Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ads popping up on my webpages (even google) and redirecting.


  • This topic is locked This topic is locked
21 replies to this topic

#1 ninjapanda

ninjapanda

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 18 August 2013 - 07:53 AM

Hi guys, I made an account because I need help! Recently their has been heaps of ads popping up on my webpage on websites that never used to have pop-ups. Also sometimes when I click a link, it redirects me to another ad site. I've tried using some antivirus as well as switching to chrome to no avail. Please help me out. 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:03 PM

Posted 18 August 2013 - 11:17 AM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ninjapanda

ninjapanda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 19 August 2013 - 03:07 AM

Hey, thanks for helping me out. Here are the logs.

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````




Farbar Service Scanner Version: 18-08-2013
Ran by Jeremy (administrator) on 19-08-2013 at 17:27:41
Running from "C:\Users\Jeremy\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jeremy :: JEREMY-PC [administrator]

Protection: Enabled

19/08/2013 5:19:22 PM
MBAM-log-2013-08-19 (17-35-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213900
Time elapsed: 15 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Video Library (Trojan.Agent) -> Data: C:\windows\system32\rundll32.exe C:\Users\Jeremy\AppData\Local\Temp\Rpcqt.dll,Sets -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Nvidia (Trojan.Agent) -> Data: wscript.exe "C:\Microsoft_SDK\lib\include\cc1xb.js" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Jeremy\AppData\Local\Temp\explorer.exe (Trojan.Agent) -> No action taken.
C:\Users\Jeremy\csrss.exe (Trojan.Agent) -> No action taken.
C:\Microsoft_SDK\lib\include\cc1xb.js (Trojan.Agent) -> No action taken.

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4243906560, free: 1543168000

Initializing...
------------ Kernel report ------------
08/19/2013 17:21:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130420.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130412.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\System32\Drivers\tosrfbnp.sys
\SystemRoot\system32\DRIVERS\tosrfnds.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\??\C:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\windows\system32\drivers\aksfridge.sys
\??\C:\windows\system32\drivers\hardlock.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\windows\system32\drivers\mbam.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
IRP handler 22 of \Driver\Disk is hooked
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800628f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800628e050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800628f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004f7db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800628f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800628e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a011856c80, 0xfffffa800628f790, 0xfffffa800988a090
Lower DeviceData: 0xfffff8a00cf269f0, 0xfffffa800628e050, 0xfffffa80073b6090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 58943F2B

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1219069952

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1222144000 Numsec = 28119040
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Infected: c:\AMD\lsass\WmiPrvCv.exe --> [Trojan.BitCoinMiner]
Infected: c:\AMD\lsass\WmiPrvCv.exe --> [Trojan.BitCoinMiner]
Infected: c:\Users\Jeremy\AppData\Roaming\diuggivu\daubrbrd.exe --> [Trojan.Crypted.FS]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TOSHIBA --> [Trojan.Crypted.FS]

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jeremy :: JEREMY-PC [administrator]

19/08/2013 5:21:34 PM
mbar-log-2013-08-19 (17-21-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 247880
Time elapsed: 44 minute(s), 38 second(s)

Memory Processes Detected: 1
c:\AMD\lsass\WmiPrvCv.exe (Trojan.BitCoinMiner) -> 4716 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TOSHIBA (Trojan.Crypted.FS) -> Data: C:\Users\Jeremy\AppData\Roaming\diuggivu\daubrbrd.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\AMD\lsass\WmiPrvCv.exe (Trojan.BitCoinMiner) -> No action taken.
c:\Users\Jeremy\AppData\Roaming\diuggivu\daubrbrd.exe (Trojan.Crypted.FS) -> No action taken.
c:\Microsoft_SDK\lib\include\iexploror.exe (Trojan.Agent) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/19/2013 05:23:09 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Jeremy\Downloads\FSS.exe (PID: 12044) [UP-HEUR]
* C:\Users\Jeremy\Downloads\SecurityCheck (2).exe (PID: 11548) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Jeremy\Desktop\rkill\rkill-08-19-2013-05-23-43.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:


Thanks again!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:03 PM

Posted 19 August 2013 - 06:41 PM

I see some signs of ZeroAccess rookit.

It'll require elevated help.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 ninjapanda

ninjapanda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 21 August 2013 - 08:03 AM

sorry for the late reply

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21/02/2013 4:30:47 PM
System Uptime: 21/08/2013 7:56:35 PM (3 hours ago)
.
Motherboard: Intel |  | PLCSF8
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 513.464 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 13/08/2013 7:25:51 PM - Windows Update
RP69: 16/08/2013 12:27:00 AM - Removed Steam
RP70: 16/08/2013 12:41:21 AM - Removed Splashtop Streamer
RP71: 16/08/2013 12:42:18 AM - Removed Splashtop Remote Client
RP72: 16/08/2013 12:44:56 AM - MinitabCIA
RP73: 17/08/2013 2:18:22 PM - Windows Update
RP74: 18/08/2013 2:00:29 AM - Windows Update
RP75: 19/08/2013 12:29:08 AM - Installed Sybase PowerDesigner 16.1
RP76: 19/08/2013 8:36:17 PM - Installed Steam
RP77: 21/08/2013 1:49:35 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 212.59.28.228 www.google-analytics.com.
Hosts: 212.59.28.228 ad-emea.doubleclick.net.
Hosts: 212.59.28.228 www.statcounter.com.
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6) MUI
AMD APP SDK Runtime
AMD Catalyst Install Manager
Applet
µTorrent
Bejeweled 3
Bluetooth Stack for Windows by Toshiba
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dota 2
Google Chrome
Google Update Helper
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 25 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 25 (64-bit)
Java™ 6 Update 30
Junk Mail filter update
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
MSVCRT
MSVCRT_amd64
Norton Internet Security
Norton Online Backup
Norton PC Checkup
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RtkClassFilter
Sandboxie 4.04 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Skype™ 6.3
Steam
Sybase PowerDesigner 16.1
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Audio Enhancement
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Peak Shift Control
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
WildTangent Games App (Toshiba Games)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
21/08/2013 6:18:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa800b210010, 0xfffff8800482d910, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 082113-53508-01.
21/08/2013 3:25:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
20/08/2013 9:28:13 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.155.2537.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9700.0   Error code: 0x80240022   Error description: The program can't check for definition updates.
20/08/2013 9:28:13 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.155.2537.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9700.0   Error code: 0x80240022   Error description: The program can't check for definition updates.
19/08/2013 9:13:33 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
19/08/2013 9:13:33 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Jeremy at 22:24:42 on 2013-08-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.4047.956 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\hasplms.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskeng.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
uSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Udsiufx] C:\Users\Jeremy\AppData\Roaming\Wykecy\buzy.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [WMI] C:\AMD\lsass\WMI.vbe
uRun: [TOSHIBA] C:\Users\Jeremy\AppData\Roaming\diuggivu\daubrbrd.exe
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [ecefbdfbdafec] "C:\ProgramData\ecefbdfbdafec.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
StartupFolder: C:\Users\Jeremy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Jeremy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WARCRA~1.LNK - C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{24E34805-7CBC-4127-AF96-8EE2D4AF5B24} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F5B35952-DFB2-448C-8BC7-4040D75EE993} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{F5B35952-DFB2-448C-8BC7-4040D75EE993}\348696E616E45647D2236363D213130313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F5B35952-DFB2-448C-8BC7-4040D75EE993}\D4163617571627965602055726C69636 : DHCPNameServer = 10.127.5.21 10.127.5.17 10.127.5.22 10.127.5.18
TCP: Interfaces\{F5B35952-DFB2-448C-8BC7-4040D75EE993}\F56427565635B697649696F5 : DHCPNameServer = 208.67.222.222 208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
x64-mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TPSCMain] C:\Program Files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 212.59.28.228 www.google-analytics.com.
Hosts: 212.59.28.228 ad-emea.doubleclick.net.
Hosts: 212.59.28.228 www.statcounter.com.
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-23 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-23 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-12 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-23 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130420.001\IDSviA64.sys [2013-4-23 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-23 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-23 405624]
R2 aksdf;aksdf;C:\windows\System32\drivers\aksdf.sys [2013-3-27 71040]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-11-10 235520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2011-6-7 250296]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2011-6-7 47032]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-11-10 93712]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-19 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-11-10 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-11-10 251496]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-11-10 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2012-11-10 1082472]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-11-10 48488]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2013-08-21 20:51:37 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8036EF27-6F5F-48AD-9227-B6FC35A6F682}\mpengine.dll
2013-08-20 00:43:01 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-20 00:21:27 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-20 00:18:32 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\Malwarebytes
2013-08-20 00:18:12 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-20 00:18:08 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-08-20 00:18:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 07:34:53 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\PowerDesigner
2013-08-19 07:31:47 260096 ------w- C:\windows\SysWow64\RICHTX32.OCX
2013-08-19 07:31:45 140488 ------w- C:\windows\SysWow64\COMDLG32.OCX
2013-08-19 07:28:57 -------- d-----w- C:\ProgramData\PowerDesigner 16
2013-08-19 07:28:57 -------- d-----w- C:\Program Files (x86)\Sybase
2013-08-19 05:33:45 -------- d-----w- C:\ProgramData\eSafe
2013-08-19 05:29:51 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\eIntaller
2013-08-19 05:29:47 -------- d-----w- C:\Program Files (x86)\Lyrics_Fan
2013-08-16 07:30:26 -------- d-----w- C:\windows\System32\appmgmt
2013-08-15 01:18:19 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-15 01:18:19 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-15 01:18:18 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-15 01:18:18 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-15 01:18:18 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-15 01:18:18 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-15 01:18:18 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-15 01:18:18 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-15 01:18:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-15 01:18:01 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-11 05:44:13 -------- d-----w- C:\Users\Jeremy\workspace
2013-08-11 05:41:44 972712 ----a-w- C:\windows\System32\deployJava1.dll
2013-08-11 05:41:43 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-08-11 05:41:21 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-08-08 16:39:11 -------- d-----w- C:\47d7cb9f68a4c6c2d1beaf0e7d90cee3
2013-08-05 17:14:10 -------- d-----w- C:\Users\Jeremy\AppData\Local\ElevatedDiagnostics
2013-08-03 22:50:49 -------- d-----w- C:\AMD
2013-08-01 00:33:31 -------- d-sh--w- C:\found.001
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-07-07 19:13:07 0 ----a-w- C:\Users\Jeremy\chrome.exe
2013-07-07 19:13:06 0 ----a-w- C:\Users\Jeremy\msconfig.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
============= FINISH: 22:37:08.83 ===============
 


Edited by Orange Blossom, 21 August 2013 - 10:31 PM.
Moved to log forum. ~ OB


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:03 AM

Posted 22 August 2013 - 05:38 PM

Hi ninjapanda

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Ares, UTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.
-------------

Ok, we have some work to do here, so let's get started:

Step 1
It is not recommended that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Norton Internet Security.

If removing Norton.....
Disable Norton and then run the Uninstaller, (in the add/remove) then:

Go to: Norton Removal Tool

Download it to your 'Desktop'.
Then click on the desktop icon to run the removal tool.
This will clean up a lot of leftover Registry items


Step 2
Download RogueKiller and save it to your desktop.
  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.


In your next reply, please submit:
RKreport.txt
and let me know which AV you removed


Thanks.

BBPP6nz.png


#7 ninjapanda

ninjapanda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 23 August 2013 - 06:25 AM

removed Norton, it was already expired tho :/

 

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeremy [Admin rights]
Mode : Scan -- Date : 08/23/2013 21:24:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Udsiufx (C:\Users\Jeremy\AppData\Roaming\Wykecy\buzy.exe [x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : TOSHIBA (C:\Users\Jeremy\AppData\Roaming\diuggivu\daubrbrd.exe [x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ecefbdfbdafec ("C:\ProgramData\ecefbdfbdafec.exe" [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3608466933-1211801341-3536693334-1000\[...]\Run : Udsiufx (C:\Users\Jeremy\AppData\Roaming\Wykecy\buzy.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3608466933-1211801341-3536693334-1000\[...]\Run : TOSHIBA (C:\Users\Jeremy\AppData\Roaming\diuggivu\daubrbrd.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3608466933-1211801341-3536693334-1000\[...]\Run : ecefbdfbdafec ("C:\ProgramData\ecefbdfbdafec.exe" [x]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

212.59.28.228 ad-emea.doubleclick.net. --> Potentially malicious!
212.59.28.228 www.statcounter.com. --> Potentially malicious!
93.115.241.27 ad-emea.doubleclick.net. --> Potentially malicious!
93.115.241.27 www.statcounter.com. --> Potentially malicious!

127.0.0.1       localhost
::1             localhost
212.59.28.228 www.google-analytics.com.
212.59.28.228 ad-emea.doubleclick.net.
212.59.28.228 www.statcounter.com.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 803af7e015bac7556ef3f391e9293c48
[BSP] 4b60a563221f5515050c7d758269f3c6 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 595249 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1222144000 | Size: 13730 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08232013_212426.txt >>

 

thanks.



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:03 AM

Posted 23 August 2013 - 09:32 AM

Hi ninjapanda
 

removed Norton

Ok, thanks for that.

Step 1
  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • When finished... click on the 'Hosts' tab (near the center) then Click on Fix Hosts (right hand side)
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.


Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Note:
To close down MSSE

Click on the 'Show Hidden Icons' arrow. (Bottom right of your screen)
and right click on the MSSE icon and select Open.

On the page that opens..... click on the Settings tab.

msse1_zps361cb990.png

On the next screen click on RealTime Protection

msse2_zpsfa7e45da.png

Now UNtick Turn on Realtime Protection (Recommended) and then click on Save Changes.

msse3_zps03970683.png

If the User Account control is turned on, you will need to click Yes on the next screen.

Just reverse the process and turn the Realtime Protection back on when you are finished.


Step 3
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
New RKreport.txt
JRT.txt
and both reports from OTL.

If the reports are too large, you may have to split them over a couple of posts.


Thanks.

BBPP6nz.png


#9 ninjapanda

ninjapanda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 24 August 2013 - 03:29 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Professional x64
Ran by Jeremy on Sat 24/08/2013 at 17:33:27.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrics_fan
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

 

~~~ Files

Successfully deleted: [File] C:\windows\Tasks\Lyrics-Fan Update.job
Successfully disinfected: [Shortcut] C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Jeremy\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Jeremy\AppData\Roaming\microsoft\windows\start menu\Programs\Search.lnk
Successfully disinfected: [Shortcut] C:\Users\Jeremy\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Users\Jeremy\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Program Files (x86)\lyrics_fan"
Successfully deleted: [Folder] "C:\Program Files (x86)\splashtop"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 24/08/2013 at 17:44:57.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


This log is quite long..

 

 

OTL logfile created on: 24/08/2013 5:48:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jeremy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
3.95 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 23.25% Memory free
7.90 Gb Paging File | 3.59 Gb Available in Paging File | 45.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.30 Gb Total Space | 514.31 Gb Free Space | 88.48% Space Free | Partition Type: NTFS
 
Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Jeremy\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe ()
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\GameOverlayUI.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota\bin\server.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota\bin\client.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\MaterialSystem.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\libcef.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\stdshader_dx9.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vphysics.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vgui2.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\tier0.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vguimatsurface.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vaudio_miles.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\StudioRender.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\SoundEmitterSystem.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\shaderapidx9.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\stdshader_dbg.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\scaleformui_4.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\networksystem.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vscript.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\localize.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\scenefilecache.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\FileSystem_Stdio.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vstdlib.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vaudio_celt.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\inputsystem.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\engine.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\launcher.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\datacache.dll ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\mssvoice.asi ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\mssmp3.asi ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\msseax.flt ()
MOD - c:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\mssds3d.flt ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtwlane.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RtkBtFilter) -- C:\Windows\SysNative\drivers\RtkBtfilter.sys (Realtek Microelectronics)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/04/30 12:02:29 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 212.59.28.228 www.google-analytics.com.
O1 - Hosts: 212.59.28.228 ad-emea.doubleclick.net.
O1 - Hosts: 212.59.28.228 www.statcounter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPSCMain] C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMI] C:\AMD\lsass\WMI.vbe ()
O4 - Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk =  File not found
O4 - Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24E34805-7CBC-4127-AF96-8EE2D4AF5B24}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B35952-DFB2-448C-8BC7-4040D75EE993}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 180 Days ==========
 
[2013/08/24 17:38:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.scr
[2013/08/24 17:33:12 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/23 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\RK_Quarantine
[2013/08/23 21:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/08/19 20:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/08/19 17:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/19 17:18:32 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Malwarebytes
[2013/08/19 17:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/19 17:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/19 17:18:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/08/19 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/19 02:55:27 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Full Object Report_files
[2013/08/19 00:34:53 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\PowerDesigner
[2013/08/19 00:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sybase
[2013/08/19 00:31:47 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RICHTX32.OCX
[2013/08/19 00:31:45 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX
[2013/08/19 00:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sybase
[2013/08/19 00:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerDesigner 16
[2013/08/18 22:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/18 22:29:51 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\eIntaller
[2013/08/18 02:18:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/18 02:18:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/18 02:18:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/18 02:18:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/18 02:18:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/18 02:18:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/18 02:18:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/18 02:18:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/18 02:18:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/18 02:18:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/18 02:18:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/18 02:18:40 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/18 02:18:40 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/18 02:18:40 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/18 02:18:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/16 00:30:26 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2013/08/14 18:18:19 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/14 18:18:18 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/14 18:18:18 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/14 18:17:57 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/14 18:17:55 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/08/14 18:17:54 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/08/14 18:17:53 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/08/14 18:17:51 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/08/14 18:17:50 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/08/14 18:17:50 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/08/14 18:17:49 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/08/14 18:17:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/08/14 18:17:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/08/14 18:17:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/08/14 18:17:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/08/14 18:17:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/08/10 23:29:58 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\week2
[2013/08/10 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\workspace
[2013/08/10 22:41:44 | 000,972,712 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013/08/10 22:41:43 | 001,093,032 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013/08/10 22:41:43 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013/08/10 22:41:21 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013/08/10 22:41:21 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013/08/10 22:41:21 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013/08/10 22:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/08/10 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\eclipse
[2013/08/08 09:39:11 | 000,000,000 | ---D | C] -- C:\47d7cb9f68a4c6c2d1beaf0e7d90cee3
[2013/08/05 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\ElevatedDiagnostics
[2013/08/03 15:50:49 | 000,000,000 | ---D | C] -- C:\AMD
[2013/07/31 17:33:31 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/07/29 11:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\sketch_130603b
[2013/07/17 17:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/07/17 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013/07/14 22:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/07/14 22:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2013/07/14 21:45:21 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2013/07/14 21:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2013/07/14 21:44:03 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysWow64\drivers\mcdbus.sys
[2013/07/14 21:44:03 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys
[2013/07/10 13:47:31 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/10 13:47:31 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/10 13:45:42 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/07/07 12:36:57 | 000,000,000 | ---D | C] -- C:\Microsoft_SDK
[2013/06/24 23:40:26 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\75 Medical Books Collection
[2013/06/24 13:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/06/13 22:54:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/13 22:52:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/06/13 22:52:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/06/13 22:52:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/06/13 22:50:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/06/13 22:50:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/06/12 17:41:19 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/12 17:41:19 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/06/12 17:41:15 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/06/12 17:41:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/06/12 17:41:11 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/06/12 17:40:54 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/12 17:40:54 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/12 17:40:53 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/06/12 17:40:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/06/12 17:40:44 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/06/12 17:40:44 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/06/04 23:54:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Auto-Joiner
[2013/06/03 00:42:31 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\sketch_130602c
[2013/06/02 18:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\sketch_130601a
[2013/06/01 00:19:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III Reign of Chaos & The Frozen Throne
[2013/05/24 13:31:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/05/17 20:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup 3.0
[2013/05/17 20:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0
[2013/05/17 20:15:19 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Programs
[2013/05/16 21:03:52 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\VirtualStore
[2013/05/15 13:41:41 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 13:41:31 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/05/15 13:41:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/05/15 13:41:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/05/15 13:41:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/05/15 13:40:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013/05/13 00:33:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2013/05/13 00:33:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2013/05/13 00:33:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2013/05/13 00:33:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2013/05/13 00:33:00 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_7.dll
[2013/05/13 00:33:00 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_7.dll
[2013/05/13 00:32:58 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2013/05/13 00:32:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2013/05/13 00:32:57 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_43.dll
[2013/05/13 00:32:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2013/05/13 00:32:55 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2013/05/13 00:32:55 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2013/05/13 00:32:54 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_43.dll
[2013/05/13 00:32:54 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2013/05/13 00:32:53 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_43.dll
[2013/05/13 00:32:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2013/05/13 00:32:51 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2013/05/13 00:32:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2013/05/13 00:32:51 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2013/05/13 00:32:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2013/05/13 00:32:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2013/05/13 00:32:50 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2013/05/13 00:32:49 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2013/05/13 00:32:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2013/05/13 00:32:47 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2013/05/13 00:32:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2013/05/13 00:32:46 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2013/05/13 00:32:44 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2013/05/13 00:32:44 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2013/05/13 00:32:42 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2013/05/13 00:32:42 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2013/05/13 00:32:41 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2013/05/13 00:32:41 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2013/05/13 00:32:39 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2013/05/13 00:32:39 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2013/05/13 00:32:36 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2013/05/13 00:32:36 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2013/05/13 00:32:34 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2013/05/13 00:32:34 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2013/05/13 00:32:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2013/05/13 00:32:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2013/05/13 00:32:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2013/05/13 00:32:30 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2013/05/13 00:32:30 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2013/05/13 00:32:29 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2013/05/13 00:32:29 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2013/05/13 00:32:27 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2013/05/13 00:32:27 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2013/05/13 00:32:27 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2013/05/13 00:32:27 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2013/05/13 00:32:24 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2013/05/13 00:32:24 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2013/05/13 00:32:23 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2013/05/13 00:32:23 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2013/05/13 00:32:23 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2013/05/13 00:32:23 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2013/05/13 00:32:21 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2013/05/13 00:32:21 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2013/05/13 00:32:21 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2013/05/13 00:32:21 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2013/05/13 00:32:19 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2013/05/13 00:32:19 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2013/05/13 00:32:19 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2013/05/13 00:32:19 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2013/05/13 00:32:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2013/05/13 00:32:18 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2013/05/13 00:32:15 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2013/05/13 00:32:15 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2013/05/13 00:32:15 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2013/05/13 00:32:15 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2013/05/13 00:32:13 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2013/05/13 00:32:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2013/05/13 00:32:12 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2013/05/13 00:32:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2013/05/13 00:32:11 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2013/05/13 00:32:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2013/05/13 00:32:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2013/05/13 00:32:10 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2013/05/13 00:32:09 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2013/05/13 00:32:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2013/05/13 00:32:07 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2013/05/13 00:32:07 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2013/05/13 00:32:07 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2013/05/13 00:32:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2013/05/13 00:32:05 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2013/05/13 00:32:05 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2013/05/13 00:32:03 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2013/05/13 00:32:03 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2013/05/13 00:32:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2013/05/13 00:32:02 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2013/05/13 00:32:01 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2013/05/13 00:32:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2013/05/13 00:31:59 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2013/05/13 00:31:59 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2013/05/13 00:31:59 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2013/05/13 00:31:59 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2013/05/13 00:31:56 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2013/05/13 00:31:56 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2013/05/13 00:31:55 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2013/05/13 00:31:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2013/05/13 00:31:52 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2013/05/13 00:31:52 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2013/05/13 00:31:52 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2013/05/13 00:31:52 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2013/05/13 00:31:49 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2013/05/13 00:31:49 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2013/05/13 00:31:47 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2013/05/13 00:31:47 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2013/05/13 00:31:46 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2013/05/13 00:31:46 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2013/05/13 00:31:45 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2013/05/13 00:31:45 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2013/05/13 00:31:42 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2013/05/13 00:31:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2013/05/13 00:31:40 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2013/05/13 00:31:40 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2013/05/13 00:31:40 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2013/05/13 00:31:40 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2013/05/13 00:31:37 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2013/05/13 00:31:37 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2013/05/13 00:31:37 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2013/05/13 00:31:37 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2013/05/13 00:31:34 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2013/05/13 00:31:34 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2013/05/13 00:31:34 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2013/05/13 00:31:34 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2013/05/13 00:31:32 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2013/05/13 00:31:32 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2013/05/13 00:31:30 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2013/05/13 00:31:30 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2013/05/13 00:31:29 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2013/05/13 00:31:29 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2013/05/13 00:31:26 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2013/05/13 00:31:26 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2013/05/13 00:31:24 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2013/05/13 00:31:24 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2013/05/13 00:31:22 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2013/05/13 00:31:22 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2013/05/13 00:31:21 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2013/05/13 00:31:21 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2013/05/13 00:31:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2013/05/13 00:31:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2013/05/13 00:31:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2013/05/13 00:31:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2013/05/13 00:31:13 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2013/05/13 00:31:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013/05/13 00:31:11 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2013/05/13 00:31:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2013/05/13 00:31:09 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2013/05/13 00:31:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2013/05/13 00:31:07 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2013/05/13 00:31:07 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2013/05/13 00:31:06 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2013/05/13 00:31:06 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2013/05/13 00:31:03 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2013/05/13 00:31:03 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2013/05/13 00:30:41 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2013/05/13 00:30:41 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2013/05/13 00:30:39 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2013/05/13 00:30:39 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2013/05/13 00:30:39 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2013/05/13 00:30:39 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2013/05/13 00:30:36 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2013/05/13 00:30:36 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2013/05/13 00:30:34 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2013/05/13 00:30:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2013/05/13 00:30:31 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2013/05/13 00:30:31 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2013/05/13 00:30:29 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2013/05/13 00:30:29 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2013/05/13 00:30:27 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2013/05/13 00:30:27 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2013/05/13 00:30:24 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2013/05/13 00:30:24 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2013/05/12 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/05/10 00:26:56 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/02 12:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/05/02 12:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/01 17:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/01 17:46:07 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/01 17:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/27 22:11:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Bluetooth
[2013/04/26 22:17:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\ActiveU0
[2013/04/16 00:37:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/04/10 19:39:05 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/04/10 19:39:03 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/04/10 19:39:03 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/04/10 19:39:03 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/04/10 19:39:03 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/04/10 19:39:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/04/10 19:28:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/04/10 19:28:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/04/10 19:28:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/04/09 00:39:47 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\WinRAR
[2013/04/09 00:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/09 00:39:46 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/09 00:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/04/01 14:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/04/01 14:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/03/31 13:30:43 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/31 13:30:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/31 13:30:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/03/31 13:30:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/03/31 13:30:43 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/31 13:30:43 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/03/31 13:30:43 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/03/31 13:30:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/03/31 13:30:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/03/31 13:30:43 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/31 13:30:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/03/31 13:30:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/03/31 13:30:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/03/31 13:30:43 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/03/31 13:30:43 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/31 13:30:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/31 13:30:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/03/31 13:30:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/03/31 13:30:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/03/31 13:30:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/03/31 13:30:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/31 13:30:43 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/03/31 13:30:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/03/31 13:30:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/03/31 13:30:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/03/31 13:30:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/03/31 13:30:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/03/31 13:30:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/31 13:30:43 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/03/31 13:30:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/03/31 13:30:43 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/03/31 13:30:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/03/31 13:30:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/03/31 13:30:43 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/03/31 13:30:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/31 13:30:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/03/31 13:30:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/03/31 13:30:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/03/31 13:30:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/31 13:30:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/03/31 13:30:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/03/31 13:30:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/03/31 13:30:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/03/31 13:30:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/03/31 13:30:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/03/31 13:30:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/03/31 13:30:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/03/31 13:30:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/03/31 13:30:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/03/31 13:30:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/03/31 13:30:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/03/31 13:30:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/03/31 13:30:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/03/27 13:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Minitab
[2013/03/27 13:32:54 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\drivers\aksdf.sys
[2013/03/27 13:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared
[2013/03/27 13:32:51 | 003,750,400 | ---- | C] (SafeNet Inc.) -- C:\windows\SysNative\hasplms.exe
[2013/03/27 13:32:50 | 000,130,816 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\drivers\aksfridge.sys
[2013/03/27 13:32:23 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\drivers\hardlock.sys
[2013/03/27 13:30:07 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2013/03/18 21:32:56 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023x.sys
[2013/03/18 21:32:56 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/15 01:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/15 01:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/15 01:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Driving
[2013/03/12 13:21:11 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/03/05 15:50:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Processing
[2013/03/05 15:50:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Processing
[2013/03/05 15:45:30 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\CrashDumps
[2013/03/05 15:21:36 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Dem127
[2013/03/05 11:51:00 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Comp115
[2013/02/28 18:15:36 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Diagnostics
[2013/02/28 00:17:46 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/02/28 00:17:45 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/02/28 00:17:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/02/28 00:17:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/02/28 00:17:43 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/02/28 00:17:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/02/28 00:17:42 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/02/28 00:17:42 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/02/28 00:17:42 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/02/28 00:17:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/28 00:17:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/28 00:17:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/28 00:17:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/28 00:17:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/28 00:17:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/28 00:17:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/28 00:17:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/28 00:17:41 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/02/28 00:17:41 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/02/28 00:17:41 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/02/28 00:17:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/02/28 00:17:41 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/02/28 00:17:41 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/02/28 00:17:41 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/02/28 00:17:41 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/02/28 00:17:41 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/02/28 00:17:41 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/02/28 00:17:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/28 00:17:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/28 00:17:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/28 00:17:41 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/28 00:17:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/28 00:17:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/28 00:17:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/28 00:17:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/28 00:17:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/28 00:17:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 22:03:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\My Received Files
[2013/02/26 17:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Skype
[2013/02/26 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Windows Live
 
========== Files - Modified Within 180 Days ==========
 
[2013/08/24 17:44:34 | 000,002,294 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/24 17:44:34 | 000,001,452 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/24 17:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.scr
[2013/08/24 17:11:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/24 17:01:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/24 12:22:18 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/24 12:22:18 | 000,630,590 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/24 12:22:18 | 000,111,732 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/24 12:21:32 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/24 12:21:32 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/24 12:14:52 | 000,000,374 | ---- | M] () -- C:\windows\tasks\Lyrics-Fan Update.job
[2013/08/24 12:14:41 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/08/24 12:14:40 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/24 12:13:46 | 3182,927,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/24 12:11:19 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/08/21 18:17:34 | 756,084,345 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/08/19 17:18:23 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/19 03:05:56 | 000,057,488 | ---- | M] () -- C:\Users\Jeremy\Desktop\ObjectOrientedModel_2.oom
[2013/08/19 03:05:56 | 000,000,642 | ---- | M] () -- C:\Users\Jeremy\Documents\Workspace.sws
[2013/08/19 03:05:25 | 000,001,273 | ---- | M] () -- C:\Users\Jeremy\Documents\Full Object Report.html
[2013/08/18 21:26:33 | 000,000,589 | ---- | M] () -- C:\Users\Jeremy\Desktop\eclipse - Shortcut.lnk
[2013/08/18 21:19:32 | 003,146,648 | ---- | M] () -- C:\Users\Jeremy\Desktop\AGLC3.pdf
[2013/08/18 12:21:36 | 000,002,442 | ---- | M] () -- C:\windows\Sandboxie.ini
[2013/08/18 12:19:39 | 000,416,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/08/18 12:17:41 | 001,845,232 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013/08/10 22:41:09 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013/08/10 22:41:06 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013/08/10 22:41:06 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013/08/10 22:41:05 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013/08/10 22:41:03 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013/08/10 22:41:03 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013/08/07 10:29:53 | 000,120,388 | ---- | M] () -- C:\Users\Jeremy\Desktop\Unit_Guide_2013_COMP125_S2 Day.pdf
[2013/08/05 16:13:22 | 000,007,602 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
[2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/25 22:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/25 22:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/25 22:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/25 22:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/07/25 22:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/07/25 22:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/07/25 22:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/07/25 20:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/25 20:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/07/25 20:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/07/25 20:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/07/25 20:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/07/25 19:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/07/25 18:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 02:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/25 01:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/17 17:26:06 | 000,000,907 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/07/14 21:48:22 | 000,001,004 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/07/08 23:03:30 | 005,550,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/07/08 22:54:22 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/07/08 22:53:12 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/07/08 22:52:52 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/07/08 22:51:16 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/07/08 22:46:20 | 001,472,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/07/08 22:46:20 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/07/08 22:03:34 | 003,968,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/07/08 22:03:34 | 003,913,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/07/08 21:52:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/07/08 19:49:42 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/07/08 19:49:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/07/08 19:49:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/07/08 19:49:38 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/07/07 12:13:07 | 000,000,000 | ---- | M] () -- C:\Users\Jeremy\chrome.exe
[2013/07/07 12:13:06 | 000,000,000 | ---- | M] () -- C:\Users\Jeremy\msconfig.exe
[2013/06/07 00:40:08 | 000,001,425 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk
[2013/06/03 23:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/06/03 21:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/06/01 18:17:11 | 000,045,270 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\room_v3.dat
[2013/05/29 17:30:35 | 002,554,270 | ---- | M] () -- C:\Users\Jeremy\Desktop\Inferno PDF.pdf
[2013/05/29 17:29:03 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/29 17:29:03 | 000,000,845 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/05/12 22:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/05/12 20:43:55 | 001,192,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/05/12 20:08:10 | 000,903,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/05/12 20:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/05/09 22:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/05/09 20:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/05/02 12:38:48 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/04/30 12:02:29 | 000,001,395 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/04/29 14:02:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/04/29 14:02:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/26 22:18:07 | 000,000,000 | ---- | M] () -- C:\ProgramData\2Pi1V0s.dat
[2013/04/26 22:17:53 | 000,000,001 | ---- | M] () -- C:\ProgramData\FQD5nk06.exe_.b
[2013/04/26 22:17:53 | 000,000,001 | ---- | M] () -- C:\ProgramData\FQD5nk06.exe.b
[2013/04/25 22:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/04/25 21:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/04/25 16:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/04/16 23:24:46 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/04/09 23:01:54 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/04/02 15:51:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/03/31 15:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/03/31 13:30:43 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/31 13:30:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/31 13:30:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/03/31 13:30:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/03/31 13:30:43 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/31 13:30:43 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/03/31 13:30:43 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/03/31 13:30:43 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/03/31 13:30:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/03/31 13:30:43 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/31 13:30:43 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/03/31 13:30:43 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/03/31 13:30:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/03/31 13:30:43 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/03/31 13:30:43 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/31 13:30:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/31 13:30:43 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/03/31 13:30:43 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/03/31 13:30:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/03/31 13:30:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/03/31 13:30:43 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/31 13:30:43 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/03/31 13:30:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/03/31 13:30:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/03/31 13:30:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/03/31 13:30:43 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/03/31 13:30:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/03/31 13:30:43 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/31 13:30:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/03/31 13:30:43 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/03/31 13:30:43 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/03/31 13:30:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/03/31 13:30:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/03/31 13:30:43 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/03/31 13:30:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/31 13:30:43 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/03/31 13:30:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/03/31 13:30:43 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/03/31 13:30:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/31 13:30:43 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/03/31 13:30:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/03/31 13:30:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/03/31 13:30:43 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/03/31 13:30:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/03/31 13:30:43 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/03/31 13:30:43 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/03/31 13:30:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/03/31 13:30:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/03/31 13:30:43 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/03/31 13:30:43 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/31 13:30:43 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/03/31 13:30:43 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/03/31 13:30:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/03/31 13:30:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/03/31 13:30:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/03/18 22:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013/03/18 22:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/03/18 21:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/03/18 20:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/02/27 23:13:26 | 007,975,631 | ---- | M] () -- C:\Users\Jeremy\Desktop\Learning Processing - A Beginners Guide To Programming Images, Animation & Interaction.pdf
[2013/02/26 23:02:44 | 000,111,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/02/26 22:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/02/26 22:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/02/26 21:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
 
========== Files Created - No Company Name ==========
 
[2013/08/19 17:18:23 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/19 03:00:01 | 000,000,642 | ---- | C] () -- C:\Users\Jeremy\Documents\Workspace.sws
[2013/08/19 02:59:59 | 000,057,488 | ---- | C] () -- C:\Users\Jeremy\Desktop\ObjectOrientedModel_2.oom
[2013/08/19 02:55:27 | 000,001,273 | ---- | C] () -- C:\Users\Jeremy\Documents\Full Object Report.html
[2013/08/18 22:29:48 | 000,000,374 | ---- | C] () -- C:\windows\tasks\Lyrics-Fan Update.job
[2013/08/18 21:26:33 | 000,000,589 | ---- | C] () -- C:\Users\Jeremy\Desktop\eclipse - Shortcut.lnk
[2013/08/18 21:19:26 | 003,146,648 | ---- | C] () -- C:\Users\Jeremy\Desktop\AGLC3.pdf
[2013/08/07 10:29:53 | 000,120,388 | ---- | C] () -- C:\Users\Jeremy\Desktop\Unit_Guide_2013_COMP125_S2 Day.pdf
[2013/07/17 17:26:24 | 000,000,907 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/07/17 17:26:22 | 000,002,442 | ---- | C] () -- C:\windows\Sandboxie.ini
[2013/07/14 21:45:22 | 000,001,004 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/07/07 12:13:07 | 000,000,000 | ---- | C] () -- C:\Users\Jeremy\chrome.exe
[2013/07/07 12:13:06 | 000,000,000 | ---- | C] () -- C:\Users\Jeremy\msconfig.exe
[2013/06/13 22:52:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/06/13 22:52:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/06/13 22:52:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/06/13 22:52:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/06/13 22:52:13 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/06/01 18:17:11 | 000,045,270 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\room_v3.dat
[2013/05/29 17:29:59 | 002,554,270 | ---- | C] () -- C:\Users\Jeremy\Desktop\Inferno PDF.pdf
[2013/05/29 17:29:03 | 000,000,845 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/05/29 17:29:02 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/16 21:51:46 | 000,007,602 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
[2013/05/12 21:18:25 | 000,002,309 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/05/02 12:38:48 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/05/02 12:38:41 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/04/26 22:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\2Pi1V0s.dat
[2013/04/26 22:17:53 | 000,000,001 | ---- | C] () -- C:\ProgramData\FQD5nk06.exe_.b
[2013/04/26 22:17:53 | 000,000,001 | ---- | C] () -- C:\ProgramData\FQD5nk06.exe.b
[2013/04/23 18:52:40 | 000,001,425 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk
[2013/03/31 13:30:43 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/31 13:30:43 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/03/12 13:21:00 | 756,084,345 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/02/28 00:08:53 | 007,975,631 | ---- | C] () -- C:\Users\Jeremy\Desktop\Learning Processing - A Beginners Guide To Programming Images, Animation & Interaction.pdf
[2012/11/10 08:49:10 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2012/11/10 07:59:39 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/11/10 07:55:25 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/11/10 07:53:11 | 000,028,528 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2012/11/10 07:47:41 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/11/10 07:45:39 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/11/10 07:45:39 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/11/10 07:45:39 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/02/02 23:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/01/20 05:49:58 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012/01/20 05:49:48 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/04 23:54:44 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Auto-Joiner
[2013/08/19 21:37:58 | 000,000,000 | -HSD | M] -- C:\Users\Jeremy\AppData\Roaming\diuggivu
[2013/08/18 22:29:51 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\eIntaller
[2013/08/19 00:34:53 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\PowerDesigner
[2013/06/03 17:20:04 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Processing
[2013/02/21 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Toshiba
[2013/08/19 21:33:07 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/04/10 13:42:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/08/24 12:13:46 | 3182,927,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/24 12:13:50 | 4243,906,560 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/25 23:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396 [2013/07/25 20:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/07/25 23:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE HTTP://WWW.QVO6.COM/?UTM_SOURCE=B&UTM_MEDIUM=COR&FROM=COR&UID=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&TS=1376890396 [2013/07/25 20:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation)

< End of report >


OTL Extras logfile created on: 24/08/2013 5:48:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jeremy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
3.95 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 23.25% Memory free
7.90 Gb Paging File | 3.59 Gb Available in Paging File | 45.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.30 Gb Total Space | 514.31 Gb Free Space | 88.48% Space Free | Partition Type: NTFS
 
Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0229937B-0D89-44FE-900F-3039A3C0866A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{135309B0-3E2F-4420-AC7C-ECF236DF6478}" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\roaming\utorrent\utorrent.exe |
"{1F08000B-2A14-49D9-B917-832C4D836B99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{348CE06D-1161-4F72-B47A-B04A6D0D172A}" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\roaming\utorrent\utorrent.exe |
"{363D4790-7FE8-4F0C-8042-8B3A5C8FB8EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4BEBE92E-311D-433C-B352-AED0C4B6616C}" = dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"{5A16BB7A-D0A6-4863-8823-48C1E35E01D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{5FA82C80-B8B2-422F-AD07-65046317CA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{91B53F7C-3E9D-4DB0-A8C5-CBA0B68233D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{938FC502-C2B2-4AA7-9764-0F2C67A381CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
"{A0D811CD-46BC-4A88-97F1-FD3CB035A713}" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\local\temp\7zse3.tmp\symnrt.exe |
"{ADABDF15-F3FE-4462-AA99-B01C71080A90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
"{BD901EC1-D619-49A0-813D-15AFE9FD6DD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\dota 2 beta\dota.exe |
"{BE5F319C-FBC3-4FDB-8250-814EE840045E}" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\local\temp\7zse3.tmp\symnrt.exe |
"{C647CD7D-6F3F-4270-B94F-FA6BEC651DBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\dota 2 beta\dota.exe |
"{E2CF12B1-8838-4957-A941-195349E157A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{FAA154E9-44E6-417F-A5B5-99772B21FAF4}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"TCP Query User{01F98642-657F-4E92-B268-6641E661F340}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{4BDFD5FD-A8AE-4AF0-8527-30B6269D6ADC}C:\users\jeremy\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{4F47D7C3-0226-45DC-88DE-23D254C61782}C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe |
"TCP Query User{58780A28-8D83-4E9D-82A1-0C047A4A08CB}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{5FEBD7B3-3CFA-47B9-8675-E464BDF919A6}C:\users\jeremy\appdata\roaming\wykecy\buzy.exe" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\roaming\wykecy\buzy.exe |
"TCP Query User{651B4D55-E08D-431D-93D9-57B8275E6AD0}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{6609DC13-AB1A-4154-BED7-FF4421F754B7}C:\users\jeremy\appdata\roaming\odahe\yzid.exe" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\roaming\odahe\yzid.exe |
"TCP Query User{7623265B-07D7-4CD5-8645-EF2C7526D1DD}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{BFD2E61E-A928-4BC6-9537-41E9CE2479B6}C:\users\jeremy\appdata\roaming\wykecy\buzy.exe" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\roaming\wykecy\buzy.exe |
"TCP Query User{EFC68F91-E3E8-4522-B828-8B8801A5C42F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{FCDF0D18-85A2-4556-9766-8E8D35C42F35}C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe |
"UDP Query User{5297BE70-845E-47B6-8540-B583CD2FC7C2}C:\users\jeremy\appdata\roaming\odahe\yzid.exe" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\roaming\odahe\yzid.exe |
"UDP Query User{5360CBC1-AA49-48E1-A6C9-8FDF0758CD6E}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{5B14CBD2-BF18-49E3-828E-AAEDE39F8C49}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{62EF2863-10E9-45EB-B746-ADA84F52B748}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{75E905E4-8010-4DAF-93AC-2E27CB0BED1C}C:\users\jeremy\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{86E03DEB-2C1C-46E7-85B5-05BC858560E7}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{8A2EE338-4755-4A25-B245-61C7EE746EA1}C:\users\jeremy\appdata\roaming\wykecy\buzy.exe" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\roaming\wykecy\buzy.exe |
"UDP Query User{9C657CA4-CF7E-470B-A2B0-BCC6327C491B}C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe |
"UDP Query User{ACADEE76-1121-4962-B31B-A5D39C7343D9}C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe |
"UDP Query User{ADEACEFC-EEA9-4FFE-BDDD-4550C4C5AF96}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{D74393DC-4528-4D1F-A42B-93F3F371CAB2}C:\users\jeremy\appdata\roaming\wykecy\buzy.exe" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\roaming\wykecy\buzy.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC12C41-9B5B-AEF9-0A63-EE2AA19FBFB8}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}" = TOSHIBA Peak Shift Control
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}" = TOSHIBA Audio Enhancement
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F856881A-D370-B1A7-2AFF-128F4AA93558}" = AMD Catalyst Install Manager
"EA90D42054890B3938D0BEF1E8A316D20C6D6003" = Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Sandboxie" = Sandboxie 4.04 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AB6726B-2C04-75E6-D30A-AA8C0E26E46A}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B341C66-33EB-BAF0-6138-38AD1A502527}" = Catalyst Control Center
"{1D74451F-B220-E2E4-7FCD-520AA66F1A85}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FAB6902-546D-9060-D0C8-4B502160AA06}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C14B193-A623-7DAA-9660-BB1EBF870D6B}" = Catalyst Control Center InstallProxy
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2CC1453B-3385-F6FF-735F-F3BA36758715}" = CCC Help Swedish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3253D3E5-C08E-E22B-BA99-DE88F520CBB3}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D516940-6675-41C1-E3DA-E3D358A7C207}" = CCC Help Italian
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52B05867-9440-98ED-617B-6C05ACD1E457}" = Catalyst Control Center Graphics Previews Common
"{571F7B9B-96B8-E1B8-E198-0458BF5F80C4}" = CCC Help Hungarian
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{7540EB6A-FE9B-4EE2-37D9-A88DC87AA9E6}" = CCC Help Turkish
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{7D263751-40FB-D719-9F42-B62B67553D6F}" = CCC Help Chinese Traditional
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8220FCF2-A57F-4236-BFCC-C6C2268E851E}" = RtkClassFilter
"{82EE309C-B63C-1AAA-79AB-8A5E5986B687}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931991F4-99D4-95A6-1235-EAA599884AC6}" = CCC Help Danish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{990B884F-569C-5078-DD76-8BE91A569291}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E77F8EF-588E-D11B-697F-5514B97779DF}" = CCC Help Greek
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1E6446-8D82-45B4-B409-4034D6A446DC}" = Sybase PowerDesigner 16.1
"{AB34574F-AC24-AAB7-066E-680256DD91E9}" = Catalyst Control Center Localization All
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B740C369-EA8D-2FDB-4265-CB70DD08095D}" = CCC Help Spanish
"{B9818C90-560C-8DC7-E254-38323B9A41EA}" = CCC Help Polish
"{BD37CF23-3458-BFD1-7583-F8FFC37561F2}" = CCC Help Czech
"{BF34B28A-4D50-439A-6B6B-13EA41235E43}" = CCC Help German
"{C2471823-76DB-B529-F037-8D02CAC5DE5E}" = CCC Help Dutch
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAE76FE1-BD65-3251-1B6F-6B519A661A1F}" = CCC Help Finnish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7809829-3AC8-FBFA-2001-0D9BEBE51386}" = CCC Help Portuguese
"{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}" = TOSHIBA ConfigFree
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F79997CC-F030-93C6-7882-92DC241D7C07}" = CCC Help Thai
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3E16F2-D838-7B5F-A31E-2D55757D18E7}" = CCC Help French
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}" = RtkClassFilter
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Norton PC Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Steam App 570" = Dota 2
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WTA-39e5df5a-7867-4505-8445-0e2cd323e7a2" = Plants vs. Zombies - Game of the Year
"WTA-95323914-d189-469e-ba8e-8523cfcad391" = Zuma's Revenge
"WTA-ddaf7959-615d-4dfc-be1b-ba48a2b85dfc" = Bejeweled 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet" = Applet
 
< End of report >
 



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:03 AM

Posted 24 August 2013 - 11:21 AM

Hi ninjapanda

Did you follow 'Step 1' in my previous post?
 

Step 1

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • When finished... click on the 'Hosts' tab (near the center) then Click on Fix Hosts (right hand side)
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

The Otl report would suggest that Step 1 wasn't completed.

BBPP6nz.png


#11 ninjapanda

ninjapanda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 25 August 2013 - 09:35 AM

yep I did. forgot to post it but I deleted the log... sorry :(



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:03 AM

Posted 25 August 2013 - 10:44 AM

Hi ninjapanda

Step 1
If the Otl fix freezes, you will have to remove MBAM and then run the Otl fix again.
This is a known problem on some systems ( but not all)
MBAM can be reinstalled once the fix has finished.


Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
PRC -  File not found
O1 - Hosts: 212.59.28.228 www.google-analytics.com.
O1 - Hosts: 212.59.28.228 ad-emea.doubleclick.net.
O1 - Hosts: 212.59.28.228 www.statcounter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [WMI] C:\AMD\lsass\WMI.vbe ()
O4 - Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk =  File not found
O4 - Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk =  File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/04/26 22:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\2Pi1V0s.dat
[2013/04/26 22:17:53 | 000,000,001 | ---- | C] () -- C:\ProgramData\FQD5nk06.exe_.b
[2013/04/26 22:17:53 | 000,000,001 | ---- | C] () -- C:\ProgramData\FQD5nk06.exe.b
[2013/04/26 22:17:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\ActiveU0

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Do not re-enable these drivers until otherwise instructed.


Step 3
If you still have a copy of Combofix on your system, please remove it now.
Right click on the Combofix icon and select delete.
Now we'll get a fresh copy:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.



    In your next reply, please submit:
    Otl fix report
    Combofix.txt


    Thanks.

BBPP6nz.png


#13 ninjapanda

ninjapanda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 27 August 2013 - 09:57 PM

The otl doesn't run properly. I ran it 5 times and even uninstalled MBAM, but it still doesn't work.. :(

 

heres the combofix log...

 

ComboFix 13-08-27.02 - Jeremy 28/08/2013  12:33:52.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.4047.2279 [GMT -7:00]
Running from: c:\users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PG7L00AK\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\amd\lsass
c:\amd\lsass\api-example.c
c:\amd\lsass\api-example.php
c:\amd\lsass\api-example.py
c:\amd\lsass\bitstreams\COPYING_fpgaminer
c:\amd\lsass\bitstreams\COPYING_ztex
c:\amd\lsass\bitstreams\fpgaminer_top_fixed7_197MHz.ncd
c:\amd\lsass\bitstreams\ztex_ufm1_15b1.bit
c:\amd\lsass\bitstreams\ztex_ufm1_15d1.bit
c:\amd\lsass\bitstreams\ztex_ufm1_15d3.bit
c:\amd\lsass\bitstreams\ztex_ufm1_15d4.bin
c:\amd\lsass\bitstreams\ztex_ufm1_15d4.bit
c:\amd\lsass\bitstreams\ztex_ufm1_15y1.bin
c:\amd\lsass\bitstreams\ztex_ufm1_15y1.bit
c:\amd\lsass\diablo130302.cl
c:\amd\lsass\diakgcn121016.cl
c:\amd\lsass\example.conf
c:\amd\lsass\libcurl.dll
c:\amd\lsass\libeay32.dll
c:\amd\lsass\libidn-11.dll
c:\amd\lsass\librtmp.dll
c:\amd\lsass\libssh2.dll
c:\amd\lsass\libusb-1.0.dll
c:\amd\lsass\miner.php
c:\amd\lsass\phatk121016.cl
c:\amd\lsass\phatk121016Turksv2w128l4.bin
c:\amd\lsass\poclbm130302.cl
c:\amd\lsass\scrypt130511.cl
c:\amd\lsass\ssleay32.dll
c:\amd\lsass\WMI.vbe
c:\amd\lsass\zlib1.dll
c:\programdata\FQD5nk06.exe.b
c:\programdata\FQD5nk06.exe_.b
c:\users\Jeremy\chrome.exe
c:\users\Jeremy\msconfig.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-28  )))))))))))))))))))))))))))))))
.
.
2013-08-28 19:50 . 2013-08-28 19:50 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{556D2A4C-23A9-40D5-AA87-A0F98C5C5C02}\offreg.dll
2013-08-28 19:49 . 2013-08-28 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-28 19:16 . 2013-08-28 19:16 -------- d-----w- C:\_OTL
2013-08-28 03:11 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{556D2A4C-23A9-40D5-AA87-A0F98C5C5C02}\mpengine.dll
2013-08-27 18:56 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-25 00:33 . 2013-08-25 00:33 -------- d-----w- c:\windows\ERUNT
2013-08-24 04:18 . 2013-08-24 04:18 -------- d-----w- c:\programdata\Symantec
2013-08-23 22:24 . 2013-08-23 22:23 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA55FE49-E73C-4299-929F-DDB056D1E0C6}\gapaengine.dll
2013-08-20 00:21 . 2013-08-20 01:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-20 00:18 . 2013-08-20 00:18 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Malwarebytes
2013-08-20 00:18 . 2013-08-20 00:18 -------- d-----w- c:\programdata\Malwarebytes
2013-08-19 07:34 . 2013-08-19 07:34 -------- d-----w- c:\users\Jeremy\AppData\Roaming\PowerDesigner
2013-08-19 07:31 . 2011-12-12 11:24 260096 ------w- c:\windows\SysWow64\RICHTX32.OCX
2013-08-19 07:31 . 2011-12-12 11:24 140488 ------w- c:\windows\SysWow64\COMDLG32.OCX
2013-08-19 07:28 . 2013-08-19 07:56 -------- d-----w- c:\programdata\PowerDesigner 16
2013-08-19 07:28 . 2013-08-19 07:28 -------- d-----w- c:\program files (x86)\Sybase
2013-08-19 05:29 . 2013-08-19 05:29 -------- d-----w- c:\users\Jeremy\AppData\Roaming\eIntaller
2013-08-16 07:30 . 2013-08-16 07:30 -------- d-----w- c:\windows\system32\appmgmt
2013-08-15 01:18 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 01:18 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 01:18 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 01:18 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 01:18 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 01:18 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 01:18 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 01:18 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 01:18 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 01:18 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-11 05:44 . 2013-08-21 06:59 -------- d-----w- c:\users\Jeremy\workspace
2013-08-11 05:41 . 2013-08-11 05:41 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-11 05:41 . 2013-08-11 05:41 312232 ----a-w- c:\windows\system32\javaws.exe
2013-08-11 05:41 . 2013-08-11 05:41 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-11 05:41 . 2013-08-11 05:41 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-11 05:41 . 2013-08-11 05:41 189352 ----a-w- c:\windows\system32\javaw.exe
2013-08-11 05:41 . 2013-08-11 05:41 188840 ----a-w- c:\windows\system32\java.exe
2013-08-11 05:39 . 2013-08-11 05:40 -------- d-----w- c:\program files\Java
2013-08-08 16:39 . 2013-08-08 16:39 -------- d-----w- C:\47d7cb9f68a4c6c2d1beaf0e7d90cee3
2013-08-05 17:14 . 2013-08-25 06:50 -------- d-----w- c:\users\Jeremy\AppData\Local\ElevatedDiagnostics
2013-08-03 22:50 . 2013-08-28 19:48 -------- d-----w- C:\AMD
2013-08-01 00:33 . 2013-08-01 00:33 -------- d-----w- C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 18:42 . 2013-05-22 00:00 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-15 01:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-05 03:34 . 2013-07-10 20:46 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 20:47 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 20:47 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-05-09 18680424]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 759384]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-04 1110360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 22:11 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10 15:17]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10 15:17]
.
2013-08-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41]
.
2013-08-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-GarenaPlus - c:\program files (x86)\Garena Plus\GarenaMessenger.exe
Wow6432Node-HKCU-Run-WMI - c:\amd\lsass\WMI.vbe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe
c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk - c:\program files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TPSCMain - c:\program files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-MagicDisc 2.7.106 - c:\progra~2\MAGICD~1\UNWISE.EXE
AddRemove-WildTangentGameProvider-toshiba-genres - c:\program files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-toshiba-main - c:\program files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WTA-39e5df5a-7867-4505-8445-0e2cd323e7a2 - c:\program files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe
AddRemove-WTA-95323914-d189-469e-ba8e-8523cfcad391 - c:\program files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe
AddRemove-WTA-ddaf7959-615d-4dfc-be1b-ba48a2b85dfc - c:\program files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba - c:\program files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3608466933-1211801341-3536693334-1000_Classes\CLSID\{0B555735-6CD7-7A48-A9DF-ADD9BC2DC170}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-08-28  12:56:04 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-28 19:56
.
Pre-Run: 552,281,272,320 bytes free
Post-Run: 553,591,693,312 bytes free
.
- - End Of File - - 0B0C3A02D8A4C60AF9F786C070C59928
 



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:03 AM

Posted 28 August 2013 - 11:06 AM

Hi ninjapanda
 

Running from: c:\users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PG7L00AK\ComboFix.exe

Please follow any instructions given for downloading the tools.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

As you can see from the report..... Combofix was run from the temp internet files and wasn't renamed.
You must click on Save and not Run, when downloading the tools.
If we needed to run a fix using Combofix, the fix wouldn't have worked with it being in the Temp Internet files.
Plus as soon as we clean out the temp folders.... Combofix will disappear.

Step 1
There may be a problem with Microsoft Security Essentials..... please try uninstalling it and download a fresh copy from:
MS Security Essentials

If you have problems uninstalling/reinstalling MSSE, let me know.


Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

frsticon_zpsdc3cbdc3.png
  • Double-click the downloaded icon to run the tool
  • Vista/Win7 users should right click on the icon and select Run as Administrator.
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

  • .

    Thanks


Edited by Starbuck, 28 August 2013 - 11:07 AM.

BBPP6nz.png


#15 ninjapanda

ninjapanda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 30 August 2013 - 10:26 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2013 01
Ran by Jeremy (administrator) on JEREMY-PC on 31-08-2013 13:24:36
Running from C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOC22ZJR
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(AMD) C:\windows\system32\atieclxx.exe
(SafeNet Inc.) C:\windows\system32\hasplms.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] - C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18680424 2013-05-08] (Skype Technologies S.A.)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1110360 2010-05-03] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK6475GSX_82IAFZWJSXX82IAFZWJS&ts=1376890396
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR Extension: (Gmail) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [okkbcpjgdooahcefofhjdpacngfecaaa] - C:\Program Files (x86)\Lyrics_Fan\128.crx

==================== Services (Whitelisted) =================

R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 hasplms; C:\windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-03] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe [126392 2011-09-13] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1082472 2012-01-16] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-28 12:56 - 2013-08-28 12:56 - 00019750 _____ C:\ComboFix.txt
2013-08-28 12:30 - 2013-08-28 12:30 - 00602112 _____ (OldTimer Tools) C:\Users\Jeremy\Desktop\OTL.scr
2013-08-28 12:20 - 2011-06-25 23:45 - 00256000 _____ C:\windows\PEV.exe
2013-08-28 12:20 - 2010-11-07 10:20 - 00208896 _____ C:\windows\MBR.exe
2013-08-28 12:20 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-08-28 12:20 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-08-28 12:20 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-08-28 12:20 - 2000-08-30 17:00 - 00098816 _____ C:\windows\sed.exe
2013-08-28 12:20 - 2000-08-30 17:00 - 00080412 _____ C:\windows\grep.exe
2013-08-28 12:20 - 2000-08-30 17:00 - 00068096 _____ C:\windows\zip.exe
2013-08-28 12:19 - 2013-08-28 12:56 - 00000000 ____D C:\Qoobox
2013-08-28 12:17 - 2013-08-28 12:17 - 00000474 _____ C:\Users\Jeremy\Desktop\defogger_disable.log
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 _____ C:\Users\Jeremy\defogger_reenable
2013-08-28 12:16 - 2013-08-28 12:16 - 00000000 ____D C:\_OTL
2013-08-24 17:33 - 2013-08-24 17:33 - 00000000 ____D C:\windows\ERUNT
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\ProgramData\Symantec
2013-08-21 18:18 - 2013-08-21 18:18 - 01588856 _____ C:\windows\Minidump\082113-53508-01.dmp
2013-08-20 23:44 - 2013-08-20 23:44 - 00002854 _____ C:\Users\Jeremy\Downloads\CSC.zip
2013-08-20 23:44 - 2013-08-20 23:44 - 00000000 ____D C:\Users\Jeremy\Downloads\CSC
2013-08-19 17:30 - 2013-08-25 22:36 - 00005248 _____ C:\Users\Jeremy\Documents\WordRqmErrors.log
2013-08-19 17:21 - 2013-08-19 18:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-19 17:18 - 2013-08-19 17:18 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Malwarebytes
2013-08-19 17:18 - 2013-08-19 17:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 03:00 - 2013-08-19 03:05 - 00000642 _____ C:\Users\Jeremy\Documents\Workspace.sws
2013-08-19 02:59 - 2013-08-19 03:05 - 00057488 _____ C:\Users\Jeremy\Desktop\ObjectOrientedModel_2.oom
2013-08-19 02:55 - 2013-08-19 03:05 - 00001273 _____ C:\Users\Jeremy\Documents\Full Object Report.html
2013-08-19 02:55 - 2013-08-19 02:55 - 00000000 ____D C:\Users\Jeremy\Documents\Full Object Report_files
2013-08-19 00:34 - 2013-08-19 00:34 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\PowerDesigner
2013-08-19 00:31 - 2011-12-12 04:24 - 00260096 ____N (Microsoft Corporation) C:\windows\SysWOW64\RICHTX32.OCX
2013-08-19 00:31 - 2011-12-12 04:24 - 00140488 ____N (Microsoft Corporation) C:\windows\SysWOW64\COMDLG32.OCX
2013-08-19 00:28 - 2013-08-19 00:56 - 00000000 ____D C:\ProgramData\PowerDesigner 16
2013-08-19 00:28 - 2013-08-19 00:28 - 00000000 ____D C:\Program Files (x86)\Sybase
2013-08-18 23:38 - 2013-08-18 23:38 - 353134605 _____ (Acresso Software Inc.                                        ) C:\Users\Jeremy\Downloads\PowerDesigner161_Evaluation.exe
2013-08-18 22:29 - 2013-08-18 22:29 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\eIntaller
2013-08-18 21:26 - 2013-08-18 21:26 - 00000589 _____ C:\Users\Jeremy\Desktop\eclipse - Shortcut.lnk
2013-08-18 02:18 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-18 02:18 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-18 02:18 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-18 02:18 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-18 02:18 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-18 02:18 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-18 02:18 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-18 02:18 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-18 02:18 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-18 02:18 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-18 02:18 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-18 02:18 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-18 02:18 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-18 02:18 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 00:30 - 2013-08-16 00:30 - 00000000 ____D C:\windows\system32\appmgmt
2013-08-14 18:18 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-14 18:18 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-14 18:18 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-14 18:18 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-14 18:18 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-14 18:18 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-14 18:18 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-14 18:18 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-14 18:18 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-14 18:18 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-14 18:17 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-14 18:17 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:17 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-14 18:17 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-14 18:17 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-14 18:17 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-14 18:17 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:17 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:17 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-14 18:17 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-14 18:17 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-14 18:17 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-14 18:17 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-14 18:17 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-14 18:17 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-14 18:17 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-14 18:17 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-10 23:29 - 2013-08-10 23:29 - 00000000 ____D C:\Users\Jeremy\Desktop\week2
2013-08-10 22:44 - 2013-08-20 23:59 - 00000000 ____D C:\Users\Jeremy\workspace
2013-08-10 22:41 - 2013-08-10 22:41 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-08-10 22:41 - 2013-08-10 22:41 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-08-10 22:41 - 2013-08-10 22:41 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-08-10 22:41 - 2013-08-10 22:41 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-08-10 22:41 - 2013-08-10 22:41 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-08-10 22:41 - 2013-08-10 22:41 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-08-10 22:39 - 2013-08-10 22:40 - 00000000 ____D C:\Program Files\Java
2013-08-10 22:18 - 2013-08-25 18:45 - 00000000 ____D C:\Users\Jeremy\Desktop\eclipse
2013-08-10 22:18 - 2013-08-10 22:18 - 00000000 ____D C:\Users\Jeremy\Downloads\eclipse-standard-kepler-R-win32-x86_64
2013-08-08 09:39 - 2013-08-08 09:39 - 00000000 ____D C:\47d7cb9f68a4c6c2d1beaf0e7d90cee3
2013-08-03 15:50 - 2013-08-28 12:48 - 00000000 ____D C:\AMD

==================== One Month Modified Files and Folders =======

2013-08-31 13:24 - 2013-08-31 13:24 - 00000000 ____D C:\FRST
2013-08-31 13:22 - 2012-11-10 08:17 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-31 13:22 - 2012-11-10 08:17 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-31 13:22 - 2012-11-10 07:42 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-08-31 13:22 - 2012-11-10 07:40 - 01884586 _____ C:\windows\WindowsUpdate.log
2013-08-31 13:21 - 2013-02-26 17:51 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Skype
2013-08-30 17:10 - 2009-07-13 21:51 - 00067846 _____ C:\windows\setupact.log
2013-08-29 16:32 - 2009-07-13 21:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 16:32 - 2009-07-13 21:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 16:31 - 2009-07-13 22:13 - 00726316 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-29 16:26 - 2013-07-17 17:26 - 00002490 _____ C:\windows\Sandboxie.ini
2013-08-29 16:26 - 2013-04-27 22:11 - 00000000 ____D C:\Users\Jeremy\Documents\Bluetooth
2013-08-29 16:26 - 2013-03-05 15:45 - 00000000 ____D C:\Users\Jeremy\AppData\Local\CrashDumps
2013-08-29 16:25 - 2012-11-10 07:42 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-08-29 16:25 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-28 12:56 - 2013-08-28 12:56 - 00019750 _____ C:\ComboFix.txt
2013-08-28 12:56 - 2013-08-28 12:19 - 00000000 ____D C:\Qoobox
2013-08-28 12:56 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2013-08-28 12:55 - 2013-02-21 17:34 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 12:54 - 2013-06-13 22:50 - 00000000 ____D C:\windows\erdnt
2013-08-28 12:51 - 2009-07-13 19:34 - 00000215 _____ C:\windows\system.ini
2013-08-28 12:50 - 2010-11-20 20:47 - 00127738 _____ C:\windows\PFRO.log
2013-08-28 12:48 - 2013-08-03 15:50 - 00000000 ____D C:\AMD
2013-08-28 12:48 - 2013-02-21 17:30 - 00000000 ____D C:\Users\Jeremy
2013-08-28 12:30 - 2013-08-28 12:30 - 00602112 _____ (OldTimer Tools) C:\Users\Jeremy\Desktop\OTL.scr
2013-08-28 12:17 - 2013-08-28 12:17 - 00000474 _____ C:\Users\Jeremy\Desktop\defogger_disable.log
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 _____ C:\Users\Jeremy\defogger_reenable
2013-08-28 12:16 - 2013-08-28 12:16 - 00000000 ____D C:\_OTL
2013-08-25 22:36 - 2013-08-19 17:30 - 00005248 _____ C:\Users\Jeremy\Documents\WordRqmErrors.log
2013-08-25 18:45 - 2013-08-10 22:18 - 00000000 ____D C:\Users\Jeremy\Desktop\eclipse
2013-08-24 17:44 - 2013-05-12 21:18 - 00002309 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-08-24 17:44 - 2013-02-21 17:34 - 00001428 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-24 17:33 - 2013-08-24 17:33 - 00000000 ____D C:\windows\ERUNT
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\ProgramData\Symantec
2013-08-23 21:13 - 2012-11-10 08:34 - 00000000 ____D C:\ProgramData\Norton
2013-08-23 21:13 - 2012-11-10 08:34 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-21 18:18 - 2013-08-21 18:18 - 01588856 _____ C:\windows\Minidump\082113-53508-01.dmp
2013-08-21 18:18 - 2013-03-12 13:21 - 00000000 ____D C:\windows\Minidump
2013-08-21 18:17 - 2013-03-12 13:21 - 756084345 _____ C:\windows\MEMORY.DMP
2013-08-20 23:59 - 2013-08-10 22:44 - 00000000 ____D C:\Users\Jeremy\workspace
2013-08-20 23:44 - 2013-08-20 23:44 - 00002854 _____ C:\Users\Jeremy\Downloads\CSC.zip
2013-08-20 23:44 - 2013-08-20 23:44 - 00000000 ____D C:\Users\Jeremy\Downloads\CSC
2013-08-19 21:37 - 2010-11-20 20:24 - 00000000 __SHD C:\Users\Jeremy\AppData\Roaming\diuggivu
2013-08-19 21:33 - 2013-02-21 18:06 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\uTorrent
2013-08-19 18:08 - 2013-08-19 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-19 17:18 - 2013-08-19 17:18 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Malwarebytes
2013-08-19 17:18 - 2013-08-19 17:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 03:05 - 2013-08-19 03:00 - 00000642 _____ C:\Users\Jeremy\Documents\Workspace.sws
2013-08-19 03:05 - 2013-08-19 02:59 - 00057488 _____ C:\Users\Jeremy\Desktop\ObjectOrientedModel_2.oom
2013-08-19 03:05 - 2013-08-19 02:55 - 00001273 _____ C:\Users\Jeremy\Documents\Full Object Report.html
2013-08-19 02:55 - 2013-08-19 02:55 - 00000000 ____D C:\Users\Jeremy\Documents\Full Object Report_files
2013-08-19 00:56 - 2013-08-19 00:28 - 00000000 ____D C:\ProgramData\PowerDesigner 16
2013-08-19 00:34 - 2013-08-19 00:34 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\PowerDesigner
2013-08-19 00:29 - 2012-04-09 22:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-19 00:28 - 2013-08-19 00:28 - 00000000 ____D C:\Program Files (x86)\Sybase
2013-08-18 23:38 - 2013-08-18 23:38 - 353134605 _____ (Acresso Software Inc.                                        ) C:\Users\Jeremy\Downloads\PowerDesigner161_Evaluation.exe
2013-08-18 22:29 - 2013-08-18 22:29 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\eIntaller
2013-08-18 21:26 - 2013-08-18 21:26 - 00000589 _____ C:\Users\Jeremy\Desktop\eclipse - Shortcut.lnk
2013-08-18 12:19 - 2009-07-13 21:45 - 00416688 _____ C:\windows\system32\FNTCACHE.DAT
2013-08-18 12:17 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-18 12:17 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-18 12:17 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-18 02:01 - 2013-03-15 01:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-18 02:01 - 2013-03-15 01:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-16 00:44 - 2013-07-14 22:39 - 00000000 ____D C:\Program Files (x86)\MagicISO
2013-08-16 00:30 - 2013-08-16 00:30 - 00000000 ____D C:\windows\system32\appmgmt
2013-08-10 23:29 - 2013-08-10 23:29 - 00000000 ____D C:\Users\Jeremy\Desktop\week2
2013-08-10 22:41 - 2013-08-10 22:41 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-08-10 22:41 - 2013-08-10 22:41 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-08-10 22:41 - 2013-08-10 22:41 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-08-10 22:41 - 2013-08-10 22:41 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-08-10 22:41 - 2013-08-10 22:41 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-08-10 22:41 - 2013-08-10 22:41 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-08-10 22:40 - 2013-08-10 22:39 - 00000000 ____D C:\Program Files\Java
2013-08-10 22:18 - 2013-08-10 22:18 - 00000000 ____D C:\Users\Jeremy\Downloads\eclipse-standard-kepler-R-win32-x86_64
2013-08-10 18:30 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-08-10 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-08-10 00:24 - 2013-02-24 00:22 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\vlc
2013-08-08 09:39 - 2013-08-08 09:39 - 00000000 ____D C:\47d7cb9f68a4c6c2d1beaf0e7d90cee3
2013-08-05 16:13 - 2013-05-16 21:51 - 00007602 _____ C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
2013-08-04 10:52 - 2013-05-16 21:03 - 00000000 ____D C:\Users\Jeremy\AppData\Local\VirtualStore

Files to move or delete:
====================
C:\ProgramData\2Pi1V0s.dat
C:\Users\Jeremy\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-13 02:40

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2013 01
Ran by Jeremy at 2013-08-31 13:25:42
Running from C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOC22ZJR
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
µTorrent (x32 Version: 3.3.0.29677)
7-Zip 9.20 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.3.300.257)
Adobe Reader X (10.1.6) MUI (x32 Version: 10.1.6)
AMD APP SDK Runtime (Version: 10.0.851.6)
AMD Catalyst Install Manager (Version: 3.0.859.0)
Applet (HKCU)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.00(T))
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.420.7502)
Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502)
CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502)
CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502)
CCC Help Czech (x32 Version: 2012.0120.0419.7502)
CCC Help Danish (x32 Version: 2012.0120.0419.7502)
CCC Help Dutch (x32 Version: 2012.0120.0419.7502)
CCC Help English (x32 Version: 2012.0120.0419.7502)
CCC Help Finnish (x32 Version: 2012.0120.0419.7502)
CCC Help French (x32 Version: 2012.0120.0419.7502)
CCC Help German (x32 Version: 2012.0120.0419.7502)
CCC Help Greek (x32 Version: 2012.0120.0419.7502)
CCC Help Hungarian (x32 Version: 2012.0120.0419.7502)
CCC Help Italian (x32 Version: 2012.0120.0419.7502)
CCC Help Japanese (x32 Version: 2012.0120.0419.7502)
CCC Help Korean (x32 Version: 2012.0120.0419.7502)
CCC Help Norwegian (x32 Version: 2012.0120.0419.7502)
CCC Help Polish (x32 Version: 2012.0120.0419.7502)
CCC Help Portuguese (x32 Version: 2012.0120.0419.7502)
CCC Help Russian (x32 Version: 2012.0120.0419.7502)
CCC Help Spanish (x32 Version: 2012.0120.0419.7502)
CCC Help Swedish (x32 Version: 2012.0120.0419.7502)
CCC Help Thai (x32 Version: 2012.0120.0419.7502)
CCC Help Turkish (x32 Version: 2012.0120.0419.7502)
ccc-utility64 (Version: 2012.0120.420.7502)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dota 2 (x32)
dows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (Version: 12/02/2011 2.3.8.1)
Google Chrome (x32 Version: 29.0.1547.57)
Google Update Helper (x32 Version: 1.3.21.153)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel® Management Engine Components (x32 Version: 8.0.3.1427)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java Auto Updater (x32 Version: 2.0.6.1)
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250)
Java™ 6 Update 30 (x32 Version: 6.0.300)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
MagicDisc 2.7.106 (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Primary Interop Assemblies (x32 Version: 14.0.4763.1024)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton Online Backup (x32 Version: 2.1.17242)
Norton PC Checkup (x32 Version: 2.0.15.77)
Norton PC Checkup (x32 Version: 3.0.5.38.0)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130)
Realtek WLAN Driver (x32 Version: 2.00.0016)
RtkClassFilter (x32 Version: 1.2.1.4)
Sandboxie 4.04 (64-bit) (Version: 4.04)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (x32 Version: 1.0.0)
Skype™ 6.3 (x32 Version: 6.3.107)
Steam (x32 Version: 1.0.0.0)
Sybase PowerDesigner 16.1 (x32 Version: 16.1.3701 EBF4)
Synaptics Pointing Device Driver (Version: 15.3.38.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
TOSHIBA Audio Enhancement (Version: 1.0.2.8)
TOSHIBA Bulletin Board (Version: 2.1.17.64)
TOSHIBA Bulletin Board (x32 Version: 2.1.17.64)
TOSHIBA ConfigFree (x32 Version: 8.0.43)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.10.64)
TOSHIBA Face Recognition (Version: 3.1.18.64)
TOSHIBA Face Recognition (x32 Version: 3.1.18.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.0020)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Peak Shift Control (Version: 3.00.07.64)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2004)
TOSHIBA Service Station (x32 Version: 2.2.13)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (x32 Version: 2.00.0009)
TOSHIBA Value Added Package (Version: 1.6.0021.640203)
TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33)
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.5)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

18-08-2013 09:00:29 Windows Update
19-08-2013 07:29:08 Installed Sybase PowerDesigner 16.1
20-08-2013 03:36:17 Installed Steam
21-08-2013 20:49:35 Windows Update
25-08-2013 00:42:37 OTL Restore Point - 24/08/2013 5:42:34 PM
25-08-2013 00:50:14 OTL Restore Point - 24/08/2013 5:50:13 PM
25-08-2013 21:12:07 Windows Update
28-08-2013 19:20:09 ComboFix created restore point
29-08-2013 20:23:40 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-08-28 12:51 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0121C411-B35D-4AB9-A0C4-35709B80C147} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe No File
Task: {02B2C5FC-F16D-4996-9477-6FE2FCC73BFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {15A19FC5-3C9D-4928-963E-7A5DF6CF76E1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {17CE2896-F666-48D4-8F64-012676A0ED8C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {6723896D-59B1-406C-995F-B4D69BCCF676} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File
Task: {709E8212-EFA5-444D-A0B1-AE6AFCDC8432} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {A603E7FA-A11E-462C-A74D-C8C943FEB615} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {DA72721B-DEFF-424A-846B-77BF9FDFB5C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {E3F07C85-516A-4FB7-9235-D136D099647B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F9294858-AC7B-412E-A7C8-F86C6F9B7DA4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File
Task: {FFD8730A-BADB-4DD3-818E-0C3140F4D098} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-11-10 07:45 - 2012-01-20 04:33 - 00042496 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiuxp64.dll
2012-11-10 07:45 - 2012-01-20 05:30 - 00933888 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\aticfx64.dll
2012-11-10 07:45 - 2012-01-20 05:08 - 07593472 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atidxx64.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00837632 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2012-01-20 05:08 - 2012-01-20 05:08 - 00004608 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2009-07-13 16:35 - 2009-07-13 18:41 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\RstrtMgr.DLL
2009-07-13 17:07 - 2009-07-13 18:41 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\xwizards.dll
2009-07-13 17:11 - 2009-07-13 18:41 - 00712192 _____ (Microsoft Corporation) C:\windows\system32\WLanConn.dll
2013-04-09 00:39 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR\rarext64.dll
2013-07-14 22:39 - 2008-05-22 23:25 - 00043520 ____N (MagicISO, Inc.) C:\Program Files (x86)\MagicISO\misosh64.dll
2013-02-22 23:59 - 2012-07-04 15:16 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\NETAPI32.dll
2011-12-19 13:14 - 2011-12-19 13:14 - 00421648 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2011-12-19 13:14 - 2011-12-19 13:14 - 00229648 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2011-12-16 00:16 - 2011-12-16 00:16 - 00156608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
2011-12-16 00:16 - 2011-12-16 00:16 - 00153024 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
2011-12-16 00:16 - 2011-12-16 00:16 - 00309184 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
2011-09-22 23:21 - 2011-09-22 23:21 - 00266688 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
2011-09-22 23:22 - 2011-09-22 23:22 - 00346048 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
2011-09-22 23:24 - 2011-09-22 23:24 - 00061376 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
2011-09-22 23:23 - 2011-09-22 23:23 - 00278480 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll
2011-09-22 23:20 - 2011-09-22 23:20 - 00268224 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
2011-09-22 23:22 - 2011-09-22 23:22 - 00273856 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
2011-09-22 23:25 - 2011-09-22 23:25 - 00268224 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
2011-09-22 23:22 - 2011-09-22 23:22 - 00266688 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
2011-05-17 15:35 - 2011-05-17 15:35 - 00270784 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TScreen.dll
2011-12-13 22:55 - 2011-12-13 22:55 - 00112512 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
2011-12-13 22:55 - 2011-12-13 22:55 - 00268160 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
2011-08-22 16:19 - 2011-08-22 16:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00265016 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll
2011-08-08 17:58 - 2011-08-08 17:58 - 00185728 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
2011-07-21 21:43 - 2011-07-21 21:43 - 00299904 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\ButtonSupport\TBSMain.dll
2011-07-26 14:08 - 2011-07-26 14:08 - 00097664 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\Brightness.dll
2011-03-03 13:11 - 2011-03-03 13:11 - 00128928 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
2011-01-18 13:55 - 2011-01-18 13:55 - 00114552 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\Touchpad.dll
2011-01-20 16:13 - 2011-01-20 16:13 - 00091000 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\Mute.dll
2011-04-06 13:01 - 2011-04-06 13:01 - 00381360 _____ (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
2011-11-16 14:15 - 2011-11-16 14:15 - 00080288 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
2010-12-02 20:50 - 2010-12-02 20:50 - 00044920 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\SmoothView.dll
2008-07-14 11:35 - 2008-07-14 11:35 - 00107832 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2011-11-24 14:20 - 2011-11-24 14:20 - 00593856 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2011-11-24 14:20 - 2011-11-24 14:20 - 00089536 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHci.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-12-19 11:34 - 2011-12-19 11:34 - 00306176 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCReg.dll
2011-12-19 11:34 - 2011-12-19 11:34 - 00633344 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCCtl.dll
2011-01-19 17:00 - 2011-01-19 17:00 - 00118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll
2011-12-19 11:33 - 2011-12-19 11:33 - 00262656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCFunc.dll
2011-06-28 14:02 - 2011-06-28 14:02 - 03421104 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2011-06-28 11:30 - 2011-06-28 11:30 - 00067496 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\ReelTimeRemoteStorage.dll
2012-11-10 07:42 - 2012-11-10 07:42 - 00245760 _____ (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcm90.dll
2013-07-10 13:47 - 2013-04-23 15:56 - 09991832 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
2013-08-18 12:22 - 2013-08-18 12:22 - 15577088 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll
2009-07-13 13:37 - 2009-06-10 13:39 - 00085312 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
2013-02-23 00:35 - 2012-10-05 03:52 - 01574496 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
2011-06-28 11:30 - 2011-06-28 11:30 - 00385960 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\DataProcess.dll
2012-04-09 21:32 - 2011-03-10 23:34 - 01359872 _____ (Microsoft Corporation) C:\windows\system32\MFC42u.dll
2010-11-20 20:23 - 2010-11-20 20:23 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ODBC32.dll
2013-07-08 04:29 - 2013-07-08 04:29 - 00456280 _____ (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieDll.dll
2009-07-13 17:28 - 2009-07-13 18:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\odbcint.dll
2013-08-18 12:22 - 2013-08-18 12:22 - 10655744 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System\af0a0b96a02f9925eb84392ee65a5cfa\System.ni.dll
2013-08-18 12:23 - 2013-08-18 12:23 - 02320384 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\868d117286ad259249f31d3fe813d39a\System.Drawing.ni.dll
2013-08-18 12:23 - 2013-08-18 12:23 - 17383424 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\95674cb72317e3a5380ea450b913786f\System.Windows.Forms.ni.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00095744 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00026112 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00047104 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2013-08-18 12:25 - 2013-08-18 12:25 - 01022976 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\5d7208467b0ffffee644a83f4e76fa12\System.Runtime.Remoting.ni.dll
2013-08-18 12:25 - 2013-08-18 12:25 - 15362048 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\1223cf3c9fcc905300e20364b7a26097\System.Web.ni.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00021504 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2009-07-13 16:19 - 2009-07-13 18:41 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\ktmw32.dll
2009-07-13 16:46 - 2009-07-13 18:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2013-08-18 12:22 - 2013-08-18 12:22 - 06964736 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\3975acf49313ceea1280da91f0383480\System.Xml.ni.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00057344 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00037376 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00029184 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2011-11-25 17:09 - 2011-11-25 17:09 - 00110592 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00034816 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-11-10 07:45 - 2012-01-20 04:35 - 00509952 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atiadlxx.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00044032 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00019968 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2009-04-22 13:13 - 2009-04-22 13:13 - 00045056 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2010-03-04 01:27 - 2010-03-04 01:27 - 00016384 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-11-10 07:45 - 2012-01-20 05:28 - 00466944 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIDEMGX.dll
2010-10-07 14:07 - 2010-10-07 14:07 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
2013-08-18 12:22 - 2013-08-18 12:22 - 01320448 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\1031b311ee568364d4ca1c4db634eaf0\System.Configuration.ni.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00303104 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00192512 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-06-17 06:27 - 2009-06-17 06:27 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00008704 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2008-04-03 17:29 - 2008-04-03 17:29 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2013-08-18 12:22 - 2013-08-18 12:22 - 04962816 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\ae3db946d20bb0ad28cf588eef06ecf0\WindowsBase.ni.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00025088 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00065536 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00240640 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects2.Runtime.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00106496 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
2009-06-17 11:24 - 2009-06-17 11:24 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00035840 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00110592 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00015872 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00012288 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.shared.dll
2009-12-08 07:49 - 2009-12-08 07:49 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
2007-08-09 17:58 - 2007-08-09 17:58 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
2009-06-17 11:24 - 2009-06-17 11:24 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2008-12-30 12:04 - 2008-12-30 12:04 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
2009-04-22 13:13 - 2009-04-22 13:13 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
2010-11-05 15:18 - 2010-11-05 15:18 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2009-01-20 14:51 - 2009-01-20 14:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00019968 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00010752 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00012800 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00011264 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00012800 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00018944 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00050688 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00065536 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00380928 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00036352 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00007680 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2013-08-18 12:23 - 2013-08-18 12:23 - 16542720 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\455f1bf19319ef1c59b3e0c1e45c1c9c\PresentationCore.ni.dll
2013-08-18 12:24 - 2013-08-18 12:24 - 19197952 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\90ad207864957bd667f551bdd1c39ada\PresentationFramework.ni.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 01394176 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2013-07-10 13:46 - 2013-04-19 15:54 - 02256032 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00172032 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 01007616 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00468992 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00027648 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 02722816 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll
2012-01-20 05:13 - 2012-01-20 05:13 - 00356352 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2012-01-20 05:13 - 2012-01-20 05:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2012-01-20 05:13 - 2012-01-20 05:13 - 00393216 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 02510848 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00233472 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00159744 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2012-01-20 05:13 - 2012-01-20 05:13 - 00052736 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00020992 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00044544 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00007680 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00039936 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-01-20 05:14 - 2012-01-20 05:14 - 00311296 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-01-20 05:10 - 2012-01-20 05:10 - 00303104 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-11-10 07:45 - 2012-01-20 04:33 - 00039936 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiu9p64.dll
2012-11-10 07:45 - 2012-01-20 04:44 - 07531008 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiumd64.dll
2012-11-10 07:45 - 2012-01-20 04:56 - 04073472 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiumd6a.dll
2013-08-18 12:26 - 2013-08-18 12:26 - 00463360 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\56d7206478a1eb28089a8efbdf921bf2\PresentationFramework.Aero.ni.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00060928 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2013-08-18 12:26 - 2013-08-18 12:26 - 03315712 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\296ad113496c7e97a1689ffef9550b19\System.Core.ni.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00168960 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2009-07-13 18:01 - 2009-06-10 13:31 - 01165664 _____ (Microsoft Corporation) C:\windows\system32\PresentationNative_v0300.dll
2009-07-13 16:39 - 2009-07-13 18:41 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\msctfui.dll
2013-08-19 21:01 - 2013-08-19 21:01 - 00329216 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\fffa833a307c3ad981d98b81311f2ad3\WindowsFormsIntegration.ni.dll
2012-01-20 05:12 - 2012-01-20 05:12 - 00524288 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
2012-01-20 05:11 - 2012-01-20 05:11 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00489472 _____ (Microsoft) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Microsoft.WindowsAPICodePack.Shell.dll
2012-01-20 05:09 - 2012-01-20 05:09 - 00082944 _____ (Microsoft) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Microsoft.WindowsAPICodePack.dll
2009-06-19 09:54 - 2009-06-19 09:54 - 00041816 _____ (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosNtfs.dll
2009-06-18 22:04 - 2009-06-18 22:04 - 00313720 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\LCWizard.dll
2011-04-28 14:02 - 2011-04-28 14:02 - 00235936 _____ (TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtAPI.dll
2011-04-28 14:20 - 2011-04-28 14:20 - 00187288 _____ (TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBdAPI.dll
2011-04-22 17:30 - 2011-04-22 17:30 - 00104344 _____ (TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.dll
2011-11-25 19:51 - 2011-11-25 19:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-11-25 19:53 - 2011-11-25 19:53 - 00265656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2011-12-14 16:04 - 2011-12-14 16:04 - 00150016 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll
2011-12-14 16:03 - 2011-12-14 16:03 - 00259584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TReport.dll
2011-12-14 16:03 - 2011-12-14 16:03 - 00109568 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll
2013-02-21 17:42 - 2012-06-02 15:15 - 02622464 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2010-11-20 20:24 - 2010-11-20 20:24 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\Cabinet.dll
2013-02-21 17:42 - 2012-06-02 15:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2010-09-21 15:49 - 2010-09-21 15:49 - 00170880 _____ (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2013-08-18 02:18 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\IEUI.dll
2010-09-23 01:36 - 2010-09-23 01:36 - 00150376 _____ (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsapi.dll
2013-02-23 00:04 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\windows\System32\Wpc.dll
2013-03-31 13:30 - 2013-03-31 13:30 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ImgUtil.dll
2010-02-28 03:24 - 2010-02-28 03:24 - 00056192 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2013-03-31 13:30 - 2013-03-31 13:30 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 00052224 _____ (Microsoft Corporation) C:\Program Files\Windows Defender\MpOav.dll
2013-01-27 11:36 - 2013-01-27 11:36 - 00075240 _____ (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpOAv.dll
2009-07-13 16:39 - 2009-07-13 18:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\oleaccrc.dll
2013-08-30 16:38 - 2013-08-30 16:38 - 00512200 _____ (Adobe Systems, Inc.) C:\Users\Jeremy\AppData\Local\Temp\{9669562F-E1C1-4E2B-A7FC-259A6E3C2A5B}\fpb.tmp
2013-04-29 14:02 - 2013-04-29 14:02 - 00512200 _____ (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
2009-07-13 18:18 - 2010-11-20 20:23 - 00884224 _____ (Microsoft Corporation) C:\windows\system32\spool\DRIVERS\x64\3\unidrvui.dll
2013-02-21 17:46 - 2010-03-29 21:30 - 00060288 _____ (Microsoft Corporation) C:\windows\system32\spool\DRIVERS\x64\3\SendToOneNoteUI.DLL
2009-07-13 17:40 - 2010-11-20 20:23 - 00715776 _____ (Microsoft Corporation) C:\windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
2012-04-09 21:30 - 2010-09-30 03:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\FontSub.dll
2009-07-13 16:55 - 2009-07-13 18:41 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\Msidle.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Jeremy\AppData\Roaming\Thumbs.db:encryptable

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2013 04:26:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17242.0, time stamp: 0x4bdf8b0f
Faulting module name: NOBuClient.exe, version: 2.1.17242.0, time stamp: 0x4bdf8b0f
Exception code: 0xc0000005
Fault offset: 0x00000000000197df
Faulting process id: 0x13b8
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (08/29/2013 04:25:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:51:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:43:51 PM) (Source: Application Hang) (User: )
Description: The program OTL.scr version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 183c

Start Time: 01cea4257a5b22c0

Termination Time: 0

Application Path: C:\Users\Jeremy\Desktop\OTL.scr

Report Id: 2387b059-101a-11e3-983f-2016d8322065

Error: (08/28/2013 00:27:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17242.0, time stamp: 0x4bdf8b0f
Faulting module name: NOBuClient.exe, version: 2.1.17242.0, time stamp: 0x4bdf8b0f
Exception code: 0xc0000005
Fault offset: 0x00000000000197df
Faulting process id: 0x12d8
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (08/28/2013 00:26:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:22:46 PM) (Source: Application Hang) (User: )
Description: The program OTL.scr version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1698

Start Time: 01cea423c7708ea7

Termination Time: 0

Application Path: C:\Users\Jeremy\Desktop\OTL.scr

Report Id: 3404049a-1017-11e3-9533-2016d8322065

Error: (08/28/2013 00:18:59 PM) (Source: Application Hang) (User: )
Description: The program OTL.scr version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e84

Start Time: 01cea4230ae40ea3

Termination Time: 0

Application Path: C:\Users\Jeremy\Desktop\OTL.scr

Report Id: ab108209-1016-11e3-9533-2016d8322065

Error: (08/26/2013 01:07:31 PM) (Source: Application Hang) (User: )
Description: The program dota.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d84

Start Time: 01cea1606d93e761

Termination Time: 30273

Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe

Report Id:

System errors:
=============
Error: (08/30/2013 08:40:26 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/30/2013 08:40:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/29/2013 04:25:26 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:14:19 PM on ‎29/‎08/‎2013 was unexpected.

Error: (08/28/2013 00:49:43 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/28/2013 00:48:25 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/28/2013 00:38:32 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/28/2013 00:33:42 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/28/2013 00:33:42 PM) (Source: Service Control Manager) (User: )
Description: The Sentinel HASP License Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/28/2013 00:30:58 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/28/2013 00:30:58 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (08/29/2013 04:26:08 PM) (Source: Application Error)(User: )
Description: NOBuClient.exe2.1.17242.04bdf8b0fNOBuClient.exe2.1.17242.04bdf8b0fc000000500000000000197df13b801cea50f22e87492C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe61a26850-1102-11e3-adcd-2016d8322065

Error: (08/29/2013 04:25:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:51:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:43:51 PM) (Source: Application Hang)(User: )
Description: OTL.scr3.2.69.0183c01cea4257a5b22c00C:\Users\Jeremy\Desktop\OTL.scr2387b059-101a-11e3-983f-2016d8322065

Error: (08/28/2013 00:27:06 PM) (Source: Application Error)(User: )
Description: NOBuClient.exe2.1.17242.04bdf8b0fNOBuClient.exe2.1.17242.04bdf8b0fc000000500000000000197df12d801cea42493f89f1dC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exed2db96d9-1017-11e3-983f-2016d8322065

Error: (08/28/2013 00:26:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:22:46 PM) (Source: Application Hang)(User: )
Description: OTL.scr3.2.69.0169801cea423c7708ea70C:\Users\Jeremy\Desktop\OTL.scr3404049a-1017-11e3-9533-2016d8322065

Error: (08/28/2013 00:18:59 PM) (Source: Application Hang)(User: )
Description: OTL.scr3.2.69.0e8401cea4230ae40ea30C:\Users\Jeremy\Desktop\OTL.scrab108209-1016-11e3-9533-2016d8322065

Error: (08/26/2013 01:07:31 PM) (Source: Application Hang)(User: )
Description: dota.exe0.0.0.0d8401cea1606d93e76130273C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe

CodeIntegrity Errors:
===================================
  Date: 2013-08-28 12:48:25.111
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 12:48:25.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4047.3 MB
Available physical RAM: 2152.39 MB
Total Pagefile: 8092.79 MB
Available Pagefile: 5234.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (S3A9566D003) (Fixed) (Total:581.3 GB) (Free:521.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 58943F2B)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=17)

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users