40.0456 4704 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:06:40.0460 4704 RasSstp - ok
16:06:40.0473 4704 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:06:40.0479 4704 rdbss - ok
16:06:40.0494 4704 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:06:40.0496 4704 rdpbus - ok
16:06:40.0511 4704 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:06:40.0514 4704 RDPCDD - ok
16:06:40.0536 4704 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:06:40.0537 4704 RDPENCDD - ok
16:06:40.0561 4704 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:06:40.0564 4704 RDPREFMP - ok
16:06:40.0603 4704 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:06:40.0609 4704 RDPWD - ok
16:06:40.0641 4704 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:06:40.0691 4704 rdyboost - ok
16:06:40.0716 4704 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:06:40.0723 4704 RemoteAccess - ok
16:06:40.0743 4704 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:06:40.0751 4704 RemoteRegistry - ok
16:06:40.0768 4704 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:06:40.0774 4704 RpcEptMapper - ok
16:06:40.0796 4704 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:06:40.0801 4704 RpcLocator - ok
16:06:40.0873 4704 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
16:06:40.0882 4704 RpcSs - ok
16:06:40.0891 4704 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:06:40.0895 4704 rspndr - ok
16:06:40.0913 4704 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
16:06:40.0916 4704 SamSs - ok
16:06:40.0936 4704 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:06:40.0941 4704 sbp2port - ok
16:06:40.0960 4704 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:06:40.0967 4704 SCardSvr - ok
16:06:40.0975 4704 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:06:40.0977 4704 scfilter - ok
16:06:41.0034 4704 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
16:06:41.0068 4704 Schedule - ok
16:06:41.0094 4704 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:06:41.0096 4704 SCPolicySvc - ok
16:06:41.0118 4704 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:06:41.0125 4704 SDRSVC - ok
16:06:41.0151 4704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:06:41.0154 4704 secdrv - ok
16:06:41.0170 4704 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
16:06:41.0175 4704 seclogon - ok
16:06:41.0192 4704 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:06:41.0197 4704 SENS - ok
16:06:41.0215 4704 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:06:41.0221 4704 SensrSvc - ok
16:06:41.0247 4704 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:06:41.0250 4704 Serenum - ok
16:06:41.0260 4704 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:06:41.0263 4704 Serial - ok
16:06:41.0274 4704 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:06:41.0277 4704 sermouse - ok
16:06:41.0311 4704 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
16:06:41.0317 4704 SessionEnv - ok
16:06:41.0324 4704 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:06:41.0326 4704 sffdisk - ok
16:06:41.0335 4704 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:06:41.0337 4704 sffp_mmc - ok
16:06:41.0345 4704 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:06:41.0347 4704 sffp_sd - ok
16:06:41.0356 4704 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:06:41.0358 4704 sfloppy - ok
16:06:41.0424 4704 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\AlienRespawn\sftservice.EXE
16:06:41.0450 4704 SftService - ok
16:06:41.0479 4704 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:06:41.0489 4704 SharedAccess - ok
16:06:41.0519 4704 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:06:41.0536 4704 ShellHWDetection - ok
16:06:41.0557 4704 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:06:41.0560 4704 SiSRaid2 - ok
16:06:41.0569 4704 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:06:41.0572 4704 SiSRaid4 - ok
16:06:41.0635 4704 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:06:41.0640 4704 SkypeUpdate - ok
16:06:41.0668 4704 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:06:41.0673 4704 Smb - ok
16:06:41.0712 4704 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:06:41.0718 4704 SNMPTRAP - ok
16:06:41.0731 4704 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:06:41.0734 4704 spldr - ok
16:06:41.0759 4704 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
16:06:41.0784 4704 Spooler - ok
16:06:41.0875 4704 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
16:06:41.0961 4704 sppsvc - ok
16:06:41.0985 4704 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:06:41.0992 4704 sppuinotify - ok
16:06:42.0027 4704 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:06:42.0043 4704 srv - ok
16:06:42.0070 4704 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:06:42.0079 4704 srv2 - ok
16:06:42.0096 4704 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:06:42.0107 4704 srvnet - ok
16:06:42.0130 4704 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:06:42.0138 4704 SSDPSRV - ok
16:06:42.0148 4704 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:06:42.0154 4704 SstpSvc - ok
16:06:42.0177 4704 Steam Client Service - ok
16:06:42.0219 4704 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:06:42.0227 4704 Stereo Service - ok
16:06:42.0251 4704 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:06:42.0254 4704 stexstor - ok
16:06:42.0284 4704 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
16:06:42.0309 4704 stisvc - ok
16:06:42.0323 4704 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:06:42.0326 4704 swenum - ok
16:06:42.0354 4704 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:06:42.0379 4704 swprv - ok
16:06:42.0420 4704 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:06:42.0428 4704 SynTP - ok
16:06:42.0478 4704 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
16:06:42.0522 4704 SysMain - ok
16:06:42.0534 4704 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:06:42.0541 4704 TabletInputService - ok
16:06:42.0576 4704 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:06:42.0593 4704 TapiSrv - ok
16:06:42.0615 4704 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:06:42.0621 4704 TBS - ok
16:06:42.0682 4704 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:06:42.0734 4704 Tcpip - ok
16:06:42.0798 4704 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:06:42.0817 4704 TCPIP6 - ok
16:06:42.0843 4704 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:06:42.0847 4704 tcpipreg - ok
16:06:42.0868 4704 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:06:42.0870 4704 TDPIPE - ok
16:06:42.0891 4704 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:06:42.0893 4704 TDTCP - ok
16:06:42.0904 4704 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:06:42.0907 4704 tdx - ok
16:06:42.0928 4704 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:06:42.0931 4704 TermDD - ok
16:06:42.0966 4704 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
16:06:42.0991 4704 TermService - ok
16:06:43.0026 4704 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:06:43.0030 4704 Themes - ok
16:06:43.0053 4704 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:06:43.0056 4704 THREADORDER - ok
16:06:43.0078 4704 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:06:43.0084 4704 TrkWks - ok
16:06:43.0159 4704 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:06:43.0169 4704 TrustedInstaller - ok
16:06:43.0194 4704 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:06:43.0196 4704 tssecsrv - ok
16:06:43.0259 4704 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:06:43.0266 4704 tunnel - ok
16:06:43.0281 4704 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:06:43.0287 4704 uagp35 - ok
16:06:43.0331 4704 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:06:43.0348 4704 udfs - ok
16:06:43.0401 4704 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:06:43.0408 4704 UI0Detect - ok
16:06:43.0429 4704 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:06:43.0435 4704 uliagpkx - ok
16:06:43.0454 4704 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:06:43.0495 4704 umbus - ok
16:06:43.0502 4704 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:06:43.0504 4704 UmPass - ok
16:06:43.0527 4704 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:06:43.0540 4704 upnphost - ok
16:06:43.0567 4704 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:06:43.0572 4704 usbccgp - ok
16:06:43.0601 4704 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:06:43.0608 4704 usbcir - ok
16:06:43.0638 4704 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:06:43.0641 4704 usbehci - ok
16:06:43.0694 4704 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:06:43.0703 4704 usbhub - ok
16:06:43.0727 4704 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:06:43.0730 4704 usbohci - ok
16:06:43.0753 4704 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:06:43.0757 4704 usbprint - ok
16:06:43.0779 4704 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:43.0783 4704 USBSTOR - ok
16:06:43.0820 4704 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:06:43.0823 4704 usbuhci - ok
16:06:43.0850 4704 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:06:43.0855 4704 usbvideo - ok
16:06:43.0880 4704 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:06:43.0886 4704 UxSms - ok
16:06:43.0900 4704 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
16:06:43.0902 4704 VaultSvc - ok
16:06:43.0916 4704 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:06:43.0918 4704 vdrvroot - ok
16:06:43.0942 4704 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
16:06:43.0968 4704 vds - ok
16:06:43.0986 4704 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:06:43.0989 4704 vga - ok
16:06:43.0998 4704 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:06:44.0000 4704 VgaSave - ok
16:06:44.0034 4704 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:06:44.0041 4704 vhdmp - ok
16:06:44.0049 4704 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:06:44.0051 4704 viaide - ok
16:06:44.0062 4704 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:06:44.0065 4704 volmgr - ok
16:06:44.0113 4704 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:06:44.0130 4704 volmgrx - ok
16:06:44.0145 4704 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:06:44.0162 4704 volsnap - ok
16:06:44.0182 4704 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:06:44.0188 4704 vsmraid - ok
16:06:44.0238 4704 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
16:06:44.0281 4704 VSS - ok
16:06:44.0290 4704 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:06:44.0293 4704 vwifibus - ok
16:06:44.0305 4704 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:06:44.0308 4704 vwififlt - ok
16:06:44.0329 4704 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:06:44.0346 4704 W32Time - ok
16:06:44.0364 4704 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:06:44.0366 4704 WacomPen - ok
16:06:44.0384 4704 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:06:44.0387 4704 WANARP - ok
16:06:44.0402 4704 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:06:44.0404 4704 Wanarpv6 - ok
16:06:44.0492 4704 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:06:44.0526 4704 WatAdminSvc - ok
16:06:44.0585 4704 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
16:06:44.0628 4704 wbengine - ok
16:06:44.0640 4704 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:06:44.0652 4704 WbioSrvc - ok
16:06:44.0665 4704 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:06:44.0678 4704 wcncsvc - ok
16:06:44.0694 4704 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:06:44.0701 4704 WcsPlugInService - ok
16:06:44.0713 4704 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:06:44.0734 4704 Wd - ok
16:06:44.0753 4704 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:06:44.0765 4704 Wdf01000 - ok
16:06:44.0794 4704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:06:44.0800 4704 WdiServiceHost - ok
16:06:44.0807 4704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:06:44.0813 4704 WdiSystemHost - ok
16:06:44.0835 4704 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
16:06:44.0843 4704 WebClient - ok
16:06:44.0861 4704 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:06:44.0871 4704 Wecsvc - ok
16:06:44.0894 4704 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:06:44.0901 4704 wercplsupport - ok
16:06:44.0931 4704 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:06:44.0938 4704 WerSvc - ok
16:06:44.0957 4704 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:06:44.0959 4704 WfpLwf - ok
16:06:44.0985 4704 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:06:44.0990 4704 WimFltr - ok
16:06:45.0011 4704 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:06:45.0014 4704 WIMMount - ok
16:06:45.0027 4704 WinDefend - ok
16:06:45.0038 4704 WinHttpAutoProxySvc - ok
16:06:45.0094 4704 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:06:45.0114 4704 Winmgmt - ok
16:06:45.0184 4704 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
16:06:45.0187 4704 WinRing0_1_2_0 - ok
16:06:45.0259 4704 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:06:45.0318 4704 WinRM - ok
16:06:45.0368 4704 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:06:45.0405 4704 Wlansvc - ok
16:06:45.0522 4704 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:06:45.0599 4704 wlidsvc - ok
16:06:45.0645 4704 [ A96D6C0613DCF84F2D07FAEB75663072 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
16:06:45.0648 4704 wltrysvc - ok
16:06:45.0675 4704 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:06:45.0678 4704 WmiAcpi - ok
16:06:45.0720 4704 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:06:45.0728 4704 wmiApSrv - ok
16:06:45.0758 4704 WMPNetworkSvc - ok
16:06:45.0796 4704 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:06:45.0802 4704 WPCSvc - ok
16:06:45.0829 4704 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:06:45.0837 4704 WPDBusEnum - ok
16:06:45.0853 4704 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:06:45.0856 4704 ws2ifsl - ok
16:06:45.0878 4704 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
16:06:45.0885 4704 wscsvc - ok
16:06:45.0892 4704 WSearch - ok
16:06:46.0082 4704 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:06:46.0159 4704 wuauserv - ok
16:06:46.0180 4704 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:06:46.0184 4704 WudfPf - ok
16:06:46.0225 4704 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:06:46.0230 4704 WUDFRd - ok
16:06:46.0262 4704 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:06:46.0268 4704 wudfsvc - ok
16:06:46.0289 4704 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:06:46.0299 4704 WwanSvc - ok
16:06:46.0338 4704 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:06:46.0341 4704 xusb21 - ok
16:06:46.0356 4704 ================ Scan global ===============================
16:06:46.0378 4704 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:06:46.0402 4704 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:06:46.0420 4704 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:06:46.0442 4704 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:06:46.0474 4704 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:06:46.0484 4704 [Global] - ok
16:06:46.0485 4704 ================ Scan MBR ==================================
16:06:46.0497 4704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:06:46.0757 4704 \Device\Harddisk0\DR0 - ok
16:06:46.0757 4704 ================ Scan VBR ==================================
16:06:46.0763 4704 [ 17B95AC8758F902C0B46373CA4E68D06 ] \Device\Harddisk0\DR0\Partition1
16:06:46.0766 4704 \Device\Harddisk0\DR0\Partition1 - ok
16:06:46.0785 4704 [ 7FD2980EE25F35C9271D65A4E4582FA3 ] \Device\Harddisk0\DR0\Partition2
16:06:46.0789 4704 \Device\Harddisk0\DR0\Partition2 - ok
16:06:46.0790 4704 ============================================================
16:06:46.0790 4704 Scan finished
16:06:46.0790 4704 ============================================================
16:06:46.0807 3248 Detected object count: 0
16:06:46.0808 3248 Actual detected object count: 0
16:06:54.0755 4700 Deinitialize success
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 16:08:43
-----------------------------
16:08:43.627 OS Version: Windows x64 6.1.7600
16:08:43.627 Number of processors: 4 586 0x2505
16:08:43.629 ComputerName: LENN-PC UserName: Lenn
16:08:44.274 Initialize success
16:10:05.721 AVAST engine defs: 12091400
16:11:07.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:11:07.336 Disk 0 Vendor: ST932042 D005 Size: 305245MB BusType: 3
16:11:07.362 Disk 0 MBR read successfully
16:11:07.366 Disk 0 MBR scan
16:11:07.372 Disk 0 Windows 7 default MBR code
16:11:07.376 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
16:11:07.389 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 21732 MB offset 81920
16:11:07.410 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 283472 MB offset 44589056
16:11:07.439 Disk 0 scanning C:\Windows\system32\drivers
16:11:18.046 Service scanning
16:11:45.449 Modules scanning
16:11:45.450 Disk 0 trace - called modules:
16:11:45.481 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:11:45.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075a7060]
16:11:45.482 3 CLASSPNP.SYS[fffff88001aa243f] -> nt!IofCallDriver -> [0xfffffa80055b9490]
16:11:45.483 5 ACPI.sys[fffff88000d74781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80055ba050]
16:11:46.543 AVAST engine scan C:\Windows
16:11:48.251 AVAST engine scan C:\Windows\system32
16:15:40.798 AVAST engine scan C:\Windows\system32\drivers
16:16:07.529 AVAST engine scan C:\Users\Lenn
16:24:33.319 AVAST engine scan C:\ProgramData
16:25:28.938 Scan finished successfully
16:30:30.340 Disk 0 MBR has been saved successfully to "C:\Users\Lenn\Desktop\MBR.dat"
16:30:30.347 The log file has been saved successfully to "C:\Users\Lenn\Desktop\aswMBR.txt"

still getting this merchant circle redirect, bugs arent all gone yet :|

#12 emily m

emily m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 16 September 2012 - 08:35 PM

heres an mbam log it found something

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.13

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lenn :: LENN-PC [administrator]

9/16/2012 5:55:26 PM
mbam-log-2012-09-16 (17-55-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222553
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Lenn\AppData\Local\Temp\0.28656163491056696 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 16 September 2012 - 09:19 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 emily m

emily m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 16 September 2012 - 09:28 PM

OTL logfile created on: 9/16/2012 7:20:58 PM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Lenn\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.83% Memory free
7.60 Gb Paging File | 5.92 Gb Available in Paging File | 77.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276.83 Gb Total Space | 152.07 Gb Free Space | 54.93% Space Free | Partition Type: NTFS

Computer Name: LENN-PC | User Name: Lenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lenn\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
PRC - C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe ()
PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision )


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Java\jre7\bin\jp2native.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Windows Live\Messenger\ShareAnythingControlRes.dll ()
MOD - C:\Program Files (x86)\Windows Live\Messenger\en\ShareAnythingControllang.dll.mui ()
MOD - C:\Program Files (x86)\Windows Live\Shared\en\wliduxloc.dll.mui ()
MOD - C:\Program Files (x86)\Windows Live\Shared\en\uxctlloc.dll.mui ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
MOD - C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll ()
MOD - C:\Program Files\Alienware\Command Center\AlienFusionController.exe ()
MOD - C:\WINDOWS\SysWOW64\FAIEExtension.dll ()
MOD - C:\WINDOWS\SysWOW64\FAib.dll ()
MOD - C:\WINDOWS\SysWOW64\FACrashRpt.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (FAService) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision )
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\WINDOWS\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\WINDOWS\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\WINDOWS\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\WINDOWS\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (xusb21) -- C:\WINDOWS\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (johci) -- C:\WINDOWS\SysNative\drivers\johci.sys (JMicron Technology Corp.)
DRV:64bit: - (JMCR) -- C:\WINDOWS\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (iaStor) -- C:\WINDOWS\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\WINDOWS\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (L1C) -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (EMSC) -- C:\WINDOWS\SysNative\drivers\EMSC.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FACAP) -- C:\WINDOWS\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (EMSC) -- C:\WINDOWS\SysWOW64\drivers\EMSC.sys (Windows ® Win 7 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1591494213-445130405-732833371-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: mrcdinfuli@mrcdinfuli.org:2.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 08:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/14 23:15:14 | 000,000,000 | ---D | M]

[2012/07/27 13:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Extensions
[2012/09/15 00:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\a7k73axp.default\extensions
[1832/11/28 21:22:58 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\a7k73axp.default\extensions\mrcdinfuli@mrcdinfuli.org.xpi
[2012/07/27 13:58:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\a7k73axp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/10 08:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/10 08:23:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/09 22:04:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/09 22:04:43 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28F4B7FF-2441-498B-BD90-39F8E45233E1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDE77F38-DFDE-4E68-A955-E55820146C0A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{868cf474-d198-11e1-b967-0026b9e0638f}\Shell - "" = AutoRun
O33 - MountPoints2\{868cf474-d198-11e1-b967-0026b9e0638f}\Shell\AutoRun\command - "" = "D:\Diablo III Setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 19:01:27 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Roaming\SystemRequirementsLab
[2012/09/16 17:54:25 | 000,000,000 | ---D | C] -- C:\Users\Lenn\Desktop\rkill
[2012/09/16 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{4E3C83B3-6BBE-4FE0-BB7A-D132A8ED511C}
[2012/09/16 14:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/16 14:09:05 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/16 14:09:05 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/16 14:08:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/16 14:08:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/16 14:08:57 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/16 04:45:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/15 13:30:40 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{37FF920D-BA9D-4F9E-BB99-171C786E724B}
[2012/09/14 23:14:50 | 001,572,672 | ---- | C] (Gamania Inc.) -- C:\Users\Lenn\Documents\_BFUninstall.exe
[2012/09/14 23:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/09/14 23:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/09/14 13:45:31 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F88A37B0-F173-4044-B30E-10E1F690C6F9}
[2012/09/13 19:06:56 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{025097C2-D0C0-43D4-9E39-DC9518B25C8B}
[2012/09/13 06:16:20 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{9AA3CAFD-C83D-4890-9710-D6E3E516E87F}
[2012/09/12 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{FFFD974A-E88F-43F6-AF6B-1B0666C848F0}
[2012/09/11 14:33:02 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{D90907BC-9001-4D04-8AF5-F46FF7982851}
[2012/09/11 02:22:32 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F3E44B4A-84B9-4DC8-AC29-AB1302FBA00B}
[2012/09/10 14:22:05 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{6EA931FF-6DBC-40C9-810E-550F4A9789EF}
[2012/09/10 14:02:43 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{DD14847E-E9FC-4F2E-AE64-6934C4DE1C6B}
[2012/09/10 13:16:23 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{EFCFAC1B-BD22-4DC6-95C4-9DBE7557F40D}
[2012/09/10 08:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/09 14:10:38 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{52E24DC8-4504-4A37-89DC-5E956F223F33}
[2012/09/08 17:42:05 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{C1467C6F-E6EC-47BE-A4DC-F9507115E6FD}
[2012/09/08 05:41:41 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F1A988FE-4B19-495F-AF2E-2CE4B7758C3D}
[2012/09/07 15:48:09 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{D996CCEA-896C-4437-ABB6-4775D69B0D4D}
[2012/09/07 03:47:45 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{BC3629A6-C3CB-459B-8CE1-D5FE5692DD1C}
[2012/09/06 11:01:35 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{8EF2D7F8-F7B7-4478-868E-46B8EE6D5142}
[2012/09/05 17:29:18 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{632CEB3F-823D-41CE-B0C1-3840D1BB2EB4}
[2012/09/05 05:28:42 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{13A46834-4454-4377-9064-6B6679FAD999}
[2012/09/04 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{E8A49033-E875-4BDD-A1FE-AB1987B8CE38}
[2012/09/04 05:27:32 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{4E4C9431-FC06-460A-BE10-9AF7B4829023}
[2012/09/03 17:27:09 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{27BE2B34-A34F-429F-BB85-7519C3C9B7E1}
[2012/09/03 14:41:42 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\ElevatedDiagnostics
[2012/09/03 14:27:05 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{EBC6FD99-A77F-4B92-A94B-EDA886900154}
[2012/09/02 16:37:51 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{479DDC50-BDBC-4224-BC05-FCBFE3D050D7}
[2012/09/02 04:37:16 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{444DCA1A-36F3-4536-AE92-3A4E9E6D9CCD}
[2012/09/01 16:36:37 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{7EE78ECF-E081-48AF-B2FE-C67C34175B78}
[2012/09/01 04:33:06 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{02D3B01D-EF87-4D87-9A20-FFBC5EC9901F}
[2012/08/31 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{69205605-7CE2-4C6B-A3D6-793B0F22C699}
[2012/08/31 04:32:07 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{BA8747F5-7619-4CE7-88CB-87A1E337CB29}
[2012/08/30 14:57:59 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{057C2EFA-9176-4395-97A8-79211A4C1EE5}
[2012/08/29 22:25:04 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{708952C1-BD54-4CA6-8371-52A34B2B8B08}
[2012/08/29 10:24:38 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{7B709B33-AD3A-436B-8EB0-5F6D75291B83}
[2012/08/28 13:36:45 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{15A49562-9502-4B81-9210-6B1966BCD90F}
[2012/08/27 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{DF9A8459-E1F6-4E23-A2D7-0D04B9EC82BC}
[2012/08/26 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{1A235A89-B47D-44B5-BCC9-BBCA68990ACC}
[2012/08/26 05:48:08 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{6C842566-44C8-4CC7-A1A8-0C8B0C6AE9CC}
[2012/08/25 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{DFD2729B-20D1-48AE-A285-A884665A2414}
[2012/08/25 03:20:12 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{61C3CAF9-9ABA-4A2A-A1A9-80E1814D4F91}
[2012/08/24 12:51:24 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{064B64CC-E254-44E8-9519-D519A4F199A2}
[2012/08/23 13:24:32 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{37FD1604-F961-4D19-BFB3-2C6E960B1076}
[2012/08/22 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{D5A3B11D-9BEE-4A14-8065-B9EAD7936B18}
[2012/08/22 04:09:19 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{2F989BE3-96B5-472A-8CA2-9F9018F86269}
[2012/08/21 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{09D97020-CF10-46EE-9CDE-86AF9ECE284E}
[2012/08/20 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{18248254-B86B-43C1-ADE6-B1436B73B0D4}
[2012/08/19 11:42:36 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{CAECA3A3-FB2C-48CA-AC67-F6DCA2CB296B}
[2012/08/18 18:39:16 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{32EA0BA3-34EF-4B2F-9345-D02903B80BDD}
[2012/08/18 06:33:46 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{2019AA76-3ED7-4C0F-83CA-8BA0FC3F2A4D}
[2012/08/18 06:33:35 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{CD67ACAC-FAD6-4855-925A-9627E16EACF0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/16 18:44:34 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 18:44:34 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 18:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/16 18:37:15 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/16 14:15:17 | 000,649,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/16 14:15:17 | 000,114,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/16 14:15:17 | 000,005,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/16 14:12:37 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/16 14:12:37 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/16 14:08:46 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/16 14:08:45 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/16 14:08:45 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/16 14:08:45 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/16 14:08:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/16 14:08:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/14 01:54:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/23 21:48:52 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/27 11:18:52 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/06/27 11:18:52 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/06/27 11:18:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/06/27 11:18:51 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/06/27 11:18:48 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 17 September 2012 - 08:49 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{868cf474-d198-11e1-b967-0026b9e0638f}\Shell - "" = AutoRun
    O33 - MountPoints2\{868cf474-d198-11e1-b967-0026b9e0638f}\Shell\AutoRun\command - "" = "D:\Diablo III Setup.exe"
    FF - prefs.js..extensions.enabledAddons: mrcdinfuli@mrcdinfuli.org:2.5   
    [1832/11/28 21:22:58 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\a7k73axp.default\extensions\mrcdinfuli@mrcdinfuli.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users