Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Patched.HN, Trojan.Dropper.PE4 et al; mediashifting.com tabs; possible


  • This topic is locked This topic is locked

#1
Daniel Tasayco

Daniel Tasayco

    Member

  • Member
  • PipPip
  • 21 posts
*The next day to infection, Firefox got its proxy settings changed to 127.0.0.1 ; Firefox now creates tabs at random actions directing to search website www.mediashifting.com/[random terms]

*It seems Windows firewall was disabled completely and cannot activate again, I only noticed this today when I went to change exceptions for TCP/UDP
I don't know if NOD32 services are failing or Windows ones
10/12/2011 11:40:25 p.m. Personal firewall An error occurred while starting services. Analysis of application protocols (POP3, HTTP) will not function.

*System was having slow downs the following days, but now this got replaced by occasional blue screens as seen on BlueScreenView. This drivers/executables seem to be failing (installed latest ATI Radeon drivers but still crashes)

atikmdag.sys atikmdag.sys+1b20a 0x8fa37000 0x902f8000 0x008c1000 0x4ea76876 25/10/2011 20:55:02 ATI Radeon Family ATI Radeon Kernel Mode Driver 8.01.01.1207 ATI Technologies Inc. C:\Windows\system32\drivers\atikmdag.sys
ntkrnlpa.exe ntkrnlpa.exe+4686b 0x83443000 0x83853000 0x00410000 0x4ea76ed3 25/10/2011 21:22:11 Microsoft® Windows® Operating System NT Kernel & System 6.1.7600.16905 (win7_gdr.111025-1503) Microsoft Corporation C:\Windows\system32\ntkrnlpa.exe


*On-demand ESET NOD32 from today:
Operating memory » C:\Windows\assembly\GAC_MSIL\Desktop.ini - a variant of Win32/Sirefef.CH trojan - cleaned by deleting (after the next restart) [1,2]

Quarantined files since infection day
Posted Image

Quick scan by Malwarebytes' from today:
Posted Image

Edited by Daniel Tasayco, 21 December 2011 - 02:26 PM.

  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
Daniel Tasayco

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
aswMBR stops working while scanning a \Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applic.... folder. I managed to save a log before thae problem on second run. I'll do it in safe mode if needed

Attached File  MBR.zip   559bytes   25 downloads

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-21 16:42:44
-----------------------------
16:42:44.063 OS Version: Windows 6.1.7600
16:42:44.063 Number of processors: 2 586 0x1706
16:42:44.063 ComputerName: PC UserName:
16:42:44.765 Initialize success
16:46:49.772 AVAST engine defs: 11122102
17:26:49.436 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:26:49.439 Disk 0 Vendor: ST3802110A 3.AAJ Size: 76318MB BusType: 3
17:26:49.442 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
17:26:49.454 Disk 1 Vendor: ST3160813AS CC2F Size: 152626MB BusType: 3
17:26:51.518 Disk 0 MBR read successfully
17:26:51.521 Disk 0 MBR scan
17:26:52.448 Disk 0 Windows 7 default MBR code
17:26:52.490 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
17:26:52.682 Disk 0 Partition - 00 0F Extended LBA 36310 MB offset 81915435
17:26:52.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 36310 MB offset 81915498
17:26:53.007 Disk 0 scanning sectors +156280320
17:26:53.542 Disk 0 scanning C:\Windows\system32\drivers
17:27:43.965 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Zeroot-B [Rtk]
17:27:53.634 Service scanning
17:27:55.881 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:27:56.763 Modules scanning
17:28:22.328 Module: C:\Windows\system32\DRIVERS\tdx.sys **SUSPICIOUS**
17:28:57.696 Disk 0 trace - called modules:
17:28:57.727 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8673bba0]<<
17:28:57.739 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8644f030]
17:28:57.747 3 CLASSPNP.SYS[89adf59e] -> nt!IofCallDriver -> [0x86676580]
17:28:57.752 \Driver\00000456[0x865750d8] -> IRP_MJ_CREATE -> 0x8673bba0
17:29:01.322 AVAST engine scan C:\
17:38:37.038 Disk 0 MBR has been saved successfully to "C:\Users\floppyc\Desktop\MBR.dat"
17:38:37.057 The log file has been saved successfully to "C:\Users\floppyc\Desktop\aswMBR.txt"
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#5
Daniel Tasayco

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 23/12/2011 09:22:34 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Skippan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,77% Memory free
3,93 Gb Paging File | 3,01 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 8,30 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,00 Gb Free Space | 42,30% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 17,95 Gb Free Space | 12,04% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 08:59:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Skippan\Desktop\OTL.exe
PRC - [2011/10/25 21:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/05/24 11:02:16 | 000,929,792 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 09:14:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ae9d0d1289e64e7bf042108e547251ac\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 08:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 08:36:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 08:36:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 08:36:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/02/19 16:14:48 | 000,187,904 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2008/04/11 11:33:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_intelcpu.dll
MOD - [2008/04/09 11:08:46 | 000,016,896 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_amdcore.dll
MOD - [2007/09/14 10:35:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_cpuload.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/03/07 07:26:34 | 000,077,824 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\support.dll
MOD - [2007/03/07 07:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\kbdhook.dll
MOD - [2007/01/03 15:09:46 | 000,017,408 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll
MOD - [2006/12/26 12:53:28 | 000,019,456 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll
MOD - [2006/12/25 04:02:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll
MOD - [2005/11/29 12:38:20 | 000,023,552 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll
MOD - [2005/11/29 12:34:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\pciset.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 15:26:36 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/02 09:29:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Project\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2011/10/25 22:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/25 20:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/07/06 10:14:42 | 000,089,376 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/03/27 05:35:12 | 000,020,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/11/20 17:27:45 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/09/11 08:14:02 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/13 18:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 18:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Controlador de conexiones de red Gigabit Intel®
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latam.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-pe
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA BA 3A E8 79 5A CA 01 [binary data]
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50929

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Project\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Project\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2011/11/10 16:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2011/11/02 20:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/31 19:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5 [2011/10/12 21:10:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5 [2011/10/12 21:10:54 | 000,000,000 | ---D | M]

[2011/02/24 15:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]
[2010/08/02 20:04:18 | 000,002,388 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-images-album-art-300x300.xml
[2010/08/02 20:03:24 | 000,002,686 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-imgenes.xml
[2009/05/25 18:53:21 | 000,002,996 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\imdb.xml
[2010/03/21 13:44:33 | 000,004,859 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\isohunt--bt-search.xml
[2011/12/04 15:14:13 | 000,000,727 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\podnapisinet.xml
[2009/07/20 21:39:58 | 000,002,305 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\rae---dle-aproximacin.xml
[2009/04/21 19:08:09 | 000,001,330 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-en.xml
[2009/11/11 14:37:26 | 000,001,348 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-es.xml
[2011/12/07 07:45:22 | 000,001,997 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wolframalpha.xml
[2009/04/20 16:27:00 | 000,001,546 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowhead.xml
[2009/04/20 15:46:21 | 000,001,905 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowwiki-en.xml
[2009/04/20 15:20:23 | 000,002,379 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wr-english-spanish.xml
[2009/05/25 18:53:21 | 000,002,431 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\youtube.xml
[2011/10/12 21:10:54 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2009/02/23 15:57:46 | 000,000,985 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Project\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [F.lux] C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar a Microsoft Excel - D:\Project\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\..Trusted Ranges: Range1979 ([http] in Sitios de confianza)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FAC8AF-9297-40D3-94EF-BDB2CC4BCE6D}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: DefaultVerifier - (C:\Program Files\Internet Explorer\setupapi.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/12/23 08:59:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Skippan\Desktop\OTL.exe
[2011/12/21 15:47:33 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Skippan\Desktop\aswMBR.exe
[2011/12/21 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Malwarebytes
[2011/12/18 21:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/12/18 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/12/15 07:59:46 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/15 07:59:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/15 07:59:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/15 07:59:43 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/15 07:59:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/15 07:59:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/15 07:59:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 07:59:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 07:59:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 07:59:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 07:59:36 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/15 07:59:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/15 07:59:27 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 07:59:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/15 07:58:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 07:58:31 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 07:58:30 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 07:58:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 16:01:15 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/12/11 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{52AF3B7A-6DCB-434D-AA54-64B91158BA46}
[2011/12/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{DCC9C6D0-1E4A-4936-93CF-2A5DAA2C39F9}
[2011/12/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/11 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 13:32:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/09 13:29:04 | 000,000,000 | -HSD | C] -- C:\Users\Skippan\AppData\Local\52ef2635
[2011/12/09 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA580
[2011/12/09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/12/09 13:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/12/08 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ornamentum
[2011/12/04 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{B20F920D-DEEB-4821-82E5-99D6E6B81E27}
[2011/12/04 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{28944516-6CCF-4523-AD5D-A442BAFB1F2A}
[2011/12/04 22:12:43 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{7C8F2549-141E-4080-880B-7FA20C6B13EA}
[2011/11/30 20:02:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{946A01C8-53FC-4D24-8EA6-963A9142ED56}
[2011/11/30 20:01:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{66261D72-6ECD-4E51-AE89-4BACB5875D0C}
[2011/11/30 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2011/11/30 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\Windows Live Writer
[2011/11/29 22:04:51 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/29 22:04:21 | 000,000,000 | ---D | C] -- C:\Windows\es
[2011/11/29 21:49:43 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/11/29 21:49:42 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/11/29 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\Windows Live
[2011/11/24 23:13:00 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Braid
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/12/23 08:59:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Skippan\Desktop\OTL.exe
[2011/12/23 08:49:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 08:49:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 08:42:52 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/12/23 08:42:41 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2011/12/23 08:42:30 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2011/12/23 08:42:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 08:42:22 | 1582,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 17:26:03 | 000,698,480 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/12/21 17:26:03 | 000,611,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 17:26:03 | 000,136,668 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/12/21 17:26:03 | 000,105,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/21 15:47:50 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Skippan\Desktop\aswMBR.exe
[2011/12/17 11:11:50 | 000,000,285 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/12/15 14:52:24 | 003,772,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 16:01:16 | 000,013,107 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/11/23 23:23:31 | 002,340,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/13 16:01:16 | 000,013,107 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/11/29 22:04:07 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/29 22:03:33 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/29 22:00:29 | 000,002,392 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/25 20:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/25 20:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/27 17:49:34 | 000,000,285 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/07/16 14:17:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/07/08 22:36:24 | 003,772,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/27 16:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\0.5493330614828563.exe
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/26 14:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 15:58:50 | 000,155,090 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/02/01 23:19:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 07:46:36 | 000,000,132 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/19 14:15:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/15 22:38:37 | 000,001,456 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2010/09/14 20:09:58 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/03 21:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/02 18:55:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/27 19:08:03 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/04/04 22:30:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/04 22:30:51 | 000,002,678 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/03/02 16:55:36 | 000,022,328 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\PnkBstrK.sys
[2010/02/20 22:32:22 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/20 22:31:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/15 09:25:06 | 000,175,608 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 12:49:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/23 20:24:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 14:44:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95DBFB04A2.sys
[2009/11/09 14:44:22 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 18:46:58 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/31 18:46:58 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/31 18:05:53 | 000,007,611 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2009/07/14 03:48:37 | 000,698,480 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/07/14 03:48:37 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/07/14 03:48:37 | 000,136,668 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/07/14 03:48:37 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,611,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,105,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/20 14:08:13 | 009,226,664 | ---- | C] () -- C:\Users\Skippan\AppData\Local\IconCache (1).db
[2009/04/19 20:07:16 | 000,034,816 | ---- | C] () -- C:\Users\Skippan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 20:03:15 | 000,072,744 | ---- | C] () -- C:\Users\Skippan\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/02/04 13:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2010/05/01 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\bitolithic
[2010/08/16 16:20:31 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DAEMON Tools Lite
[2010/11/20 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DAEMON Tools Pro
[2011/12/22 23:19:04 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DMCache
[2010/01/29 23:01:28 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\fofix
[2011/03/04 15:52:24 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\Foxit Software
[2011/09/23 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\GarenaMessenger
[2011/12/09 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\GarenaPlus
[2011/12/15 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\IDM
[2010/11/22 15:53:15 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\LoadScout
[2011/06/04 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\LolClient
[2011/06/01 13:09:35 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/08/01 15:21:34 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TeraCopy
[2010/06/02 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TS3Client
[2009/11/15 01:27:08 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TuneUp Software
[2011/12/15 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\uTorrent
[2011/12/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/04/25 23:52:16 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Amazon
[2010/05/01 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\bitolithic
[2010/12/06 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\BitTorrent
[2011/12/01 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Braid
[2011/07/21 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\calibre
[2010/11/27 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Canneverbe Limited
[2010/09/19 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/31 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Criterion Games
[2011/12/11 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\DMCache
[2011/02/07 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\fofix
[2009/10/31 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit
[2011/06/14 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit Software
[2011/11/05 13:43:39 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\IDM
[2011/01/26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Leadertech
[2010/08/17 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LG Electronics
[2010/11/21 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LoadScout
[2011/02/24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Logia
[2011/11/01 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\MinMaxGames
[2011/03/07 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\mkvtoolnix
[2010/11/28 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Mount&Blade Warband
[2011/07/22 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/12/23 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Opera
[2010/12/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Polynomial
[2011/07/26 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Rainmeter
[2010/08/16 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Red Alert 3
[2010/02/07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TeraCopy
[2009/10/31 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\The Creative Assembly
[2009/11/14 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TuneUp Software
[2010/04/23 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Ubisoft
[2011/12/08 21:40:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\uTorrent
[2011/08/08 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Watchtower
[2011/11/30 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2009/11/01 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\WUU
[2010/06/17 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\Facebook
[2011/08/31 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\Foxit Software
[2010/08/16 16:21:53 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\IDM
[2009/11/16 10:09:11 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\TuneUp Software
[2011/02/24 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\calibre
[2010/09/18 15:27:25 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/23 08:47:07 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\DMCache
[2011/06/12 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\Foxit Software
[2011/12/10 11:46:27 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\IDM
[2011/08/01 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/04 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\TeraCopy
[2009/11/16 06:40:34 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\TuneUp Software
[2011/04/05 08:02:42 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\Watchtower
[2011/12/23 08:42:52 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/12/23 08:42:30 | 000,000,300 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2011/12/02 15:27:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ShowIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --show-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\HideIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --hide-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ReinstallCommand: "C:\Program Files\SRWare Iron\iron.exe" --make-default-browser [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\shell\open\command\\: "C:\Program Files\SRWare Iron\iron.exe" [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /HideShortcuts [2011/11/10 16:31:05 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /ShowShortcuts [2011/11/10 16:31:05 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/10 16:31:05 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe [2011/11/10 16:31:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -preferences [2011/11/10 16:31:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -safe-mode [2011/11/10 16:31:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ShowIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --show-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\HideIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --hide-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ReinstallCommand: "C:\Program Files\SRWare Iron\iron.exe" --make-default-browser [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\shell\open\command\\: "C:\Program Files\SRWare Iron\iron.exe" [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /HideShortcuts [2011/11/10 16:31:05 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /ShowShortcuts [2011/11/10 16:31:05 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/10 16:31:05 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe [2011/11/10 16:31:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -preferences [2011/11/10 16:31:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -safe-mode [2011/11/10 16:31:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB35621$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Extras

OTL Extras logfile created on: 23/12/2011 09:22:35 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Skippan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,77% Memory free
3,93 Gb Paging File | 3,01 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 8,30 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,00 Gb Free Space | 42,30% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 17,95 Gb Free Space | 12,04% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6112:UDP" = 6112:UDP:*:Enabled:war udp
"6112:TCP" = 6112:TCP:*:Enabled:war tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG PC Suite
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BC74395-9275-427B-8A5B-05C14DE7A1C2}" = calibre
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45FE5100-6C09-4B34-AC2F-92D8B3864546}" = LiveUpload to Facebook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6072EF5D-2EBB-4FBA-8BE5-1C2BA21E8CFA}" = Watchtower Library 2009 - español
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78BA3E3A-31D5-4F58-95B4-180392026E38}" = LG PC Suite
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C15D6939-280D-39A6-41B5-253D2A935525}" = AMD Catalyst Install Manager
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 11.0.700.3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Badaboom" = Badaboom 1.2.1.74
"conduitEngine" = Conduit Engine
"Diablo II" = Diablo II
"DivX Tech Preview - MKV on Windows 7" = DivX Tech Preview: MKV on Windows 7
"DjVuLibre+DjView" = DjVuLibre+DjView
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"Hide Programs_is1" = Hide Programs 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"im" = Garena Plus
"Internet Download Manager" = Internet Download Manager
"JDownloader" = JDownloader
"Kid-Key-Lock_is1" = Kid-Key-Lock 1.6.1.0
"LoadScout 3.0" = LoadScout 3.0
"Messenger_Plus Toolbar" = Messenger Plus Toolbar
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"quicktime_lite_is1" = QT Lite 4.1.0
"Rainmeter" = Rainmeter
"rayatitray" = Ray Adams ATI Tray Tools
"RocketDock_is1" = RocketDock 1.3.5
"RS Somnífero" = RS Somnífero
"sp6" = Logitech SetPoint 6.20
"Steam App 107110" = Bastion - Demo
"Steam App 12210" = Grand Theft Auto IV
"Steam App 41100" = Hammerfight
"Steam App 440" = Team Fortress 2
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 550" = Left 4 Dead 2
"THOMSON mp3PRO Audio Player" = THOMSON mp3PRO Audio Player
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR 4.00" = WinRAR 4.00
"WinRAR archiver" = Compresor WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Ornamentum" = Ornamentum

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do the following:

Step 1

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image

<li>It is important you rename Combofix during the download, but not after.
<li>Please do not rename Combofix to other names, but only to the one indicated.
<li>Close any open browsers.
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection

<li>Double click on combo-Fix.exe & follow the prompts.
<li>When finished, it will produce a report for you.
<li>Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.

When completed the above, please post back the following in the order asked for:
  • Combofix log
  • TDSSKiller log

  • 0

#7
Daniel Tasayco

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ComboFix 11-12-24.10 - Skippan 25/12/2011 17:12:40.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.51.3082.18.2012.1474 [GMT -5:00]
Running from: c:\users\Skippan\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\6491\35B6.tmp
c:\program files\LP\6491\8904.tmp
c:\program files\LP\6491\AA48.tmp
c:\program files\LP\6491\E1BE.tmp
c:\users\Skippan\AppData\Local\52ef2635
c:\users\Skippan\AppData\Local\52ef2635\@
c:\users\Skippan\AppData\Local\52ef2635\U\[email protected]
c:\users\Skippan\AppData\Local\52ef2635\U\[email protected]
c:\users\Skippan\AppData\Local\52ef2635\X
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Thymaris\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\$NtUninstallKB35621$
c:\windows\$NtUninstallKB35621$\1391404597\@
c:\windows\$NtUninstallKB35621$\1391404597\L\xadqgnnk
c:\windows\$NtUninstallKB35621$\1391404597\loader.tlb
c:\windows\$NtUninstallKB35621$\1391404597\U\@00000001
c:\windows\$NtUninstallKB35621$\1391404597\U\@000000c0
c:\windows\$NtUninstallKB35621$\1391404597\U\@000000cb
c:\windows\$NtUninstallKB35621$\1391404597\U\@000000cf
c:\windows\$NtUninstallKB35621$\1391404597\U\@80000000
c:\windows\$NtUninstallKB35621$\1391404597\U\@800000c0
c:\windows\$NtUninstallKB35621$\1391404597\U\@800000cb
c:\windows\$NtUninstallKB35621$\1391404597\U\@800000cf
c:\windows\$NtUninstallKB35621$\2892523614
c:\windows\0.5493330614828563.exe
c:\windows\system32\
c:\windows\system32\c_99185.nls
c:\windows\system32\tmp34F6.tmp
c:\windows\system32\tmp5002.tmp
c:\windows\system32\tmp5061.tmp
c:\windows\usgwmt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 22:22 . 2011-12-25 22:24 -------- d-----w- c:\users\Skippan\AppData\Local\temp
2011-12-25 20:26 . 2011-12-25 20:27 -------- d-----w- c:\users\Skippan\AppData\Roaming\AtomZombieData
2011-12-25 19:59 . 2011-12-25 19:59 -------- d-----w- c:\users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-12-24 18:15 . 2011-12-24 18:15 -------- d-----w- c:\users\Skippan\AppData\Roaming\Broken Rules
2011-12-24 15:47 . 2011-12-24 15:47 -------- d-----w- c:\program files\Microsoft XNA
2011-12-24 00:33 . 2011-12-24 00:33 -------- d-----w- c:\program files\ERUNT
2011-12-21 18:16 . 2011-12-21 18:16 -------- d-----w- c:\programdata\Malwarebytes
2011-12-21 18:16 . 2011-12-21 18:16 -------- d-----w- c:\users\Skippan\AppData\Roaming\Malwarebytes
2011-12-19 02:48 . 2011-12-19 02:48 -------- d-----w- c:\programdata\Steam
2011-12-19 02:47 . 2011-12-19 02:48 -------- d-----w- c:\programdata\PopCap Games
2011-12-15 12:58 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 12:58 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 12:58 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 12:58 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 21:01 . 2011-12-13 21:01 2829 ----a-w- c:\windows\DIIUnin.pif
2011-12-13 21:01 . 2011-12-13 21:01 102400 ----a-w- c:\windows\DIIUnin.exe
2011-12-11 19:09 . 2011-12-11 19:09 -------- d-----w- c:\program files\ATI
2011-12-11 19:08 . 2011-12-11 19:08 -------- d-----w- c:\program files\ATI Technologies
2011-12-09 18:32 . 2011-12-09 18:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-09 18:25 . 2011-12-09 21:20 -------- d-----w- c:\program files\CA580
2011-12-09 18:24 . 2011-12-09 21:20 -------- d-----w- c:\users\Skippan\AppData\Roaming\125CA
2011-12-03 16:05 . 2011-12-11 19:18 -------- d-----w- c:\users\Thymaris\AppData\Local\Windows Live
2011-12-02 20:32 . 2011-12-24 14:20 -------- d-----w- c:\users\vencer\AppData\Local\Windows Live
2011-12-01 01:01 . 2011-12-01 01:01 -------- d-----w- c:\users\Skippan\AppData\Local\Windows Live Writer
2011-12-01 01:01 . 2011-12-01 01:01 -------- d-----w- c:\users\Skippan\AppData\Roaming\Windows Live Writer
2011-11-30 04:08 . 2011-12-11 04:43 -------- d-----w- c:\users\floppyc\AppData\Local\Windows Live
2011-11-30 03:04 . 2011-11-30 03:04 -------- d-----w- c:\windows\en
2011-11-30 03:04 . 2011-11-30 03:04 -------- d-----w- c:\windows\es
2011-11-30 02:55 . 2011-11-30 02:55 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-30 02:49 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-11-30 02:49 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-11-30 02:43 . 2011-11-30 02:43 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7aa9b541ccaf0905\DSETUP.dll
2011-11-30 02:43 . 2011-11-30 02:43 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7aa9b541ccaf0905\DXSETUP.exe
2011-11-30 02:43 . 2011-11-30 02:43 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7aa9b541ccaf0905\dsetup32.dll
2011-11-30 02:43 . 2011-11-30 02:43 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\cd99b5291ccaf0904\DSETUP.dll
2011-11-30 02:43 . 2011-11-30 02:43 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\cd99b5291ccaf0904\DXSETUP.exe
2011-11-30 02:43 . 2011-11-30 02:43 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\cd99b5291ccaf0904\dsetup32.dll
2011-11-30 02:40 . 2011-12-12 00:26 -------- d-----w- c:\users\Skippan\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 22:24 . 2011-07-16 19:17 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-12-24 00:24 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-12-23 22:35 . 2011-10-04 20:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 22:59 . 2011-06-05 12:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 03:03 . 2011-10-26 03:03 8853504 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2011-01-26 23:00 748544 ----a-w- c:\windows\system32\aticfx32.dll
2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:55 . 2011-01-26 22:49 4292096 ----a-w- c:\windows\system32\atidxx32.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 01:35 . 2011-01-26 22:28 4353536 ----a-w- c:\windows\system32\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 01:32 . 2011-01-26 22:24 4189184 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-26 01:29 . 2011-01-26 22:20 52736 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2011-01-26 22:12 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-10-26 01:20 . 2011-01-26 22:12 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-09-29 15:43 . 2011-11-09 13:04 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\system32\xlive.dll
2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
2011-01-17 21:54 175912 ----a-w- c:\program files\Messenger_Plus\prxtbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2011-05-24 929792]
"F.lux"="c:\users\Skippan\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
c:\users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ATI Tray Tools.lnk - c:\program files\Ray Adams\ATI Tray Tools\atitray.exe [2011-5-24 929792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Skippan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=c:\users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=c:\windows\pss\Creative Element Power Tools Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Skippan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registro de productos.lnk]
path=c:\users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registro de productos.lnk
backup=c:\windows\pss\Logitech . Registro de productos.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Skippan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
path=c:\users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 18:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 124416]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 cpuz130;cpuz130;c:\users\Skippan\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-09-11 23608]
R3 GarenaPEngine;GarenaPEngine;c:\users\floppyc\AppData\Local\Temp\IYJA4DB.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\project\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-14 25704]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-20 420920]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2011-03-27 20384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 176128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 8853504]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 264192]
S3 e1yexpress;Controlador de conexiones de red Gigabit Intel®;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-07-16 19:17]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50929
IE: E&xportar a Microsoft Excel - d:\project\Office14\EXCEL.EXE/3000
IE: Open with &LoadScout... - c:\progra~1\SOFTLO~1\LOADSC~1.0\LoadScout.exe/#164
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\
FF - prefs.js: browser.search.selectedEngine - Podnapisi.NET
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50929
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-snp2std - c:\windows\vsnp2std.exe
MSConfigStartUp-tsnp2std - c:\windows\tsnp2std.exe
AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\users\Skippan\AppData\Local\{784E3329-1B2A-421E-9427-596088B766F6}\setup_blazemp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\floppyc\AppData\Local\Temp\IYJA4DB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1163170254-3979645759-394990546-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,35,45,b4,e0,81,cf,37,e2,d2,96,83,76,8c,19,35,07,57,57,82,13,
e2,92,8d,b1,95,65,96,38,34,0a,3e,87,f4,31,32,c0,cf,18,fb,12,3b,e6,54,a8,37,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-1163170254-3979645759-394990546-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):df,e9,cd,ab,ab,45,0d,d7,c8,2e,7c,48,74,41,aa,b9,2a,90,b6,72,cd,
44,4f,09,20,49,12,39,ad,3c,92,1e,14,02,75,f1,91,af,22,58,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1163170254-3979645759-394990546-1000_Classes\CLSID\{a66e384b-cbad-4dbd-bea7-0a80f805b218}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007c
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2448)
c:\program files\Ray Adams\ATI Tray Tools\raphook.dll
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-12-25 17:30:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-25 22:30
.
Pre-Run: 7 823 032 320 bytes libres
Post-Run: 9 802 346 496 bytes libres
.
- - End Of File - - 58046874D96DE27896E5AF7C682F6EF4

17:43:41.0094 3788 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:43:42.0420 3788 ============================================================
17:43:42.0420 3788 Current date / time: 2011/12/25 17:43:42.0420
17:43:42.0420 3788 SystemInfo:
17:43:42.0420 3788
17:43:42.0420 3788 OS Version: 6.1.7600 ServicePack: 0.0
17:43:42.0420 3788 Product type: Workstation
17:43:42.0420 3788 ComputerName: PC
17:43:42.0420 3788 UserName: Skippan
17:43:42.0420 3788 Windows directory: C:\Windows
17:43:42.0420 3788 System windows directory: C:\Windows
17:43:42.0420 3788 Processor architecture: Intel x86
17:43:42.0420 3788 Number of processors: 2
17:43:42.0420 3788 Page size: 0x1000
17:43:42.0420 3788 Boot type: Normal boot
17:43:42.0420 3788 ============================================================
17:43:48.0053 3788 Initialize success
17:44:08.0901 1896 ============================================================
17:44:08.0901 1896 Scan started
17:44:08.0901 1896 Mode: Manual; SigCheck; TDLFS;
17:44:08.0901 1896 ============================================================
17:44:09.0899 1896 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci.sys
17:44:11.0958 1896 1394ohci - ok
17:44:12.0520 1896 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\drivers\ACPI.sys
17:44:12.0582 1896 ACPI - ok
17:44:12.0863 1896 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\drivers\acpipmi.sys
17:44:13.0191 1896 AcpiPmi - ok
17:44:13.0409 1896 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:44:13.0503 1896 adp94xx - ok
17:44:13.0783 1896 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:44:13.0846 1896 adpahci - ok
17:44:13.0955 1896 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:44:14.0017 1896 adpu320 - ok
17:44:14.0220 1896 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
17:44:14.0392 1896 AFD - ok
17:44:14.0501 1896 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:44:14.0563 1896 agp440 - ok
17:44:14.0688 1896 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:44:14.0719 1896 aic78xx - ok
17:44:14.0969 1896 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:44:15.0031 1896 aliide - ok
17:44:15.0172 1896 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:44:15.0219 1896 amdagp - ok
17:44:15.0406 1896 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:44:15.0453 1896 amdide - ok
17:44:15.0640 1896 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:44:15.0702 1896 AmdK8 - ok
17:44:16.0342 1896 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
17:44:16.0763 1896 amdkmdag - ok
17:44:16.0997 1896 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
17:44:17.0044 1896 amdkmdap - ok
17:44:17.0262 1896 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:44:17.0340 1896 AmdPPM - ok
17:44:17.0465 1896 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\drivers\amdsata.sys
17:44:17.0512 1896 amdsata - ok
17:44:17.0683 1896 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:44:17.0730 1896 amdsbs - ok
17:44:17.0839 1896 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\drivers\amdxata.sys
17:44:17.0886 1896 amdxata - ok
17:44:18.0058 1896 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
17:44:18.0136 1896 AppID - ok
17:44:18.0339 1896 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:44:18.0385 1896 arc - ok
17:44:18.0526 1896 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:44:18.0573 1896 arcsas - ok
17:44:18.0713 1896 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:44:18.0744 1896 AsyncMac - ok
17:44:18.0853 1896 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:44:18.0869 1896 atapi - ok
17:44:19.0009 1896 atitray (6cceb2cb70eaf24df999ebf1dea67ea9) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
17:44:19.0041 1896 atitray ( UnsignedFile.Multi.Generic ) - warning
17:44:19.0041 1896 atitray - detected UnsignedFile.Multi.Generic (1)
17:44:19.0228 1896 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:44:19.0306 1896 b06bdrv - ok
17:44:19.0477 1896 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:44:19.0555 1896 b57nd60x - ok
17:44:19.0680 1896 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:44:19.0758 1896 Beep - ok
17:44:19.0977 1896 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:44:20.0023 1896 blbdrive - ok
17:44:20.0242 1896 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
17:44:20.0351 1896 bowser - ok
17:44:20.0507 1896 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:44:20.0554 1896 BrFiltLo - ok
17:44:20.0835 1896 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:44:20.0897 1896 BrFiltUp - ok
17:44:21.0053 1896 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:44:21.0131 1896 Brserid - ok
17:44:21.0240 1896 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:44:21.0287 1896 BrSerWdm - ok
17:44:21.0786 1896 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:44:21.0880 1896 BrUsbMdm - ok
17:44:22.0426 1896 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:44:22.0566 1896 BrUsbSer - ok
17:44:23.0003 1896 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:44:23.0081 1896 BTHMODEM - ok
17:44:23.0253 1896 catchme - ok
17:44:23.0362 1896 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:44:23.0440 1896 cdfs - ok
17:44:23.0627 1896 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
17:44:23.0736 1896 cdrom - ok
17:44:23.0877 1896 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:44:23.0923 1896 circlass - ok
17:44:24.0079 1896 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:44:24.0111 1896 CLFS - ok
17:44:24.0360 1896 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:44:24.0407 1896 CmBatt - ok
17:44:24.0657 1896 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:44:24.0703 1896 cmdide - ok
17:44:25.0000 1896 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
17:44:25.0062 1896 CNG - ok
17:44:25.0281 1896 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:44:25.0327 1896 Compbatt - ok
17:44:25.0577 1896 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\drivers\CompositeBus.sys
17:44:25.0655 1896 CompositeBus - ok
17:44:25.0717 1896 cpudrv - ok
17:44:25.0873 1896 cpuz130 - ok
17:44:26.0154 1896 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:44:26.0185 1896 crcdisk - ok
17:44:26.0310 1896 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
17:44:26.0388 1896 DfsC - ok
17:44:26.0513 1896 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:44:26.0591 1896 discache - ok
17:44:26.0700 1896 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:44:26.0731 1896 Disk - ok
17:44:26.0872 1896 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:44:26.0934 1896 drmkaud - ok
17:44:27.0059 1896 DrmRAudio (ff6e54b49607cc0f37d675b763735570) C:\Windows\system32\drivers\DrmRAudio.sys
17:44:27.0090 1896 DrmRAudio - ok
17:44:27.0215 1896 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
17:44:27.0324 1896 DXGKrnl - ok
17:44:27.0808 1896 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
17:44:27.0855 1896 e1yexpress - ok
17:44:27.0964 1896 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\Windows\system32\DRIVERS\eamon.sys
17:44:28.0011 1896 eamon - ok
17:44:28.0198 1896 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:44:28.0369 1896 ebdrv - ok
17:44:28.0479 1896 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\Windows\system32\DRIVERS\ehdrv.sys
17:44:28.0510 1896 ehdrv - ok
17:44:28.0619 1896 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:44:28.0713 1896 elxstor - ok
17:44:28.0822 1896 epfwwfpr (e765465a526dccd9fd7ad29d602e150a) C:\Windows\system32\DRIVERS\epfwwfpr.sys
17:44:28.0853 1896 epfwwfpr - ok
17:44:28.0962 1896 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:44:29.0025 1896 ErrDev - ok
17:44:29.0165 1896 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:44:29.0227 1896 exfat - ok
17:44:29.0337 1896 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:44:29.0399 1896 fastfat - ok
17:44:29.0508 1896 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:44:29.0571 1896 fdc - ok
17:44:29.0695 1896 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:44:29.0742 1896 FileInfo - ok
17:44:29.0867 1896 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:44:29.0945 1896 Filetrace - ok
17:44:30.0039 1896 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:44:30.0085 1896 flpydisk - ok
17:44:30.0210 1896 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:44:30.0257 1896 FltMgr - ok
17:44:30.0382 1896 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:44:30.0413 1896 FsDepends - ok
17:44:30.0538 1896 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:44:30.0554 1896 Fs_Rec - ok
17:44:30.0710 1896 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
17:44:30.0756 1896 fvevol - ok
17:44:30.0850 1896 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:44:30.0881 1896 gagp30kx - ok
17:44:31.0006 1896 GarenaPEngine - ok
17:44:31.0115 1896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:44:31.0131 1896 GEARAspiWDM - ok
17:44:31.0256 1896 GGSAFERDriver - ok
17:44:31.0349 1896 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
17:44:31.0365 1896 hamachi - ok
17:44:31.0458 1896 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:44:31.0521 1896 hcw85cir - ok
17:44:31.0677 1896 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
17:44:31.0786 1896 HdAudAddService - ok
17:44:31.0895 1896 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:44:31.0926 1896 HDAudBus - ok
17:44:32.0036 1896 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:44:32.0082 1896 HidBatt - ok
17:44:32.0192 1896 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:44:32.0254 1896 HidBth - ok
17:44:32.0332 1896 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:44:32.0394 1896 HidIr - ok
17:44:32.0488 1896 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
17:44:32.0535 1896 HidUsb - ok
17:44:32.0738 1896 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:44:32.0784 1896 HpSAMD - ok
17:44:32.0909 1896 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
17:44:32.0987 1896 HTTP - ok
17:44:33.0081 1896 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
17:44:33.0128 1896 hwpolicy - ok
17:44:33.0221 1896 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:44:33.0284 1896 i8042prt - ok
17:44:33.0408 1896 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
17:44:33.0471 1896 iaStorV - ok
17:44:33.0564 1896 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:44:33.0596 1896 iirsp - ok
17:44:33.0752 1896 IntcAzAudAddService (202350c0055a39cfca30b2942f7b10d2) C:\Windows\system32\drivers\RTKVHDA.sys
17:44:33.0814 1896 IntcAzAudAddService - ok
17:44:33.0939 1896 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:44:33.0970 1896 intelide - ok
17:44:34.0095 1896 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:44:34.0142 1896 intelppm - ok
17:44:34.0251 1896 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:44:34.0313 1896 IpFilterDriver - ok
17:44:34.0422 1896 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\drivers\IPMIDrv.sys
17:44:34.0469 1896 IPMIDRV - ok
17:44:34.0563 1896 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:44:34.0656 1896 IPNAT - ok
17:44:34.0797 1896 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:44:34.0875 1896 IRENUM - ok
17:44:34.0984 1896 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:44:35.0046 1896 isapnp - ok
17:44:35.0156 1896 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\drivers\msiscsi.sys
17:44:35.0202 1896 iScsiPrt - ok
17:44:35.0312 1896 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:44:35.0358 1896 kbdclass - ok
17:44:35.0452 1896 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
17:44:35.0530 1896 kbdhid - ok
17:44:35.0639 1896 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
17:44:35.0655 1896 KSecDD - ok
17:44:35.0764 1896 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
17:44:35.0795 1896 KSecPkg - ok
17:44:35.0904 1896 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\Windows\system32\DRIVERS\L8042Kbd.sys
17:44:35.0920 1896 L8042Kbd - ok
17:44:36.0014 1896 L8042mou (8a5993705add14352c9a279fa8338334) C:\Windows\system32\DRIVERS\L8042mou.Sys
17:44:36.0029 1896 L8042mou - ok
17:44:36.0154 1896 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:44:36.0170 1896 LHidFilt - ok
17:44:36.0263 1896 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:44:36.0326 1896 lltdio - ok
17:44:36.0357 1896 LMIInfo - ok
17:44:36.0435 1896 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
17:44:36.0466 1896 lmimirr - ok
17:44:36.0544 1896 LMIRfsClientNP - ok
17:44:36.0669 1896 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
17:44:36.0669 1896 LMIRfsDriver - ok
17:44:36.0778 1896 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:44:36.0794 1896 LMouFilt - ok
17:44:36.0903 1896 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\Windows\system32\DRIVERS\LMouKE.Sys
17:44:36.0950 1896 LMouKE - ok
17:44:37.0043 1896 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:44:37.0090 1896 LSI_FC - ok
17:44:37.0184 1896 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:44:37.0215 1896 LSI_SAS - ok
17:44:37.0464 1896 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:44:37.0527 1896 LSI_SAS2 - ok
17:44:37.0636 1896 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:44:37.0683 1896 LSI_SCSI - ok
17:44:37.0776 1896 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:44:37.0854 1896 luafv - ok
17:44:37.0948 1896 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\Windows\system32\Drivers\LUsbFilt.Sys
17:44:37.0979 1896 LUsbFilt - ok
17:44:38.0073 1896 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:44:38.0135 1896 megasas - ok
17:44:38.0229 1896 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:44:38.0276 1896 MegaSR - ok
17:44:38.0416 1896 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:44:38.0494 1896 Modem - ok
17:44:38.0588 1896 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:44:38.0666 1896 monitor - ok
17:44:38.0775 1896 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:44:38.0806 1896 mouclass - ok
17:44:38.0900 1896 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:44:38.0962 1896 mouhid - ok
17:44:39.0056 1896 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
17:44:39.0087 1896 mountmgr - ok
17:44:39.0196 1896 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\drivers\mpio.sys
17:44:39.0243 1896 mpio - ok
17:44:39.0336 1896 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:44:39.0414 1896 mpsdrv - ok
17:44:39.0555 1896 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
17:44:39.0617 1896 MRxDAV - ok
17:44:39.0711 1896 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:44:39.0836 1896 mrxsmb - ok
17:44:39.0929 1896 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:44:39.0992 1896 mrxsmb10 - ok
17:44:40.0085 1896 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:44:40.0132 1896 mrxsmb20 - ok
17:44:40.0257 1896 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
17:44:40.0304 1896 msahci - ok
17:44:40.0413 1896 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
17:44:40.0460 1896 msdsm - ok
17:44:40.0584 1896 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:44:40.0647 1896 Msfs - ok
17:44:40.0740 1896 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:44:40.0803 1896 mshidkmdf - ok
17:44:40.0912 1896 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:44:40.0959 1896 msisadrv - ok
17:44:41.0068 1896 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:44:41.0115 1896 MSKSSRV - ok
17:44:41.0224 1896 msloop (ade6270c1003923e92a9bbba272133a9) C:\Windows\system32\DRIVERS\loop.sys
17:44:41.0255 1896 msloop - ok
17:44:41.0364 1896 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:44:41.0427 1896 MSPCLOCK - ok
17:44:41.0520 1896 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:44:41.0567 1896 MSPQM - ok
17:44:41.0661 1896 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:44:41.0676 1896 MsRPC - ok
17:44:41.0786 1896 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:44:41.0817 1896 mssmbios - ok
17:44:41.0957 1896 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:44:42.0004 1896 MSTEE - ok
17:44:42.0113 1896 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:44:42.0144 1896 MTConfig - ok
17:44:42.0254 1896 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:44:42.0269 1896 Mup - ok
17:44:42.0363 1896 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:44:42.0425 1896 NativeWifiP - ok
17:44:42.0534 1896 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
17:44:42.0581 1896 NDIS - ok
17:44:42.0675 1896 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:44:42.0753 1896 NdisCap - ok
17:44:42.0846 1896 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:44:42.0893 1896 NdisTapi - ok
17:44:43.0002 1896 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
17:44:43.0096 1896 Ndisuio - ok
17:44:43.0190 1896 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
17:44:43.0252 1896 NdisWan - ok
17:44:43.0346 1896 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
17:44:43.0424 1896 NDProxy - ok
17:44:43.0517 1896 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:44:43.0580 1896 NetBIOS - ok
17:44:43.0689 1896 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
17:44:43.0767 1896 NetBT - ok
17:44:43.0876 1896 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:44:43.0907 1896 nfrd960 - ok
17:44:44.0032 1896 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:44:44.0094 1896 Npfs - ok
17:44:44.0204 1896 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:44:44.0266 1896 nsiproxy - ok
17:44:44.0391 1896 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
17:44:44.0484 1896 Ntfs - ok
17:44:44.0562 1896 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:44:44.0625 1896 Null - ok
17:44:44.0734 1896 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\drivers\nvraid.sys
17:44:44.0781 1896 nvraid - ok
17:44:44.0890 1896 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\drivers\nvstor.sys
17:44:44.0968 1896 nvstor - ok
17:44:45.0093 1896 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:44:45.0124 1896 nv_agp - ok
17:44:45.0233 1896 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:44:45.0264 1896 ohci1394 - ok
17:44:45.0420 1896 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:44:45.0483 1896 Parport - ok
17:44:45.0576 1896 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
17:44:45.0639 1896 partmgr - ok
17:44:45.0732 1896 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:44:45.0779 1896 Parvdm - ok
17:44:45.0888 1896 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\drivers\pci.sys
17:44:45.0951 1896 pci - ok
17:44:46.0060 1896 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:44:46.0091 1896 pciide - ok
17:44:46.0200 1896 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:44:46.0247 1896 pcmcia - ok
17:44:46.0341 1896 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:44:46.0372 1896 pcw - ok
17:44:46.0497 1896 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:44:46.0575 1896 PEAUTH - ok
17:44:46.0746 1896 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:44:46.0809 1896 PptpMiniport - ok
17:44:46.0918 1896 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:44:46.0965 1896 Processor - ok
17:44:47.0074 1896 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:44:47.0136 1896 Psched - ok
17:44:47.0261 1896 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:44:47.0370 1896 ql2300 - ok
17:44:47.0480 1896 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:44:47.0511 1896 ql40xx - ok
17:44:47.0620 1896 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:44:47.0667 1896 QWAVEdrv - ok
17:44:47.0760 1896 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:44:47.0823 1896 RasAcd - ok
17:44:47.0932 1896 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:44:47.0994 1896 RasAgileVpn - ok
17:44:48.0088 1896 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:44:48.0135 1896 Rasl2tp - ok
17:44:48.0244 1896 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:44:48.0306 1896 RasPppoe - ok
17:44:48.0416 1896 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:44:48.0494 1896 RasSstp - ok
17:44:48.0587 1896 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
17:44:48.0650 1896 rdbss - ok
17:44:48.0743 1896 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:44:48.0806 1896 rdpbus - ok
17:44:48.0884 1896 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:44:48.0962 1896 RDPCDD - ok
17:44:49.0211 1896 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:44:49.0305 1896 RDPENCDD - ok
17:44:49.0570 1896 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:44:49.0695 1896 RDPREFMP - ok
17:44:49.0773 1896 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
17:44:49.0866 1896 RDPWD - ok
17:44:50.0163 1896 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
17:44:50.0256 1896 rdyboost - ok
17:44:50.0834 1896 RMCAST (b4090006a82eeb608c358ab5d37de85a) C:\Windows\system32\DRIVERS\RMCAST.sys
17:44:50.0912 1896 RMCAST - ok
17:44:51.0286 1896 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:44:51.0364 1896 rspndr - ok
17:44:51.0489 1896 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:44:51.0676 1896 RTL8167 - ok
17:44:51.0879 1896 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\drivers\sbp2port.sys
17:44:51.0926 1896 sbp2port - ok
17:44:52.0097 1896 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
17:44:52.0144 1896 scfilter - ok
17:44:52.0409 1896 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:44:52.0472 1896 secdrv - ok
17:44:52.0628 1896 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:44:52.0674 1896 Serenum - ok
17:44:52.0940 1896 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:44:52.0986 1896 Serial - ok
17:44:53.0080 1896 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:44:53.0158 1896 sermouse - ok
17:44:53.0439 1896 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:44:53.0517 1896 sffdisk - ok
17:44:53.0751 1896 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:44:53.0813 1896 sffp_mmc - ok
17:44:53.0985 1896 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\drivers\sffp_sd.sys
17:44:54.0063 1896 sffp_sd - ok
17:44:54.0281 1896 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:44:54.0359 1896 sfloppy - ok
17:44:54.0546 1896 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:44:54.0578 1896 sisagp - ok
17:44:54.0858 1896 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:44:54.0905 1896 SiSRaid2 - ok
17:44:55.0202 1896 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:44:55.0264 1896 SiSRaid4 - ok
17:44:55.0482 1896 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:44:55.0560 1896 Smb - ok
17:44:55.0716 1896 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:44:55.0732 1896 spldr - ok
17:44:55.0982 1896 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys
17:44:56.0075 1896 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
17:44:56.0075 1896 sptd ( LockedFile.Multi.Generic ) - warning
17:44:56.0075 1896 sptd - detected LockedFile.Multi.Generic (1)
17:44:56.0387 1896 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
17:44:56.0450 1896 srv - ok
17:44:56.0902 1896 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
17:44:57.0042 1896 srv2 - ok
17:44:57.0308 1896 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
17:44:57.0386 1896 srvnet - ok
17:44:57.0604 1896 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
17:44:57.0651 1896 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:44:57.0651 1896 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:44:57.0744 1896 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:44:57.0776 1896 stexstor - ok
17:44:57.0869 1896 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:44:57.0885 1896 swenum - ok
17:44:58.0056 1896 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
17:44:58.0181 1896 Tcpip - ok
17:44:58.0290 1896 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
17:44:58.0337 1896 TCPIP6 - ok
17:44:58.0446 1896 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
17:44:58.0587 1896 tcpipreg - ok
17:44:58.0680 1896 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
17:44:58.0743 1896 TDPIPE - ok
17:44:58.0836 1896 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
17:44:58.0914 1896 TDTCP - ok
17:44:58.0992 1896 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
17:44:59.0104 1896 tdx - ok
17:44:59.0213 1896 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\drivers\termdd.sys
17:44:59.0228 1896 TermDD - ok
17:44:59.0353 1896 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:44:59.0478 1896 tssecsrv - ok
17:44:59.0556 1896 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
17:44:59.0681 1896 tunnel - ok
17:44:59.0774 1896 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:44:59.0806 1896 uagp35 - ok
17:44:59.0884 1896 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
17:44:59.0962 1896 udfs - ok
17:45:00.0071 1896 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:45:00.0102 1896 uliagpkx - ok
17:45:00.0242 1896 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\drivers\umbus.sys
17:45:00.0274 1896 umbus - ok
17:45:00.0398 1896 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:45:00.0430 1896 UmPass - ok
17:45:00.0586 1896 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
17:45:00.0710 1896 USBAAPL - ok
17:45:00.0835 1896 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:00.0882 1896 usbccgp - ok
17:45:01.0034 1896 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:45:01.0075 1896 usbcir - ok
17:45:01.0207 1896 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
17:45:01.0261 1896 usbehci - ok
17:45:01.0461 1896 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
17:45:01.0596 1896 usbhub - ok
17:45:02.0060 1896 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
17:45:02.0134 1896 usbohci - ok
17:45:02.0574 1896 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:45:02.0686 1896 usbprint - ok
17:45:03.0074 1896 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:45:03.0152 1896 usbscan - ok
17:45:03.0584 1896 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:45:03.0676 1896 USBSTOR - ok
17:45:04.0105 1896 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
17:45:04.0185 1896 usbuhci - ok
17:45:04.0502 1896 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:45:04.0536 1896 vdrvroot - ok
17:45:04.0803 1896 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:04.0890 1896 vga - ok
17:45:05.0037 1896 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:45:05.0203 1896 VgaSave - ok
17:45:05.0314 1896 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\drivers\vhdmp.sys
17:45:05.0364 1896 vhdmp - ok
17:45:05.0470 1896 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:45:05.0494 1896 viaagp - ok
17:45:05.0588 1896 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:45:05.0691 1896 ViaC7 - ok
17:45:05.0802 1896 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:45:05.0847 1896 viaide - ok
17:45:05.0966 1896 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\drivers\volmgr.sys
17:45:06.0018 1896 volmgr - ok
17:45:06.0123 1896 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:45:06.0192 1896 volmgrx - ok
17:45:06.0537 1896 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\drivers\volsnap.sys
17:45:06.0690 1896 volsnap - ok
17:45:06.0932 1896 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:45:06.0985 1896 vsmraid - ok
17:45:07.0101 1896 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:45:07.0163 1896 vwifibus - ok
17:45:07.0331 1896 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:45:07.0390 1896 WacomPen - ok
17:45:07.0746 1896 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:45:07.0864 1896 WANARP - ok
17:45:07.0937 1896 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:45:07.0974 1896 Wanarpv6 - ok
17:45:08.0314 1896 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:45:08.0391 1896 Wd - ok
17:45:08.0779 1896 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:45:08.0882 1896 Wdf01000 - ok
17:45:09.0016 1896 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:45:09.0104 1896 WfpLwf - ok
17:45:09.0364 1896 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:45:09.0473 1896 WIMMount - ok
17:45:10.0128 1896 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
17:45:10.0204 1896 WinUsb - ok
17:45:10.0384 1896 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:45:10.0441 1896 WmiAcpi - ok
17:45:10.0609 1896 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:45:10.0768 1896 ws2ifsl - ok
17:45:10.0944 1896 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
17:45:10.0986 1896 WsAudio_DeviceS(1) - ok
17:45:11.0117 1896 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
17:45:11.0156 1896 WsAudio_DeviceS(2) - ok
17:45:11.0279 1896 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
17:45:11.0316 1896 WsAudio_DeviceS(3) - ok
17:45:11.0557 1896 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
17:45:11.0611 1896 WsAudio_DeviceS(4) - ok
17:45:11.0801 1896 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
17:45:11.0846 1896 WsAudio_DeviceS(5) - ok
17:45:12.0016 1896 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
17:45:12.0091 1896 WudfPf - ok
17:45:12.0221 1896 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:12.0272 1896 WUDFRd - ok
17:45:12.0359 1896 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:45:12.0480 1896 \Device\Harddisk0\DR0 - ok
17:45:12.0489 1896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:45:12.0594 1896 \Device\Harddisk1\DR1 - ok
17:45:12.0603 1896 Boot (0x1200) (f0c5e2050656b0eb018800e91346fde0) \Device\Harddisk0\DR0\Partition0
17:45:12.0604 1896 \Device\Harddisk0\DR0\Partition0 - ok
17:45:12.0662 1896 Boot (0x1200) (197b262e14b268a9b25d13c53a737d7b) \Device\Harddisk0\DR0\Partition1
17:45:12.0682 1896 \Device\Harddisk0\DR0\Partition1 - ok
17:45:12.0686 1896 ============================================================
17:45:12.0686 1896 Scan finished
17:45:12.0686 1896 ============================================================
17:45:12.0710 2100 Detected object count: 3
17:45:12.0710 2100 Actual detected object count: 3
17:46:16.0753 2100 atitray ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:16.0753 2100 atitray ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:46:16.0755 2100 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:46:16.0755 2100 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:46:16.0757 2100 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:16.0757 2100 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:46:40.0264 3932 ============================================================
17:46:40.0264 3932 Scan started
17:46:40.0264 3932 Mode: Manual; SigCheck; TDLFS;
17:46:40.0264 3932 ============================================================
17:46:40.0843 3932 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci.sys
17:46:40.0874 3932 1394ohci - ok
17:46:40.0993 3932 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\drivers\ACPI.sys
17:46:41.0014 3932 ACPI - ok
17:46:41.0132 3932 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\drivers\acpipmi.sys
17:46:41.0154 3932 AcpiPmi - ok
17:46:41.0270 3932 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:46:41.0293 3932 adp94xx - ok
17:46:41.0418 3932 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:46:41.0438 3932 adpahci - ok
17:46:41.0569 3932 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:46:41.0587 3932 adpu320 - ok
17:46:41.0970 3932 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
17:46:42.0009 3932 AFD - ok
17:46:42.0122 3932 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:46:42.0139 3932 agp440 - ok
17:46:42.0250 3932 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:46:42.0267 3932 aic78xx - ok
17:46:42.0389 3932 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:46:42.0406 3932 aliide - ok
17:46:42.0520 3932 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:46:42.0535 3932 amdagp - ok
17:46:42.0646 3932 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:46:42.0660 3932 amdide - ok
17:46:42.0770 3932 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:46:42.0790 3932 AmdK8 - ok
17:46:43.0087 3932 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
17:46:43.0233 3932 amdkmdag - ok
17:46:43.0325 3932 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
17:46:43.0349 3932 amdkmdap - ok
17:46:43.0445 3932 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:46:43.0506 3932 AmdPPM - ok
17:46:43.0610 3932 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\drivers\amdsata.sys
17:46:43.0628 3932 amdsata - ok
17:46:43.0759 3932 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:46:43.0777 3932 amdsbs - ok
17:46:43.0872 3932 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\drivers\amdxata.sys
17:46:43.0887 3932 amdxata - ok
17:46:43.0989 3932 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
17:46:44.0010 3932 AppID - ok
17:46:44.0124 3932 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:46:44.0141 3932 arc - ok
17:46:44.0242 3932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:46:44.0268 3932 arcsas - ok
17:46:44.0360 3932 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:44.0395 3932 AsyncMac - ok
17:46:44.0502 3932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:46:44.0516 3932 atapi - ok
17:46:44.0578 3932 atitray (6cceb2cb70eaf24df999ebf1dea67ea9) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
17:46:44.0592 3932 atitray ( UnsignedFile.Multi.Generic ) - warning
17:46:44.0592 3932 atitray - detected UnsignedFile.Multi.Generic (1)
17:46:44.0758 3932 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:46:44.0780 3932 b06bdrv - ok
17:46:44.0931 3932 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:46:44.0952 3932 b57nd60x - ok
17:46:45.0064 3932 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:46:45.0100 3932 Beep - ok
17:46:45.0232 3932 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:46:45.0249 3932 blbdrive - ok
17:46:45.0352 3932 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
17:46:45.0389 3932 bowser - ok
17:46:45.0492 3932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:46:45.0513 3932 BrFiltLo - ok
17:46:45.0610 3932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:46:45.0629 3932 BrFiltUp - ok
17:46:45.0764 3932 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:46:45.0785 3932 Brserid - ok
17:46:45.0895 3932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:46:45.0915 3932 BrSerWdm - ok
17:46:46.0015 3932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:46:46.0034 3932 BrUsbMdm - ok
17:46:46.0132 3932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:46:46.0149 3932 BrUsbSer - ok
17:46:46.0256 3932 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:46:46.0281 3932 BTHMODEM - ok
17:46:46.0374 3932 catchme - ok
17:46:46.0485 3932 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:46:46.0521 3932 cdfs - ok
17:46:46.0636 3932 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
17:46:46.0654 3932 cdrom - ok
17:46:46.0777 3932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:46:46.0797 3932 circlass - ok
17:46:46.0875 3932 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:46:46.0895 3932 CLFS - ok
17:46:47.0010 3932 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:46:47.0028 3932 CmBatt - ok
17:46:47.0142 3932 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:46:47.0156 3932 cmdide - ok
17:46:47.0266 3932 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
17:46:47.0295 3932 CNG - ok
17:46:47.0402 3932 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:46:47.0416 3932 Compbatt - ok
17:46:47.0522 3932 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\drivers\CompositeBus.sys
17:46:47.0541 3932 CompositeBus - ok
17:46:47.0566 3932 cpudrv - ok
17:46:47.0705 3932 cpuz130 - ok
17:46:47.0819 3932 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:46:47.0836 3932 crcdisk - ok
17:46:47.0939 3932 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
17:46:47.0975 3932 DfsC - ok
17:46:48.0097 3932 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:46:48.0140 3932 discache - ok
17:46:48.0233 3932 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:46:48.0248 3932 Disk - ok
17:46:48.0365 3932 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:46:48.0391 3932 drmkaud - ok
17:46:48.0615 3932 DrmRAudio (ff6e54b49607cc0f37d675b763735570) C:\Windows\system32\drivers\DrmRAudio.sys
17:46:48.0625 3932 DrmRAudio - ok
17:46:49.0046 3932 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
17:46:49.0086 3932 DXGKrnl - ok
17:46:49.0354 3932 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
17:46:49.0414 3932 e1yexpress - ok
17:46:49.0632 3932 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\Windows\system32\DRIVERS\eamon.sys
17:46:49.0651 3932 eamon - ok
17:46:49.0828 3932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:46:49.0895 3932 ebdrv - ok
17:46:50.0001 3932 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\Windows\system32\DRIVERS\ehdrv.sys
17:46:50.0015 3932 ehdrv - ok
17:46:50.0132 3932 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:46:50.0155 3932 elxstor - ok
17:46:50.0253 3932 epfwwfpr (e765465a526dccd9fd7ad29d602e150a) C:\Windows\system32\DRIVERS\epfwwfpr.sys
17:46:50.0266 3932 epfwwfpr - ok
17:46:50.0380 3932 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:46:50.0421 3932 ErrDev - ok
17:46:50.0524 3932 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:46:50.0567 3932 exfat - ok
17:46:50.0728 3932 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:46:50.0765 3932 fastfat - ok
17:46:50.0872 3932 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:46:50.0895 3932 fdc - ok
17:46:51.0014 3932 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:46:51.0029 3932 FileInfo - ok
17:46:51.0130 3932 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:46:51.0166 3932 Filetrace - ok
17:46:51.0272 3932 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:46:51.0291 3932 flpydisk - ok
17:46:51.0391 3932 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:46:51.0409 3932 FltMgr - ok
17:46:51.0513 3932 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:46:51.0527 3932 FsDepends - ok
17:46:51.0680 3932 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:46:51.0694 3932 Fs_Rec - ok
17:46:51.0798 3932 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
17:46:51.0818 3932 fvevol - ok
17:46:51.0928 3932 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:46:51.0943 3932 gagp30kx - ok
17:46:52.0024 3932 GarenaPEngine - ok
17:46:52.0116 3932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:46:52.0129 3932 GEARAspiWDM - ok
17:46:52.0208 3932 GGSAFERDriver - ok
17:46:52.0310 3932 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
17:46:52.0321 3932 hamachi - ok
17:46:52.0430 3932 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:46:52.0449 3932 hcw85cir - ok
17:46:52.0553 3932 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
17:46:52.0648 3932 HdAudAddService - ok
17:46:52.0794 3932 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:46:52.0817 3932 HDAudBus - ok
17:46:52.0926 3932 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:46:52.0945 3932 HidBatt - ok
17:46:53.0040 3932 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:46:53.0085 3932 HidBth - ok
17:46:53.0184 3932 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:46:53.0206 3932 HidIr - ok
17:46:53.0314 3932 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
17:46:53.0333 3932 HidUsb - ok
17:46:53.0460 3932 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:46:53.0475 3932 HpSAMD - ok
17:46:53.0591 3932 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
17:46:53.0635 3932 HTTP - ok
17:46:53.0746 3932 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
17:46:53.0761 3932 hwpolicy - ok
17:46:53.0871 3932 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:46:53.0889 3932 i8042prt - ok
17:46:54.0006 3932 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
17:46:54.0027 3932 iaStorV - ok
17:46:54.0130 3932 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:46:54.0148 3932 iirsp - ok
17:46:54.0311 3932 IntcAzAudAddService (202350c0055a39cfca30b2942f7b10d2) C:\Windows\system32\drivers\RTKVHDA.sys
17:46:54.0374 3932 IntcAzAudAddService - ok
17:46:54.0484 3932 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:46:54.0501 3932 intelide - ok
17:46:54.0599 3932 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:46:54.0620 3932 intelppm - ok
17:46:54.0746 3932 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:46:54.0787 3932 IpFilterDriver - ok
17:46:54.0900 3932 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\drivers\IPMIDrv.sys
17:46:54.0920 3932 IPMIDRV - ok
17:46:55.0022 3932 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:46:55.0059 3932 IPNAT - ok
17:46:55.0160 3932 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:46:55.0181 3932 IRENUM - ok
17:46:55.0286 3932 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:46:55.0301 3932 isapnp - ok
17:46:55.0414 3932 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\drivers\msiscsi.sys
17:46:55.0432 3932 iScsiPrt - ok
17:46:55.0551 3932 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:46:55.0567 3932 kbdclass - ok
17:46:55.0726 3932 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
17:46:55.0745 3932 kbdhid - ok
17:46:55.0903 3932 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
17:46:55.0922 3932 KSecDD - ok
17:46:56.0014 3932 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
17:46:56.0054 3932 KSecPkg - ok
17:46:56.0166 3932 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\Windows\system32\DRIVERS\L8042Kbd.sys
17:46:56.0179 3932 L8042Kbd - ok
17:46:56.0270 3932 L8042mou (8a5993705add14352c9a279fa8338334) C:\Windows\system32\DRIVERS\L8042mou.Sys
17:46:56.0283 3932 L8042mou - ok
17:46:56.0389 3932 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:46:56.0400 3932 LHidFilt - ok
17:46:56.0495 3932 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:46:56.0531 3932 lltdio - ok
17:46:56.0555 3932 LMIInfo - ok
17:46:56.0694 3932 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
17:46:56.0705 3932 lmimirr - ok
17:46:56.0787 3932 LMIRfsClientNP - ok
17:46:56.0899 3932 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
17:46:56.0910 3932 LMIRfsDriver - ok
17:46:57.0007 3932 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:46:57.0018 3932 LMouFilt - ok
17:46:57.0111 3932 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\Windows\system32\DRIVERS\LMouKE.Sys
17:46:57.0178 3932 LMouKE - ok
17:46:57.0260 3932 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:46:57.0275 3932 LSI_FC - ok
17:46:57.0379 3932 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:46:57.0389 3932 LSI_SAS - ok
17:46:57.0487 3932 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:46:57.0497 3932 LSI_SAS2 - ok
17:46:57.0602 3932 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:46:57.0618 3932 LSI_SCSI - ok
17:46:57.0762 3932 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:46:57.0804 3932 luafv - ok
17:46:57.0904 3932 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\Windows\system32\Drivers\LUsbFilt.Sys
17:46:57.0915 3932 LUsbFilt - ok
17:46:58.0010 3932 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:46:58.0024 3932 megasas - ok
17:46:58.0122 3932 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:46:58.0148 3932 MegaSR - ok
17:46:58.0298 3932 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:46:58.0350 3932 Modem - ok
17:46:58.0449 3932 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:46:58.0461 3932 monitor - ok
17:46:58.0574 3932 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:46:58.0584 3932 mouclass - ok
17:46:58.0719 3932 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:46:58.0739 3932 mouhid - ok
17:46:58.0818 3932 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
17:46:58.0833 3932 mountmgr - ok
17:46:58.0949 3932 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\drivers\mpio.sys
17:46:58.0967 3932 mpio - ok
17:46:59.0052 3932 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:46:59.0091 3932 mpsdrv - ok
17:46:59.0190 3932 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
17:46:59.0237 3932 MRxDAV - ok
17:46:59.0320 3932 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:46:59.0341 3932 mrxsmb - ok
17:46:59.0605 3932 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:46:59.0626 3932 mrxsmb10 - ok
17:46:59.0982 3932 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:00.0002 3932 mrxsmb20 - ok
17:47:00.0236 3932 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
17:47:00.0252 3932 msahci - ok
17:47:00.0419 3932 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
17:47:00.0435 3932 msdsm - ok
17:47:00.0591 3932 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:47:00.0632 3932 Msfs - ok
17:47:01.0176 3932 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:47:01.0234 3932 mshidkmdf - ok
17:47:01.0519 3932 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:47:01.0537 3932 msisadrv - ok
17:47:01.0717 3932 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:47:01.0753 3932 MSKSSRV - ok
17:47:01.0857 3932 msloop (ade6270c1003923e92a9bbba272133a9) C:\Windows\system32\DRIVERS\loop.sys
17:47:01.0877 3932 msloop - ok
17:47:01.0969 3932 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:47:02.0011 3932 MSPCLOCK - ok
17:47:02.0126 3932 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:47:02.0162 3932 MSPQM - ok
17:47:02.0390 3932 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:47:02.0409 3932 MsRPC - ok
17:47:02.0712 3932 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:47:02.0727 3932 mssmbios - ok
17:47:02.0958 3932 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:47:02.0994 3932 MSTEE - ok
17:47:03.0095 3932 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:47:03.0137 3932 MTConfig - ok
17:47:03.0234 3932 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:47:03.0249 3932 Mup - ok
17:47:03.0356 3932 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:47:03.0403 3932 NativeWifiP - ok
17:47:03.0519 3932 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
17:47:03.0547 3932 NDIS - ok
17:47:03.0684 3932 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:47:03.0728 3932 NdisCap - ok
17:47:03.0824 3932 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:47:03.0860 3932 NdisTapi - ok
17:47:03.0959 3932 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
17:47:03.0995 3932 Ndisuio - ok
17:47:04.0093 3932 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
17:47:04.0130 3932 NdisWan - ok
17:47:04.0222 3932 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
17:47:04.0258 3932 NDProxy - ok
17:47:04.0357 3932 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:47:04.0436 3932 NetBIOS - ok
17:47:04.0555 3932 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
17:47:04.0592 3932 NetBT - ok
17:47:04.0744 3932 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:47:04.0808 3932 nfrd960 - ok
17:47:04.0898 3932 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:47:04.0941 3932 Npfs - ok
17:47:05.0191 3932 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:47:05.0231 3932 nsiproxy - ok
17:47:05.0694 3932 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
17:47:05.0765 3932 Ntfs - ok
17:47:05.0876 3932 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:47:05.0928 3932 Null - ok
17:47:06.0040 3932 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\drivers\nvraid.sys
17:47:06.0061 3932 nvraid - ok
17:47:06.0177 3932 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\drivers\nvstor.sys
17:47:06.0198 3932 nvstor - ok
17:47:06.0299 3932 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:47:06.0319 3932 nv_agp - ok
17:47:06.0431 3932 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:47:06.0451 3932 ohci1394 - ok
17:47:06.0560 3932 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:47:06.0583 3932 Parport - ok
17:47:06.0719 3932 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
17:47:06.0734 3932 partmgr - ok
17:47:06.0845 3932 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:47:06.0864 3932 Parvdm - ok
17:47:06.0980 3932 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\drivers\pci.sys
17:47:07.0020 3932 pci - ok
17:47:07.0134 3932 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:47:07.0171 3932 pciide - ok
17:47:07.0275 3932 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:47:07.0293 3932 pcmcia - ok
17:47:07.0395 3932 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:47:07.0410 3932 pcw - ok
17:47:07.0508 3932 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:47:07.0557 3932 PEAUTH - ok
17:47:07.0749 3932 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:47:07.0790 3932 PptpMiniport - ok
17:47:08.0011 3932 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:47:08.0031 3932 Processor - ok
17:47:08.0294 3932 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:47:08.0370 3932 Psched - ok
17:47:08.0513 3932 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:47:08.0561 3932 ql2300 - ok
17:47:08.0701 3932 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:47:08.0717 3932 ql40xx - ok
17:47:08.0819 3932 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:47:08.0843 3932 QWAVEdrv - ok
17:47:08.0938 3932 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:47:08.0977 3932 RasAcd - ok
17:47:09.0080 3932 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:47:09.0121 3932 RasAgileVpn - ok
17:47:09.0210 3932 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:47:09.0250 3932 Rasl2tp - ok
17:47:09.0361 3932 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:47:09.0401 3932 RasPppoe - ok
17:47:09.0499 3932 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:47:09.0539 3932 RasSstp - ok
17:47:09.0703 3932 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
17:47:09.0744 3932 rdbss - ok
17:47:09.0844 3932 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:47:09.0865 3932 rdpbus - ok
17:47:09.0960 3932 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:47:09.0998 3932 RDPCDD - ok
17:47:10.0103 3932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:47:10.0142 3932 RDPENCDD - ok
17:47:10.0261 3932 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:47:10.0296 3932 RDPREFMP - ok
17:47:10.0577 3932 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
17:47:10.0624 3932 RDPWD - ok
17:47:10.0940 3932 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
17:47:10.0959 3932 rdyboost - ok
17:47:11.0170 3932 RMCAST (b4090006a82eeb608c358ab5d37de85a) C:\Windows\system32\DRIVERS\RMCAST.sys
17:47:11.0210 3932 RMCAST - ok
17:47:11.0316 3932 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:47:11.0354 3932 rspndr - ok
17:47:11.0457 3932 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:47:11.0491 3932 RTL8167 - ok
17:47:11.0605 3932 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\drivers\sbp2port.sys
17:47:11.0622 3932 sbp2port - ok
17:47:11.0748 3932 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
17:47:11.0783 3932 scfilter - ok
17:47:11.0892 3932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:47:11.0931 3932 secdrv - ok
17:47:12.0038 3932 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:47:12.0056 3932 Serenum - ok
17:47:12.0157 3932 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:47:12.0175 3932 Serial - ok
17:47:12.0285 3932 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:47:12.0303 3932 sermouse - ok
17:47:12.0425 3932 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:47:12.0444 3932 sffdisk - ok
17:47:12.0548 3932 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:47:12.0567 3932 sffp_mmc - ok
17:47:12.0734 3932 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\drivers\sffp_sd.sys
17:47:12.0753 3932 sffp_sd - ok
17:47:12.0846 3932 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:47:12.0864 3932 sfloppy - ok
17:47:12.0977 3932 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:47:13.0015 3932 sisagp - ok
17:47:13.0113 3932 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:47:13.0128 3932 SiSRaid2 - ok
17:47:13.0375 3932 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:47:13.0390 3932 SiSRaid4 - ok
17:47:13.0571 3932 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:47:13.0608 3932 Smb - ok
17:47:13.0748 3932 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:47:13.0764 3932 spldr - ok
17:47:13.0871 3932 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys
17:47:13.0871 3932 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
17:47:13.0873 3932 sptd ( LockedFile.Multi.Generic ) - warning
17:47:13.0873 3932 sptd - detected LockedFile.Multi.Generic (1)
17:47:13.0996 3932 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
17:47:14.0018 3932 srv - ok
17:47:14.0131 3932 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
17:47:14.0170 3932 srv2 - ok
17:47:14.0272 3932 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
17:47:14.0290 3932 srvnet - ok
17:47:14.0383 3932 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
17:47:14.0389 3932 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:47:14.0389 3932 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:47:14.0494 3932 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:47:14.0508 3932 stexstor - ok
17:47:14.0747 3932 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:47:14.0761 3932 swenum - ok
17:47:14.0908 3932 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
17:47:14.0952 3932 Tcpip - ok
17:47:15.0083 3932 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
17:47:15.0130 3932 TCPIP6 - ok
17:47:15.0242 3932 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
17:47:15.0286 3932 tcpipreg - ok
17:47:15.0391 3932 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
17:47:15.0427 3932 TDPIPE - ok
17:47:15.0533 3932 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
17:47:15.0570 3932 TDTCP - ok
17:47:15.0876 3932 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
17:47:15.0913 3932 tdx - ok
17:47:16.0018 3932 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\drivers\termdd.sys
17:47:16.0033 3932 TermDD - ok
17:47:16.0154 3932 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:47:16.0190 3932 tssecsrv - ok
17:47:16.0334 3932 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
17:47:16.0371 3932 tunnel - ok
17:47:16.0454 3932 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:47:16.0471 3932 uagp35 - ok
17:47:16.0580 3932 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
17:47:16.0627 3932 udfs - ok
17:47:16.0752 3932 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:47:16.0794 3932 uliagpkx - ok
17:47:16.0913 3932 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\drivers\umbus.sys
17:47:16.0931 3932 umbus - ok
17:47:17.0030 3932 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:47:17.0048 3932 UmPass - ok
17:47:17.0154 3932 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
17:47:17.0173 3932 USBAAPL - ok
17:47:17.0302 3932 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
17:47:17.0321 3932 usbccgp - ok
17:47:17.0414 3932 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:47:17.0440 3932 usbcir - ok
17:47:17.0537 3932 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
17:47:17.0555 3932 usbehci - ok
17:47:17.0732 3932 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
17:47:17.0753 3932 usbhub - ok
17:47:17.0874 3932 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
17:47:17.0891 3932 usbohci - ok
17:47:18.0123 3932 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:47:18.0143 3932 usbprint - ok
17:47:18.0423 3932 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:47:18.0442 3932 usbscan - ok
17:47:18.0782 3932 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:47:18.0801 3932 USBSTOR - ok
17:47:18.0921 3932 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
17:47:18.0938 3932 usbuhci - ok
17:47:19.0052 3932 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:47:19.0067 3932 vdrvroot - ok
17:47:19.0170 3932 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:47:19.0213 3932 vga - ok
17:47:19.0309 3932 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:47:19.0345 3932 VgaSave - ok
17:47:19.0453 3932 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\drivers\vhdmp.sys
17:47:19.0470 3932 vhdmp - ok
17:47:19.0580 3932 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:47:19.0595 3932 viaagp - ok
17:47:19.0739 3932 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:47:19.0757 3932 ViaC7 - ok
17:47:19.0869 3932 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:47:19.0884 3932 viaide - ok
17:47:20.0002 3932 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\drivers\volmgr.sys
17:47:20.0017 3932 volmgr - ok
17:47:20.0125 3932 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:47:20.0144 3932 volmgrx - ok
17:47:20.0282 3932 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\drivers\volsnap.sys
17:47:20.0300 3932 volsnap - ok
17:47:20.0402 3932 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:47:20.0420 3932 vsmraid - ok
17:47:20.0521 3932 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:47:20.0541 3932 vwifibus - ok
17:47:20.0685 3932 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:47:20.0703 3932 WacomPen - ok
17:47:20.0825 3932 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:20.0862 3932 WANARP - ok
17:47:20.0916 3932 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:20.0953 3932 Wanarpv6 - ok
17:47:21.0194 3932 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:47:21.0209 3932 Wd - ok
17:47:21.0492 3932 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:47:21.0514 3932 Wdf01000 - ok
17:47:21.0812 3932 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:47:21.0849 3932 WfpLwf - ok
17:47:22.0111 3932 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:47:22.0129 3932 WIMMount - ok
17:47:22.0384 3932 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
17:47:22.0404 3932 WinUsb - ok
17:47:22.0715 3932 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:47:22.0735 3932 WmiAcpi - ok
17:47:23.0015 3932 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:47:23.0052 3932 ws2ifsl - ok
17:47:23.0275 3932 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
17:47:23.0288 3932 WsAudio_DeviceS(1) - ok
17:47:23.0373 3932 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
17:47:23.0383 3932 WsAudio_DeviceS(2) - ok
17:47:23.0485 3932 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
17:47:23.0495 3932 WsAudio_DeviceS(3) - ok
17:47:23.0597 3932 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
17:47:23.0607 3932 WsAudio_DeviceS(4) - ok
17:47:23.0749 3932 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
17:47:23.0759 3932 WsAudio_DeviceS(5) - ok
17:47:23.0873 3932 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
17:47:23.0910 3932 WudfPf - ok
17:47:24.0003 3932 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:47:24.0043 3932 WUDFRd - ok
17:47:24.0075 3932 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:47:24.0196 3932 \Device\Harddisk0\DR0 - ok
17:47:24.0200 3932 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:47:24.0248 3932 \Device\Harddisk1\DR1 - ok
17:47:24.0252 3932 Boot (0x1200) (f0c5e2050656b0eb018800e91346fde0) \Device\Harddisk0\DR0\Partition0
17:47:24.0254 3932 \Device\Harddisk0\DR0\Partition0 - ok
17:47:24.0295 3932 Boot (0x1200) (197b262e14b268a9b25d13c53a737d7b) \Device\Harddisk0\DR0\Partition1
17:47:24.0296 3932 \Device\Harddisk0\DR0\Partition1 - ok
17:47:24.0296 3932 ============================================================
17:47:24.0296 3932 Scan finished
17:47:24.0296 3932 ============================================================
17:47:24.0314 3856 Detected object count: 3
17:47:24.0314 3856 Actual detected object count: 3
17:47:32.0549 3856 atitray ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:32.0549 3856 atitray ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:32.0553 3856 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:47:32.0553 3856 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:47:32.0556 3856 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:32.0556 3856 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:34.0210 3780 Deinitialize success
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I'm sorry for the late reply.

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
Daniel Tasayco

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Graphics drivers still crashes on certain processes =( Hope a reinstall will fix it

-------------------------------
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Skippan :: PC [administrator]

Protection: Disabled

28/12/2011 15:52:33
mbam-log-2011-12-28 (15-52-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240540
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Daniel Tasayco, 28 December 2011 - 04:19 PM.

  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

Advertisements


#11
Daniel Tasayco

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 28/12/2011 19:42:32 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Instaladores\Portatiles
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 50,34% Memory free
3,93 Gb Paging File | 2,17 Gb Available in Paging File | 55,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 7,47 Gb Free Space | 19,12% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,80 Gb Free Space | 44,54% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 21,32 Gb Free Space | 14,31% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/21 13:34:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Instaladores\Portatiles\OTL.exe
PRC - [2011/10/25 21:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/01 23:45:51 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Steam1\steam.exe
PRC - [2011/05/24 11:02:16 | 000,929,792 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 13:18:13 | 014,410,024 | ---- | M] () -- G:\Steam1\bin\libcef.dll
MOD - [2011/12/08 13:18:13 | 000,214,528 | ---- | M] () -- G:\Steam1\bin\mssvoice.asi
MOD - [2011/12/08 13:18:13 | 000,095,744 | ---- | M] () -- G:\Steam1\bin\mssmp3.asi
MOD - [2011/12/08 13:18:09 | 000,194,344 | ---- | M] () -- G:\Steam1\bin\chromehtml.dll
MOD - [2011/12/08 13:18:07 | 000,091,432 | ---- | M] () -- G:\Steam1\bin\avutil-50.dll
MOD - [2011/12/08 13:18:05 | 000,155,432 | ---- | M] () -- G:\Steam1\bin\avformat-52.dll
MOD - [2011/12/08 13:18:03 | 000,914,216 | ---- | M] () -- G:\Steam1\bin\avcodec-52.dll
MOD - [2011/10/14 09:14:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ae9d0d1289e64e7bf042108e547251ac\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 08:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 08:36:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 08:36:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 08:36:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/02/19 16:14:48 | 000,187,904 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/04/11 11:33:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_intelcpu.dll
MOD - [2008/04/09 11:08:46 | 000,016,896 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_amdcore.dll
MOD - [2007/09/14 10:35:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_cpuload.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/03/07 07:26:34 | 000,077,824 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\support.dll
MOD - [2007/03/07 07:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\kbdhook.dll
MOD - [2007/01/03 15:09:46 | 000,017,408 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll
MOD - [2006/12/26 12:53:28 | 000,019,456 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll
MOD - [2006/12/25 04:02:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll
MOD - [2005/11/29 12:38:20 | 000,023,552 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll
MOD - [2005/11/29 12:34:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\pciset.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 15:26:36 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/02 09:29:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Project\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2011/12/27 20:52:26 | 000,022,112 | -HS- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/25 22:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/25 20:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/27 05:35:12 | 000,020,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/11/20 17:27:45 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/09/11 08:14:02 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/13 18:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 18:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Controlador de conexiones de red Gigabit Intel®
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-pe
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA BA 3A E8 79 5A CA 01 [binary data]
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50929

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Project\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Project\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2011/12/24 11:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2011/11/02 20:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/31 19:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5

[2011/02/24 15:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]
[2010/08/02 20:04:18 | 000,002,388 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-images-album-art-300x300.xml
[2010/08/02 20:03:24 | 000,002,686 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-imgenes.xml
[2009/05/25 18:53:21 | 000,002,996 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\imdb.xml
[2010/03/21 13:44:33 | 000,004,859 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\isohunt--bt-search.xml
[2011/12/04 15:14:13 | 000,000,727 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\podnapisinet.xml
[2009/07/20 21:39:58 | 000,002,305 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\rae---dle-aproximacin.xml
[2009/04/21 19:08:09 | 000,001,330 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-en.xml
[2009/11/11 14:37:26 | 000,001,348 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-es.xml
[2011/12/07 07:45:22 | 000,001,997 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wolframalpha.xml
[2009/04/20 16:27:00 | 000,001,546 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowhead.xml
[2009/04/20 15:46:21 | 000,001,905 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowwiki-en.xml
[2009/04/20 15:20:23 | 000,002,379 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wr-english-spanish.xml
[2009/05/25 18:53:21 | 000,002,431 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\youtube.xml
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/12/25 17:24:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Project\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [F.lux] C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - D:\Project\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\..Trusted Ranges: Range1979 ([http] in Sitios de confianza)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FAC8AF-9297-40D3-94EF-BDB2CC4BCE6D}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 10:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 10:15:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 10:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 10:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\temp
[2011/12/25 17:24:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 16:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 16:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 16:52:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 16:52:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 16:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 16:39:28 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Skippan\Desktop\tdsskiller.exe
[2011/12/25 16:24:58 | 004,351,768 | R--- | C] (Swearware) -- C:\Users\Skippan\Desktop\Combo-Fix.exe
[2011/12/25 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2011/12/25 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/24 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/12/24 10:47:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/12/24 10:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/12/23 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Skippan\Documents\23-12-2011
[2011/12/23 19:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/23 19:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/23 17:35:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/23 17:35:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/23 17:35:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/21 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes-BackupByMalwarebytesPortable
[2011/12/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Malwarebytes
[2011/12/18 21:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/12/18 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/12/15 07:59:46 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/15 07:59:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/15 07:59:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/15 07:59:43 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/15 07:59:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/15 07:59:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/15 07:59:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 07:59:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 07:59:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 07:59:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 07:59:36 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/15 07:59:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/15 07:59:27 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 07:59:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/15 07:58:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 07:58:31 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 07:58:30 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 07:58:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 16:01:15 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/12/11 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{52AF3B7A-6DCB-434D-AA54-64B91158BA46}
[2011/12/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{DCC9C6D0-1E4A-4936-93CF-2A5DAA2C39F9}
[2011/12/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/11 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 13:32:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/09 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA580
[2011/12/09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/12/08 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ornamentum
[2011/12/04 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{B20F920D-DEEB-4821-82E5-99D6E6B81E27}
[2011/12/04 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{28944516-6CCF-4523-AD5D-A442BAFB1F2A}
[2011/12/04 22:12:43 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{7C8F2549-141E-4080-880B-7FA20C6B13EA}
[2011/11/30 20:02:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{946A01C8-53FC-4D24-8EA6-963A9142ED56}
[2011/11/30 20:01:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{66261D72-6ECD-4E51-AE89-4BACB5875D0C}
[2011/11/30 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2011/11/30 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\Windows Live Writer
[2011/11/29 22:04:51 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/29 22:04:21 | 000,000,000 | ---D | C] -- C:\Windows\es
[2011/11/29 21:49:43 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/11/29 21:49:42 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/11/29 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\Windows Live

========== Files - Modified Within 30 Days ==========

[2011/12/28 16:52:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 16:52:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 16:45:16 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/12/28 16:45:07 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2011/12/28 16:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 16:44:43 | 304,751,267 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/28 16:44:41 | 1582,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 09:53:00 | 000,176,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/12/26 19:12:34 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/12/26 19:12:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/26 19:12:34 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/12/26 19:12:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/25 17:24:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/25 16:48:10 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Skippan\Desktop\tdsskiller.exe
[2011/12/25 16:25:45 | 004,351,768 | R--- | M] (Swearware) -- C:\Users\Skippan\Desktop\Combo-Fix.exe
[2011/12/25 15:19:06 | 000,000,132 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/23 17:35:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/23 17:35:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/23 17:35:08 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/23 17:35:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/17 11:11:50 | 000,000,285 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/12/15 14:52:24 | 003,772,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 16:01:16 | 000,013,107 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/12/28 16:44:43 | 304,751,267 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 16:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 16:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 16:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 16:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/25 16:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 16:01:16 | 000,013,107 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/11/29 22:04:07 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/29 22:03:33 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/29 22:00:29 | 000,002,392 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/25 20:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/25 20:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/27 17:49:34 | 000,000,285 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/07/16 14:17:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/07/08 22:36:24 | 003,772,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/26 14:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 15:58:50 | 000,155,090 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/02/01 23:19:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 07:46:36 | 000,000,132 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/19 14:15:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/15 22:38:37 | 000,001,456 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2010/09/14 20:09:58 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/03 21:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/02 18:55:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/27 19:08:03 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/04/04 22:30:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/04 22:30:51 | 000,002,678 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/03/02 16:55:36 | 000,022,328 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\PnkBstrK.sys
[2010/02/20 22:32:22 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/20 22:31:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/15 09:25:06 | 000,176,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 12:49:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/23 20:24:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 14:44:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95DBFB04A2.sys
[2009/11/09 14:44:22 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 18:46:58 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/31 18:46:58 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/31 18:05:53 | 000,007,611 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2009/07/14 03:48:37 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/07/14 03:48:37 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/07/14 03:48:37 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/07/14 03:48:37 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/20 14:08:13 | 009,226,664 | ---- | C] () -- C:\Users\Skippan\AppData\Local\IconCache (1).db
[2009/04/19 20:07:16 | 000,034,816 | ---- | C] () -- C:\Users\Skippan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 20:03:15 | 000,072,744 | ---- | C] () -- C:\Users\Skippan\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/02/04 13:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2010/05/01 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\bitolithic
[2010/08/16 16:20:31 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DAEMON Tools Lite
[2010/11/20 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DAEMON Tools Pro
[2011/12/23 17:22:37 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DMCache
[2010/01/29 23:01:28 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\fofix
[2011/03/04 15:52:24 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\Foxit Software
[2011/09/23 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\GarenaMessenger
[2011/12/28 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\GarenaPlus
[2011/12/15 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\IDM
[2010/11/22 15:53:15 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\LoadScout
[2011/06/04 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\LolClient
[2011/06/01 13:09:35 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/08/01 15:21:34 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TeraCopy
[2010/06/02 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TS3Client
[2009/11/15 01:27:08 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TuneUp Software
[2011/12/15 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\uTorrent
[2011/12/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/04/25 23:52:16 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Amazon
[2011/12/28 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2010/05/01 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\bitolithic
[2010/12/06 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\BitTorrent
[2011/12/01 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Braid
[2011/12/24 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/07/21 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\calibre
[2010/11/27 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Canneverbe Limited
[2010/09/19 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/31 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Criterion Games
[2011/12/11 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\DMCache
[2011/02/07 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\fofix
[2009/10/31 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit
[2011/06/14 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit Software
[2011/01/26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Leadertech
[2010/08/17 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LG Electronics
[2010/11/21 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LoadScout
[2011/02/24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Logia
[2011/11/01 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\MinMaxGames
[2011/03/07 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\mkvtoolnix
[2010/11/28 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Mount&Blade Warband
[2011/07/22 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/12/23 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Opera
[2010/12/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Polynomial
[2011/07/26 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Rainmeter
[2010/08/16 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Red Alert 3
[2011/12/25 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TeraCopy
[2009/10/31 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\The Creative Assembly
[2009/11/14 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TuneUp Software
[2010/04/23 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Ubisoft
[2011/12/24 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\uTorrent
[2011/08/08 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Watchtower
[2011/11/30 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2009/11/01 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\WUU
[2010/06/17 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\Facebook
[2011/08/31 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\Foxit Software
[2010/08/16 16:21:53 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\IDM
[2009/11/16 10:09:11 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\TuneUp Software
[2011/02/24 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\calibre
[2010/09/18 15:27:25 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/23 08:47:07 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\DMCache
[2011/06/12 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\Foxit Software
[2011/12/10 11:46:27 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\IDM
[2011/08/01 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/04 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\TeraCopy
[2009/11/16 06:40:34 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\TuneUp Software
[2011/04/05 08:02:42 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\Watchtower
[2011/12/28 16:45:16 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/12/02 15:27:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ShowIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --show-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\HideIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --hide-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ReinstallCommand: "C:\Program Files\SRWare Iron\iron.exe" --make-default-browser [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\shell\open\command\\: "C:\Program Files\SRWare Iron\iron.exe" [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /HideShortcuts [2011/12/24 11:51:33 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /ShowShortcuts [2011/12/24 11:51:33 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/24 11:51:33 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -preferences [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -safe-mode [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ShowIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --show-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\HideIconsCommand: "C:\Program Files\SRWare Iron\iron.exe" --hide-icons [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\InstallInfo\\ReinstallCommand: "C:\Program Files\SRWare Iron\iron.exe" --make-default-browser [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Chromium\shell\open\command\\: "C:\Program Files\SRWare Iron\iron.exe" [2011/06/01 15:35:36 | 001,176,064 | ---- | M] (SRWare)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /HideShortcuts [2011/12/24 11:51:33 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /ShowShortcuts [2011/12/24 11:51:33 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/24 11:51:33 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -preferences [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe" -safe-mode [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Step 1

Please uninstall following programs (if present):
  • Conduit Engine

How to unistall program in Windows Vista & 7:

  • Open Programs and Features by clicking the Start button Posted Image, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Select a program(s) listed above, and then click Uninstall. Some programs include the option to change or repair the program in addition to uninstalling it. But many simply offer the option to uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Step 2

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    IE - HKLM\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50929
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
      	
    :Files
    ipconfig /flushdns /c
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • OTL quick scan log

  • 0

#13
Daniel Tasayco

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Program Files\Messenger_Plus\prxtbMess.dll not found.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50929 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Program Files\Messenger_Plus\prxtbMess.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
G:\Instaladores\Portatiles\cmd.bat deleted successfully.
G:\Instaladores\Portatiles\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: floppyc
->Temp folder emptied: 451604 bytes
->Temporary Internet Files folder emptied: 1967643 bytes
->Java cache emptied: 9163502 bytes
->FireFox cache emptied: 60060857 bytes
->Flash cache emptied: 7842 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Skippan
->Temp folder emptied: 31839137 bytes
->Temporary Internet Files folder emptied: 2630939 bytes
->Java cache emptied: 3751897 bytes
->FireFox cache emptied: 705284829 bytes
->Flash cache emptied: 22087 bytes

User: Thymaris
->Temp folder emptied: 59487 bytes
->Temporary Internet Files folder emptied: 528107 bytes
->Java cache emptied: 7881744 bytes
->FireFox cache emptied: 52817591 bytes
->Flash cache emptied: 50502 bytes

User: vencer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5281281 bytes
->Java cache emptied: 5121985 bytes
->FireFox cache emptied: 178320620 bytes
->Flash cache emptied: 64189 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 924143728 bytes
RecycleBin emptied: 1857144470 bytes

Total Files Cleaned = 3 668,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: floppyc
->Java cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

User: Skippan
->Java cache emptied: 0 bytes

User: Thymaris
->Java cache emptied: 0 bytes

User: vencer
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: floppyc
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

User: Skippan
->Flash cache emptied: 0 bytes

User: Thymaris
->Flash cache emptied: 0 bytes

User: vencer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_104510

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 29/12/2011 10:55:41 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Instaladores\Portatiles
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,68% Memory free
3,93 Gb Paging File | 2,77 Gb Available in Paging File | 70,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 9,32 Gb Free Space | 23,85% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,81 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 23,02 Gb Free Space | 15,45% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
PRC - [2011/12/24 11:51:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugin-container.exe
PRC - [2011/12/21 13:34:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Instaladores\Portatiles\OTL.exe
PRC - [2011/10/25 21:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/24 11:51:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\mozjs.dll
MOD - [2011/11/17 17:59:15 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 09:54:16 | 000,930,304 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/10/14 09:14:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ae9d0d1289e64e7bf042108e547251ac\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 08:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 08:36:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 08:36:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 08:36:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 15:26:36 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/02 09:29:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Project\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2011/12/27 20:52:26 | 000,022,112 | -HS- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/25 22:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/25 20:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/27 05:35:12 | 000,020,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/11/20 17:27:45 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/09/11 08:14:02 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/13 18:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 18:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Controlador de conexiones de red Gigabit Intel®
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-pe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA BA 3A E8 79 5A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50929

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Project\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Project\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2011/12/24 11:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2011/11/02 20:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/31 19:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5

[2011/02/24 15:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]
[2010/08/02 20:04:18 | 000,002,388 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-images-album-art-300x300.xml
[2010/08/02 20:03:24 | 000,002,686 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-imgenes.xml
[2009/05/25 18:53:21 | 000,002,996 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\imdb.xml
[2010/03/21 13:44:33 | 000,004,859 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\isohunt--bt-search.xml
[2011/12/04 15:14:13 | 000,000,727 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\podnapisinet.xml
[2009/07/20 21:39:58 | 000,002,305 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\rae---dle-aproximacin.xml
[2009/04/21 19:08:09 | 000,001,330 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-en.xml
[2009/11/11 14:37:26 | 000,001,348 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-es.xml
[2011/12/07 07:45:22 | 000,001,997 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wolframalpha.xml
[2009/04/20 16:27:00 | 000,001,546 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowhead.xml
[2009/04/20 15:46:21 | 000,001,905 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowwiki-en.xml
[2009/04/20 15:20:23 | 000,002,379 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wr-english-spanish.xml
[2009/05/25 18:53:21 | 000,002,431 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\youtube.xml
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/12/29 10:45:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Project\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [F.lux] C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - D:\Project\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Sitios de confianza)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FAC8AF-9297-40D3-94EF-BDB2CC4BCE6D}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 10:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 10:15:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 10:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 10:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\temp
[2011/12/25 17:24:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 16:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 16:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 16:52:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 16:52:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 16:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 16:39:28 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Skippan\Desktop\tdsskiller.exe
[2011/12/25 16:24:58 | 004,351,768 | R--- | C] (Swearware) -- C:\Users\Skippan\Desktop\Combo-Fix.exe
[2011/12/25 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2011/12/25 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/24 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/12/24 10:47:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/12/24 10:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/12/23 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Skippan\Documents\23-12-2011
[2011/12/23 19:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/23 19:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/21 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes-BackupByMalwarebytesPortable
[2011/12/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Malwarebytes
[2011/12/18 21:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/12/18 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/12/13 16:01:15 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/12/11 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{52AF3B7A-6DCB-434D-AA54-64B91158BA46}
[2011/12/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{DCC9C6D0-1E4A-4936-93CF-2A5DAA2C39F9}
[2011/12/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/11 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 13:32:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/09 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA580
[2011/12/09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/12/08 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ornamentum
[2011/12/04 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{B20F920D-DEEB-4821-82E5-99D6E6B81E27}
[2011/12/04 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{28944516-6CCF-4523-AD5D-A442BAFB1F2A}
[2011/12/04 22:12:43 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{7C8F2549-141E-4080-880B-7FA20C6B13EA}
[2011/11/30 20:02:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{946A01C8-53FC-4D24-8EA6-963A9142ED56}
[2011/11/30 20:01:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{66261D72-6ECD-4E51-AE89-4BACB5875D0C}
[2011/11/30 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2011/11/30 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\Windows Live Writer
[2011/11/29 22:04:51 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/29 22:04:21 | 000,000,000 | ---D | C] -- C:\Windows\es
[2011/11/29 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\Windows Live

========== Files - Modified Within 30 Days ==========

[2011/12/29 10:55:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 10:55:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 10:48:47 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/12/29 10:48:38 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2011/12/29 10:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 10:48:15 | 1582,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 10:45:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/28 19:53:06 | 000,109,813 | ---- | M] () -- C:\Users\Skippan\Desktop\War3ENB.rar
[2011/12/28 16:44:43 | 304,751,267 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/28 09:53:00 | 000,176,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/12/26 19:12:34 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/12/26 19:12:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/26 19:12:34 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/12/26 19:12:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/25 16:48:10 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Skippan\Desktop\tdsskiller.exe
[2011/12/25 16:25:45 | 004,351,768 | R--- | M] (Swearware) -- C:\Users\Skippan\Desktop\Combo-Fix.exe
[2011/12/25 15:19:06 | 000,000,132 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/17 11:11:50 | 000,000,285 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/12/15 14:52:24 | 003,772,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 16:01:16 | 000,013,107 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/12/28 19:52:59 | 000,109,813 | ---- | C] () -- C:\Users\Skippan\Desktop\War3ENB.rar
[2011/12/28 16:44:43 | 304,751,267 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 16:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 16:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 16:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 16:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/25 16:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 16:01:16 | 000,013,107 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/11/29 22:04:07 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/29 22:03:33 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/29 22:00:29 | 000,002,392 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/25 20:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/25 20:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/27 17:49:34 | 000,000,285 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/07/16 14:17:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/07/08 22:36:24 | 003,772,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/26 14:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 15:58:50 | 000,155,090 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/02/01 23:19:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 07:46:36 | 000,000,132 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/19 14:15:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/15 22:38:37 | 000,001,456 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2010/09/14 20:09:58 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/03 21:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/02 18:55:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/27 19:08:03 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/04/04 22:30:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/04 22:30:51 | 000,002,678 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/03/02 16:55:36 | 000,022,328 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\PnkBstrK.sys
[2010/02/20 22:32:22 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/20 22:31:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/15 09:25:06 | 000,176,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 12:49:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/23 20:24:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 14:44:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95DBFB04A2.sys
[2009/11/09 14:44:22 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 18:46:58 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/31 18:46:58 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/31 18:05:53 | 000,007,611 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2009/07/14 03:48:37 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/07/14 03:48:37 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/07/14 03:48:37 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/07/14 03:48:37 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/20 14:08:13 | 009,226,664 | ---- | C] () -- C:\Users\Skippan\AppData\Local\IconCache (1).db
[2009/04/19 20:07:16 | 000,034,816 | ---- | C] () -- C:\Users\Skippan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 20:03:15 | 000,072,744 | ---- | C] () -- C:\Users\Skippan\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/02/04 13:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2011/12/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/04/25 23:52:16 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Amazon
[2011/12/28 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2010/05/01 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\bitolithic
[2010/12/06 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\BitTorrent
[2011/12/01 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Braid
[2011/12/24 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/07/21 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\calibre
[2010/11/27 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Canneverbe Limited
[2010/09/19 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/31 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Criterion Games
[2011/12/11 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\DMCache
[2011/02/07 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\fofix
[2009/10/31 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit
[2011/06/14 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit Software
[2011/01/26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Leadertech
[2010/08/17 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LG Electronics
[2010/11/21 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LoadScout
[2011/02/24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Logia
[2011/11/01 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\MinMaxGames
[2011/03/07 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\mkvtoolnix
[2010/11/28 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Mount&Blade Warband
[2011/07/22 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/12/23 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Opera
[2010/12/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Polynomial
[2011/07/26 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Rainmeter
[2010/08/16 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Red Alert 3
[2011/12/25 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TeraCopy
[2009/10/31 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\The Creative Assembly
[2009/11/14 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TuneUp Software
[2010/04/23 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Ubisoft
[2011/12/24 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\uTorrent
[2011/08/08 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Watchtower
[2011/11/30 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2009/11/01 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\WUU
[2011/12/29 10:48:47 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/12/02 15:27:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please uninstall Firefox and then reboot your computer. Then download latest version of Firefox and install it.

NEXT...

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#15
Daniel Tasayco

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Firefox is at 9.0.1 The folder name is Firefox Beta 3.6 because that was the first version that I installed
Do u still want the OTL custom scan?

Edited by Daniel Tasayco, 29 December 2011 - 01:19 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP