Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Believe to have a virus of some sort [Solved]


  • This topic is locked This topic is locked

#1
trips487

trips487

    Member

  • Member
  • PipPipPip
  • 186 posts
Lately I've been getting emails from hot mail claiming that someone is trying to brute force my hotmail account. I have changed all the info to both hotmail and the Gmail account connected to it. I am still however getting these emails from hot mail and my msn seems to be signing off occasionally. I have downloaded advance system care and it shows that I have some backdoor frauder. Funny thing is that it may be a false positive just because it says that it fixes that but it keeps showing up each time I run a scan. Please help me and let me know if I have some sort of virus in my pc. Also please let me know if I am still am in danger of my hotmail being hacked into as I am still getting emails. I would like them to stop eventually. Thank you.


Here is the OTL log that is requested.

OTL logfile created on: 6/7/2012 12:57:21 AM - Run 1
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Jfarelas\Downloads
64bit-Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 45.45% Memory free
8.00 Gb Paging File | 4.77 Gb Available in Paging File | 59.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 324.40 Gb Free Space | 71.92% Space Free | Partition Type: NTFS

Computer Name: JFARELAS-PC | User Name: Jfarelas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/07 00:57:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jfarelas\Downloads\OTL.exe
PRC - [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/29 11:57:24 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/29 11:57:23 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 11:06:17 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 04:13:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 03:55:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:37:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:36:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll
MOD - [2012/05/12 03:36:40 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/12 03:36:24 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:36:18 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 03:36:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/12 03:36:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:35:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:35:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:35:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:35:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/05 08:04:07 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/29 11:57:24 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/29 11:57:23 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 08:27:23 | 000,476,160 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2010/11/20 08:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/11/20 08:26:39 | 000,569,344 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2010/11/20 08:25:49 | 000,080,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 20:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/13 20:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/05/03 03:49:48 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbtcoms.exe -- (lxbt_device)
SRV - [2012/06/06 11:06:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/05/22 22:35:24 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/05 08:04:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/29 11:57:24 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/06/07 09:08:00 | 004,825,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/09 19:57:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/09 19:46:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/28 00:12:00 | 000,182,872 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2011/09/28 00:12:00 | 000,107,096 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2011/09/28 00:12:00 | 000,097,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/05/11 23:24:58 | 000,050,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\koramgame\STOnline\avital\wyqku64.sys -- (uqk)
DRV - [2012/04/15 17:58:18 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/30 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}
IE:64bit: - HKLM\..\SearchScopes\{0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKLM\..\SearchScopes\{E9C1531F-6396-405E-91A3-C7E6260BBC9E}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...DT3&ocid=bdtdhp
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {2FD59BD9-496D-43F8-9121-9E4CEEE174BB}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff19829ea8
IE - HKCU\..\SearchScopes\{2FD59BD9-496D-43F8-9121-9E4CEEE174BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8EA94DB3-7D8A-42FF-BFF7-5005AE386A83}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-04-19 02:11:51&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKCU\..\SearchScopes\{B93A2DEA-4568-406F-83EF-5FFC71D8FACD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:9050

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll File not found
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jfarelas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Jfarelas\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\OpinionSquare
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/23 01:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 09:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/29 11:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/07 19:37:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 08:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/12 00:02:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/12 00:02:29 | 000,000,000 | ---D | M]

[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions
[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/17 20:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions
[2012/04/17 20:38:45 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]
[2012/03/25 12:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\staged
[2012/05/13 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\sgjxpb9b.default\extensions
[2012/04/30 12:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/31 15:23:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/06 11:06:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 14:51:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/12 21:40:57 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
CHR - plugin: AhnLab Online Security Anti-keylogger (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npNxGame.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jfarelas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Jfarelas\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AOL Lifestream = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnabicdoplelkdcpdiodoodgdebaolcn\1.0.0.5_0\
CHR - Extension: AdBlock = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.30_0\
CHR - Extension: AVG Safe Search = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Poppit = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/04/19 01:37:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jfarelas\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXBTCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXBTtime.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jfarelas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://platform.nex...nlab/aosmgr.cab (Aosmgr Control)
O16 - DPF: {0D8004AA-A1CB-4F92-BBEB-0A824B1EE2A2} http://ws.nopp.co.kr.../HGLauncher.cab (HGLauncher Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://d1ylr6sba64qi...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54DAE659-3733-41D7-A1AB-9628E6A64F76}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1E5918D-296B-48BD-92FD-B4B9653DB506}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/06 14:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{71D820C1-925E-47E7-8F50-39E8B671D688}
[2012/06/06 02:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{092610F6-1F2B-459D-A766-4979F5B0346F}
[2012/06/05 14:37:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6AF2E6FF-FF4F-4403-BFB5-7D3FC8014B53}
[2012/06/05 02:37:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{BEB2DB6B-FEA3-4E71-B5E7-3A6C35D735BC}
[2012/06/05 02:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePresenter
[2012/06/05 02:18:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Documents\ActivePresenter
[2012/06/05 02:15:24 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\ActivePresenter
[2012/06/05 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
[2012/06/05 02:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATOMI
[2012/06/04 14:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F8792848-E99F-4198-8156-911F26117FD9}
[2012/06/04 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8CF08B7E-3901-4ABA-B079-8770256A4543}
[2012/06/01 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{52190482-4EF8-493E-B2EE-3BDF7B852BD9}
[2012/06/01 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{189A5844-CF7C-4BBD-953D-E35B7E4EDBC6}
[2012/05/31 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6B954DF5-6F6D-4993-A986-C45AB1F2D045}
[2012/05/31 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A66EC326-F778-4578-9CA3-0C497D705D8B}
[2012/05/30 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{C23CED9B-2698-4B95-8AC8-256A9CD74101}
[2012/05/30 23:34:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5EEECD08-319C-4094-B2A4-AD504B8648EF}
[2012/05/30 11:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DEB1D29D-DC38-496B-9312-29371698663B}
[2012/05/29 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{99E81964-443D-40F0-B92F-802651B00559}
[2012/05/29 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E0E878E0-4D68-422D-85E9-73251292B42A}
[2012/05/29 09:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/28 23:32:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{2C35C83E-9D37-471C-8F37-952C9F9A95A0}
[2012/05/28 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F5499DB7-E977-42D3-A99F-B3E29658B35D}
[2012/05/28 11:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0B34E010-9EB1-414D-A79D-EC280DC9E40F}
[2012/05/27 10:42:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\GMSMultipleMaplesV1.10c
[2012/05/27 00:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5CE92C9D-E30F-4A2F-B34A-46B9C89B9512}
[2012/05/26 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{36735765-409E-4864-AEA6-0C15B0861980}
[2012/05/26 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{058E7D71-AB2C-4E03-AC3C-D489FC11ACF6}
[2012/05/25 12:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6BBF92EF-A51A-43A8-87D0-B6A30F854DB2}
[2012/05/25 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{517926A8-4E16-40B2-9087-213396ACFE15}
[2012/05/25 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{916E1D77-B819-4437-9E2D-2FA0BEE7BACA}
[2012/05/25 00:11:42 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{D58744F2-9BCD-49AF-B02E-B2076250EC60}
[2012/05/24 19:37:08 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\MapleStory
[2012/05/24 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8E9F16AB-214E-4D7B-BA69-B5ED85E7E46A}
[2012/05/24 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7A0C6C71-E7CC-489E-B0B6-12FF98E4BE15}
[2012/05/24 12:10:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A4D2BABD-130D-4C91-99FB-368C4C96B44D}
[2012/05/24 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1F3A4A5E-4883-449C-BFD8-A21ECD293073}
[2012/05/23 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A22781F7-3F9B-4DDD-B909-B0F0F2F4667F}
[2012/05/23 00:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{41AF81D1-C665-413C-AB30-FC3E3A55C42D}
[2012/05/22 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Unity
[2012/05/22 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DFAE591B-827A-4E9D-A640-6F60BE2776D5}
[2012/05/22 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0C0D609B-3186-4B12-ACF5-F9A1D783E6D9}
[2012/05/22 00:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E857EED4-9F70-4941-B875-D4728033BC70}
[2012/05/20 02:32:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E26020CC-4742-4756-9702-9C7D3E8CF760}
[2012/05/19 03:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{EF402122-C6B3-405D-85D2-E8E4BE98F231}
[2012/05/19 03:27:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{4880D5C7-9620-4EC6-9638-397FC4CBC18C}
[2012/05/17 21:44:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/16 15:26:09 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E7B60EC6-6133-4001-BD9D-F8FF7B7C771B}
[2012/05/16 01:18:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{55DBEE05-E53F-4BB2-B053-6E979E05DDAC}
[2012/05/14 23:40:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0E47E3C6-A301-46E8-8421-8682EB8DB688}
[2012/05/14 23:39:54 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{55F5B13D-B8FE-4D84-99D1-4BCAD7579D53}
[2012/05/14 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Documents\Diablo III
[2012/05/14 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{08869591-C6B0-4376-836C-B5DB8B272796}
[2012/05/14 12:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 12:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/14 12:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2012/05/14 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{61A830ED-5045-4206-A1C5-5CFC898ECFD7}
[2012/05/13 18:52:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5A8E2F91-CFB5-4ED2-9B9A-1F855B8103AE}
[2012/05/13 06:52:08 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{2A2BCC17-C12B-487E-B86C-977D753FF7C5}
[2012/05/12 18:51:27 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6E4A8C14-48F3-489C-A02B-86865D2459B2}
[2012/05/12 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7C206B3B-08DC-45D2-9CE5-6DC8EF860AEA}
[2012/05/12 03:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 03:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/12 01:23:06 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1E68DC1C-0F21-42E1-BC69-51E7D2C519FF}
[2012/05/11 23:08:46 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\KlLauncherST
[2012/05/11 23:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\koramgame
[2012/05/11 23:06:07 | 000,000,000 | ---D | C] -- C:\koramgame
[2012/05/11 13:22:29 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{772415C6-57DC-45E7-9F05-C0E417E4FC2A}
[2012/05/11 13:22:07 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F10ADD36-9B8A-4B87-AE6C-95B3C18F153A}
[2012/05/10 12:58:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{05AA807E-1181-4927-B509-B1B2F3DF93C8}
[2012/05/10 12:57:53 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F6706E7F-5EDC-45D7-A161-C0F73AE1DE62}
[2012/05/10 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7B97FE63-C0C1-4851-973A-3228D9EE6837}
[2012/05/10 00:57:06 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E758538D-98CE-43EC-A0B3-282BA2B4093C}
[2012/05/09 19:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5F54F0B7-7930-4E56-A7C7-D3C774BD6701}
[2012/05/08 17:57:08 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\GMSMultipleMaplesV1.092
[2012/05/08 17:56:56 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\GMSMultipleMaplesV1.09
[2012/05/08 17:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{68A4A460-FCEE-4B5C-BF65-E60EEF6574C8}
[2012/05/08 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5D1F36A8-FC8D-4775-9A1D-E69C1DAC98E8}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 00:46:50 | 000,002,991 | ---- | M] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/07 00:43:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000UA.job
[2012/06/07 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/06 18:41:56 | 099,900,957 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/06 09:43:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000Core.job
[2012/06/05 19:05:59 | 000,001,274 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/06/05 19:05:58 | 000,001,247 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/06/05 19:05:58 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/06/05 15:01:19 | 012,674,048 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:31:34 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/05/31 23:14:06 | 000,000,989 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/31 23:14:06 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/29 18:41:21 | 000,499,171 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/29 09:03:39 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/05/26 08:22:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 08:22:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 11:27:01 | 000,000,248 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2012/05/25 11:25:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/25 11:25:32 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 12:23:15 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/12 03:30:50 | 004,903,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/12 03:09:03 | 000,784,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/12 03:09:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/12 03:09:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/11 23:08:42 | 000,001,604 | ---- | M] () -- C:\Users\Public\Desktop\Spirit Tales.lnk
[2012/05/10 15:26:32 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 00:46:50 | 000,002,991 | ---- | C] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/05 19:05:58 | 000,001,247 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/06/05 19:05:58 | 000,001,223 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/06/05 15:01:18 | 012,674,048 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:30:15 | 003,756,544 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Paint.NET.3.5.10.Install.exe
[2012/05/31 23:14:06 | 000,000,989 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/31 23:14:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/05/14 12:22:52 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/11 23:08:42 | 000,001,604 | ---- | C] () -- C:\Users\Public\Desktop\Spirit Tales.lnk
[2012/04/19 01:16:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/19 01:16:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/19 01:16:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/19 01:16:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/19 01:16:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/28 19:41:01 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2012/03/28 19:27:45 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2012/03/28 18:57:58 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/03/17 17:28:36 | 000,086,394 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\terrain.png
[2012/03/17 17:28:36 | 000,011,771 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\particles.png
[2012/03/17 17:28:36 | 000,006,667 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\color.properties
[2012/03/17 17:28:36 | 000,004,733 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\pack.png
[2011/06/30 15:20:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/10 23:05:03 | 000,003,584 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 15:02:09 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtserv.dll
[2011/03/29 15:02:09 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtusb1.dll
[2011/03/29 15:02:09 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbthbn3.dll
[2011/03/29 15:02:09 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomc.dll
[2011/03/29 15:02:09 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpmui.dll
[2011/03/29 15:02:09 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtlmpm.dll
[2011/03/29 15:02:09 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcoms.exe
[2011/03/29 15:02:09 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomm.dll
[2011/03/29 15:02:09 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtinpa.dll
[2011/03/29 15:02:09 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtiesc.dll
[2011/03/29 15:02:09 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtih.exe
[2011/03/29 15:02:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxbtcomx.dll
[2011/03/29 15:02:09 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcfg.exe
[2011/03/29 15:02:09 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxbtinst.dll
[2011/03/29 15:02:09 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtppls.exe
[2011/03/29 15:02:09 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtprox.dll
[2011/03/29 15:02:09 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpplc.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/04 13:09:11 | 000,007,597 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\Resmon.ResmonCfg
[2010/11/26 14:22:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/19 18:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/16 01:50:53 | 000,001,032 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/20 23:15:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== LOP Check ==========

[2012/04/14 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\.minecraft
[2010/08/08 14:05:48 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\acccore
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\achievement
[2011/01/12 23:41:31 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Acreon
[2012/06/05 23:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\ActivePresenter
[2012/02/01 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\anim
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\armor
[2012/04/16 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Avant Downloader
[2012/04/19 02:11:03 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\AVG2012
[2012/04/17 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Babylon
[2012/05/25 11:27:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\BITS
[2012/06/05 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\BitTorrent
[2011/11/13 23:32:53 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\CoreFTP
[2012/01/29 21:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\environment
[2012/01/02 15:22:03 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\EurekaLog
[2012/06/02 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FileZilla
[2012/03/28 19:41:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashGet
[2012/03/28 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashGetBHO
[2012/03/28 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashgetSetup
[2012/02/10 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Foxit Software
[2012/02/01 18:41:04 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\gui
[2012/06/05 19:06:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\IObit
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\item
[2012/05/11 23:08:46 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\KlLauncherST
[2012/01/28 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\LolClient
[2012/02/24 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\misc
[2012/02/26 16:36:30 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\mob
[2011/03/24 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\NeopleLauncherDFO
[2010/08/09 14:35:27 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\OpenOffice.org
[2012/04/17 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Opera
[2011/06/30 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Publish Providers
[2011/06/04 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\RoboForm
[2012/01/07 22:21:27 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\S.A.D
[2010/09/21 07:49:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Sony
[2012/04/15 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\SystemRequirementsLab
[2011/03/01 10:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\TeamViewer
[2011/02/24 02:33:10 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Template
[2012/03/04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\terrain
[2012/05/22 19:28:51 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Unity
[2010/10/21 14:55:12 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Windows Live Writer
[2012/03/04 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\__MACOSX
[2012/06/06 09:43:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000Core.job
[2012/06/07 00:43:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000UA.job
[2011/08/16 20:10:56 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

Attached Files

  • Attached File  OTL.Txt   147.32KB   116 downloads

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello trips487, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
    I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator privileges.
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.
In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


I am reviewing your log.

We need to delete OTL from the downloads folder. It needs to be run from the desktop.

Delete the old OTL and download a fresh sopy

  • Open OTL in the Downloads folder.
  • Click the Posted Image button.
    • This will remove OTL and the log files from th Downloads folder.
  • Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
createrestorepoint
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console<---Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the radio button beside Ues Safelist<---Important
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt on the desktop. A file named Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

1. The new OTL.txt log
2. The Extras.txt log
3. The aswMBR log
  • 0

#3
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Here are the logs you suggested. Thank you for the fast reply.

OTL log:

OTL logfile created on: 6/7/2012 8:05:52 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Jfarelas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.59% Memory free
8.00 Gb Paging File | 5.90 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 327.53 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

Computer Name: JFARELAS-PC | User Name: Jfarelas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/07 20:02:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
PRC - [2012/06/07 20:01:13 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
PRC - [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/29 11:57:24 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/29 11:57:23 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 20:01:13 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
MOD - [2012/06/06 11:06:17 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 04:13:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 03:55:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:37:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:36:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll
MOD - [2012/05/12 03:36:40 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/12 03:36:24 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:36:18 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 03:36:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/12 03:36:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:35:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:35:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:35:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:35:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/05 08:04:07 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/29 11:57:24 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/29 11:57:23 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/02/09 13:38:27 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/05/03 03:49:48 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbtcoms.exe -- (lxbt_device)
SRV - [2012/06/06 11:06:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/05/22 22:35:24 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/05 08:04:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/29 11:57:24 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/06/07 09:08:00 | 004,825,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/09 19:57:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/09 19:46:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/28 00:12:00 | 000,182,872 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2011/09/28 00:12:00 | 000,107,096 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2011/09/28 00:12:00 | 000,097,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/05/11 23:24:58 | 000,050,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\koramgame\STOnline\avital\wyqku64.sys -- (uqk)
DRV - [2012/04/15 17:58:18 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/30 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}
IE:64bit: - HKLM\..\SearchScopes\{0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKLM\..\SearchScopes\{E9C1531F-6396-405E-91A3-C7E6260BBC9E}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...DT3&ocid=bdtdhp
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes,DefaultScope = {2FD59BD9-496D-43F8-9121-9E4CEEE174BB}
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff19829ea8
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{2FD59BD9-496D-43F8-9121-9E4CEEE174BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{8EA94DB3-7D8A-42FF-BFF7-5005AE386A83}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-04-19 02:11:51&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{B93A2DEA-4568-406F-83EF-5FFC71D8FACD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:9050

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll File not found
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jfarelas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Jfarelas\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\OpinionSquare
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/23 01:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 09:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/29 11:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/07 19:37:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 08:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/12 00:02:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/12 00:02:29 | 000,000,000 | ---D | M]

[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions
[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/17 20:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions
[2012/04/17 20:38:45 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]
[2012/03/25 12:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\staged
[2012/05/13 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\sgjxpb9b.default\extensions
[2012/04/30 12:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/31 15:23:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/06 11:06:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 14:51:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/12 21:40:57 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
CHR - plugin: AhnLab Online Security Anti-keylogger (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npNxGame.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jfarelas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Jfarelas\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AOL Lifestream = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnabicdoplelkdcpdiodoodgdebaolcn\1.0.0.5_0\
CHR - Extension: AdBlock = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.30_0\
CHR - Extension: AVG Safe Search = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Poppit = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/04/19 01:37:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jfarelas\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXBTCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXBTtime.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000..\Run: [Akamai NetSession Interface] C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000..\Run: [Facebook Update] C:\Users\Jfarelas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://platform.nex...nlab/aosmgr.cab (Aosmgr Control)
O16 - DPF: {0D8004AA-A1CB-4F92-BBEB-0A824B1EE2A2} http://ws.nopp.co.kr.../HGLauncher.cab (HGLauncher Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://d1ylr6sba64qi...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54DAE659-3733-41D7-A1AB-9628E6A64F76}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1E5918D-296B-48BD-92FD-B4B9653DB506}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 20:02:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
[2012/06/07 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{31BCD908-4BE3-4D8B-9663-2DD32C4B5496}
[2012/06/07 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{395A9878-6821-428C-916C-4D7CF585B8A5}
[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/06 14:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{71D820C1-925E-47E7-8F50-39E8B671D688}
[2012/06/06 02:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{092610F6-1F2B-459D-A766-4979F5B0346F}
[2012/06/05 14:37:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6AF2E6FF-FF4F-4403-BFB5-7D3FC8014B53}
[2012/06/05 02:37:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{BEB2DB6B-FEA3-4E71-B5E7-3A6C35D735BC}
[2012/06/05 02:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePresenter
[2012/06/05 02:18:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Documents\ActivePresenter
[2012/06/05 02:15:24 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\ActivePresenter
[2012/06/05 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
[2012/06/05 02:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATOMI
[2012/06/04 14:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F8792848-E99F-4198-8156-911F26117FD9}
[2012/06/04 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8CF08B7E-3901-4ABA-B079-8770256A4543}
[2012/06/01 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{52190482-4EF8-493E-B2EE-3BDF7B852BD9}
[2012/06/01 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{189A5844-CF7C-4BBD-953D-E35B7E4EDBC6}
[2012/05/31 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6B954DF5-6F6D-4993-A986-C45AB1F2D045}
[2012/05/31 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A66EC326-F778-4578-9CA3-0C497D705D8B}
[2012/05/30 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{C23CED9B-2698-4B95-8AC8-256A9CD74101}
[2012/05/30 23:34:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5EEECD08-319C-4094-B2A4-AD504B8648EF}
[2012/05/30 11:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DEB1D29D-DC38-496B-9312-29371698663B}
[2012/05/29 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{99E81964-443D-40F0-B92F-802651B00559}
[2012/05/29 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E0E878E0-4D68-422D-85E9-73251292B42A}
[2012/05/29 09:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/28 23:32:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{2C35C83E-9D37-471C-8F37-952C9F9A95A0}
[2012/05/28 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F5499DB7-E977-42D3-A99F-B3E29658B35D}
[2012/05/28 11:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0B34E010-9EB1-414D-A79D-EC280DC9E40F}
[2012/05/27 10:42:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\GMSMultipleMaplesV1.10c
[2012/05/27 00:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5CE92C9D-E30F-4A2F-B34A-46B9C89B9512}
[2012/05/26 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{36735765-409E-4864-AEA6-0C15B0861980}
[2012/05/26 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{058E7D71-AB2C-4E03-AC3C-D489FC11ACF6}
[2012/05/25 12:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6BBF92EF-A51A-43A8-87D0-B6A30F854DB2}
[2012/05/25 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{517926A8-4E16-40B2-9087-213396ACFE15}
[2012/05/25 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{916E1D77-B819-4437-9E2D-2FA0BEE7BACA}
[2012/05/25 00:11:42 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{D58744F2-9BCD-49AF-B02E-B2076250EC60}
[2012/05/24 19:37:08 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\MapleStory
[2012/05/24 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8E9F16AB-214E-4D7B-BA69-B5ED85E7E46A}
[2012/05/24 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7A0C6C71-E7CC-489E-B0B6-12FF98E4BE15}
[2012/05/24 12:10:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A4D2BABD-130D-4C91-99FB-368C4C96B44D}
[2012/05/24 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1F3A4A5E-4883-449C-BFD8-A21ECD293073}
[2012/05/23 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A22781F7-3F9B-4DDD-B909-B0F0F2F4667F}
[2012/05/23 00:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{41AF81D1-C665-413C-AB30-FC3E3A55C42D}
[2012/05/22 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Unity
[2012/05/22 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DFAE591B-827A-4E9D-A640-6F60BE2776D5}
[2012/05/22 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0C0D609B-3186-4B12-ACF5-F9A1D783E6D9}
[2012/05/22 00:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E857EED4-9F70-4941-B875-D4728033BC70}
[2012/05/20 02:32:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E26020CC-4742-4756-9702-9C7D3E8CF760}
[2012/05/19 03:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{EF402122-C6B3-405D-85D2-E8E4BE98F231}
[2012/05/19 03:27:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{4880D5C7-9620-4EC6-9638-397FC4CBC18C}
[2012/05/17 21:44:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/16 15:26:09 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E7B60EC6-6133-4001-BD9D-F8FF7B7C771B}
[2012/05/16 01:18:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{55DBEE05-E53F-4BB2-B053-6E979E05DDAC}
[2012/05/14 23:40:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0E47E3C6-A301-46E8-8421-8682EB8DB688}
[2012/05/14 23:39:54 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{55F5B13D-B8FE-4D84-99D1-4BCAD7579D53}
[2012/05/14 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Documents\Diablo III
[2012/05/14 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{08869591-C6B0-4376-836C-B5DB8B272796}
[2012/05/14 12:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 12:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/14 12:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2012/05/14 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{61A830ED-5045-4206-A1C5-5CFC898ECFD7}
[2012/05/13 18:52:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5A8E2F91-CFB5-4ED2-9B9A-1F855B8103AE}
[2012/05/13 06:52:08 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{2A2BCC17-C12B-487E-B86C-977D753FF7C5}
[2012/05/12 18:51:27 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6E4A8C14-48F3-489C-A02B-86865D2459B2}
[2012/05/12 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7C206B3B-08DC-45D2-9CE5-6DC8EF860AEA}
[2012/05/12 03:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 03:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/12 01:23:06 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1E68DC1C-0F21-42E1-BC69-51E7D2C519FF}
[2012/05/11 23:08:46 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\KlLauncherST
[2012/05/11 23:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\koramgame
[2012/05/11 23:06:07 | 000,000,000 | ---D | C] -- C:\koramgame
[2012/05/11 22:53:23 | 1482,837,568 | ---- | C] (Macrovision Corporation) -- C:\Users\Jfarelas\Desktop\STOnline_US_20120502.exe
[2012/05/11 16:32:10 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/11 16:32:08 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 16:32:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 16:32:04 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/11 13:22:29 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{772415C6-57DC-45E7-9F05-C0E417E4FC2A}
[2012/05/11 13:22:07 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F10ADD36-9B8A-4B87-AE6C-95B3C18F153A}
[2012/05/10 12:58:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{05AA807E-1181-4927-B509-B1B2F3DF93C8}
[2012/05/10 12:57:53 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F6706E7F-5EDC-45D7-A161-C0F73AE1DE62}
[2012/05/10 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7B97FE63-C0C1-4851-973A-3228D9EE6837}
[2012/05/10 00:57:06 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E758538D-98CE-43EC-A0B3-282BA2B4093C}
[2012/05/09 19:50:47 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5F54F0B7-7930-4E56-A7C7-D3C774BD6701}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 20:06:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 20:06:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 20:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 20:02:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
[2012/06/07 20:00:37 | 000,000,248 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2012/06/07 19:58:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/07 19:58:52 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 18:43:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000UA.job
[2012/06/07 18:41:51 | 100,013,892 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/07 09:43:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000Core.job
[2012/06/07 00:46:50 | 000,002,991 | ---- | M] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/05 19:05:59 | 000,001,274 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/06/05 19:05:58 | 000,001,247 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/06/05 19:05:58 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/06/05 15:01:19 | 012,674,048 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:31:34 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/05/31 23:14:06 | 000,000,989 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/31 23:14:06 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/29 18:41:21 | 000,499,171 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/29 09:03:39 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/05/14 12:23:15 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/12 03:30:50 | 004,903,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/12 03:09:03 | 000,784,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/12 03:09:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/12 03:09:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/11 23:08:42 | 000,001,604 | ---- | M] () -- C:\Users\Public\Desktop\Spirit Tales.lnk
[2012/05/11 23:05:14 | 1482,837,568 | ---- | M] (Macrovision Corporation) -- C:\Users\Jfarelas\Desktop\STOnline_US_20120502.exe
[2012/05/10 15:26:32 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 00:46:50 | 000,002,991 | ---- | C] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/05 19:05:58 | 000,001,247 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/06/05 19:05:58 | 000,001,223 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/06/05 15:01:18 | 012,674,048 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:30:15 | 003,756,544 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Paint.NET.3.5.10.Install.exe
[2012/05/31 23:14:06 | 000,000,989 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/31 23:14:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/05/14 12:22:52 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/11 23:08:42 | 000,001,604 | ---- | C] () -- C:\Users\Public\Desktop\Spirit Tales.lnk
[2012/03/28 19:41:01 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2012/03/28 19:27:45 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2012/03/28 18:57:58 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/03/17 17:28:36 | 000,086,394 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\terrain.png
[2012/03/17 17:28:36 | 000,011,771 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\particles.png
[2012/03/17 17:28:36 | 000,006,667 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\color.properties
[2012/03/17 17:28:36 | 000,004,733 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\pack.png
[2011/06/30 15:20:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/10 23:05:03 | 000,003,584 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 15:02:09 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtserv.dll
[2011/03/29 15:02:09 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtusb1.dll
[2011/03/29 15:02:09 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbthbn3.dll
[2011/03/29 15:02:09 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomc.dll
[2011/03/29 15:02:09 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpmui.dll
[2011/03/29 15:02:09 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtlmpm.dll
[2011/03/29 15:02:09 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcoms.exe
[2011/03/29 15:02:09 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomm.dll
[2011/03/29 15:02:09 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtinpa.dll
[2011/03/29 15:02:09 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtiesc.dll
[2011/03/29 15:02:09 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtih.exe
[2011/03/29 15:02:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxbtcomx.dll
[2011/03/29 15:02:09 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcfg.exe
[2011/03/29 15:02:09 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxbtinst.dll
[2011/03/29 15:02:09 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtppls.exe
[2011/03/29 15:02:09 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtprox.dll
[2011/03/29 15:02:09 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpplc.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/04 13:09:11 | 000,007,597 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\Resmon.ResmonCfg
[2010/11/26 14:22:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/19 18:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/16 01:50:53 | 000,001,032 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/20 23:15:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== LOP Check ==========

[2012/04/14 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\.minecraft
[2010/08/08 14:05:48 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\acccore
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\achievement
[2011/01/12 23:41:31 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Acreon
[2012/06/05 23:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\ActivePresenter
[2012/02/01 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\anim
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\armor
[2012/04/16 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Avant Downloader
[2012/04/19 02:11:03 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\AVG2012
[2012/04/17 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Babylon
[2012/06/07 20:00:37 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\BITS
[2012/06/05 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\BitTorrent
[2011/11/13 23:32:53 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\CoreFTP
[2012/01/29 21:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\environment
[2012/01/02 15:22:03 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\EurekaLog
[2012/06/02 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FileZilla
[2012/03/28 19:41:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashGet
[2012/03/28 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashGetBHO
[2012/03/28 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashgetSetup
[2012/02/10 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Foxit Software
[2012/02/01 18:41:04 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\gui
[2012/06/05 19:06:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\IObit
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\item
[2012/05/11 23:08:46 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\KlLauncherST
[2012/01/28 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\LolClient
[2012/02/24 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\misc
[2012/02/26 16:36:30 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\mob
[2011/03/24 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\NeopleLauncherDFO
[2010/08/09 14:35:27 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\OpenOffice.org
[2012/04/17 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Opera
[2011/06/30 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Publish Providers
[2011/06/04 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\RoboForm
[2012/01/07 22:21:27 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\S.A.D
[2010/09/21 07:49:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Sony
[2012/04/15 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\SystemRequirementsLab
[2011/03/01 10:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\TeamViewer
[2011/02/24 02:33:10 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Template
[2012/03/04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\terrain
[2012/05/22 19:28:51 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Unity
[2010/10/21 14:55:12 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Windows Live Writer
[2012/03/04 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\__MACOSX
[2012/06/07 09:43:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000Core.job
[2012/06/07 18:43:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000UA.job
[2011/08/16 20:10:56 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/04/09 22:29:07 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/09 22:29:07 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/04/09 22:29:12 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/08/17 14:44:19 | 000,004,608 | ---- | M] () MD5=9214399E2FDE9C7549C2D5FD0E24F808 -- C:\Users\Jfarelas\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v7AC6EAFE\Native\STUBEXE\@SYSTEM@\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/09 22:29:12 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/09 22:29:12 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/04/09 22:29:07 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/09 22:29:12 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/04/09 22:29:07 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/06 11:06:17 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/06 11:06:17 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/06 11:06:17 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/22 03:54:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/22 03:54:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/22 03:54:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/22 03:54:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/22 03:54:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/06 11:06:17 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/06 11:06:17 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/06 11:06:17 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/22 03:54:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/22 03:54:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/22 03:54:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/22 03:54:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/22 03:54:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE"

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500418AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro/HG USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15770583040
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: JFARELAS-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 14 GB Healthy System
Volume 2 C OS NTFS Partition 451 GB Healthy Boot
Volume 3 E Removable 0 B No Media
Volume 4 F Removable 0 B No Media
Volume 5 G Removable 0 B No Media
Volume 6 H Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

Extras

OTL Extras logfile created on: 6/7/2012 8:05:52 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Jfarelas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.59% Memory free
8.00 Gb Paging File | 5.90 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 327.53 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

Computer Name: JFARELAS-PC | User Name: Jfarelas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3195389507-3672305450-632222044-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exeirewallPolicy\DomainProfile\AuthorizedApplications\List -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe... -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exeirewallPolicy\StandardProfile\AuthorizedApplications\List -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exeon) -- (Nexon)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exeirewallPolicy\StandardProfile\AuthorizedApplications\List -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exeooster\wmp54gsv1_1.ex -- (Nexon)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CC85C2-6CD0-40B2-8654-66A1D39D9CCA}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface |
"{07899794-7EED-4D00-88D7-C3365851FDDE}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface |
"{10AF31C9-F896-424B-907E-9C63E1C11E14}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1F051DC2-1E73-455B-B3D6-D2B666D84710}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2099F0B6-D82D-4E85-A23A-AB43CDC2FD79}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{22E0E9C4-383E-4477-85FA-731168647282}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B6FF4A4-1E66-490B-AA18-FA946E6FD279}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E2DF4E1-3EB2-46F4-8F9C-3ACFBEFE9A3C}" = rport=138 | protocol=17 | dir=out | app=system |
"{3E4381D0-B25E-49AD-A1D1-A9759CD3E9F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{45F290E9-E139-4D65-8C6D-F358D4062EB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4707F696-9D1A-4594-B209-2FB1B2DA33EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{5BED9995-4ADA-488D-B73F-00D89498D62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DFAB169-4E61-4D87-8C51-8C1005820ED3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63B35A54-8A0C-491D-B401-4556D53F2E9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{65C484EA-A1ED-45CA-9214-B859075448DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{77C2DDB4-A675-463A-9BE7-6082E1B8F36A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A2A8027-510A-44B0-B039-1F76666E8BB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{824D6052-41E6-4E95-998E-BB96C633A2B7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8C817CCD-EBC8-413E-B764-DCE32A693DE8}" = lport=137 | protocol=17 | dir=in | app=system |
"{9629216D-51F4-4294-9628-3AD91B677F2C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9631BED5-5075-4887-B642-F4A84F45AE70}" = rport=137 | protocol=17 | dir=out | app=system |
"{992FEC1D-D30C-48CE-AFFA-27A348C3BB15}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C48F809-7D27-4150-AE0C-8C7AFFC0C115}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9FAD3BC6-AF00-4BD0-B17A-012166BE9F5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B867E582-4486-424C-9948-F4D516D8F940}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BA9E0FF7-9AE0-461C-9BCF-702306E38C09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C49AE74D-6198-40D2-B56E-F282ECA748CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA48DDD0-C8B3-4F85-8B5D-A791D43C53A9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CACD3C24-7DAC-4BE9-AC86-55C69CDB55C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA8C9CB6-23B1-4339-9170-AA3E9DBDEB49}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC6899B0-259D-43EE-BD39-D332DA6B06F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6FAD489-445D-4287-A930-5E09E0FC95B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8C96A5A-76F2-4D98-B948-63D4AEAD5865}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004ED609-789A-4DEA-8064-309685390E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{0161DBCC-1C27-44A5-BEB9-EED553631E4A}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{03AFD180-9B23-4B58-91B5-B2232DCFD25B}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"{061666A5-198E-4469-8927-9504593EB5DA}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{095A42A5-9F1C-4820-A6C2-696523E7BC95}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{0DD2E44E-E109-4756-8548-36D81E4929F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0ED588A5-87E8-4232-8A46-C4D048CE7285}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F6069D8-F4D9-4F90-9CFA-8198CBEFA8E0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{0FC3DC70-33B2-4E20-AA98-B07D28750D2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{127750C0-E992-428E-9DC2-C58AB8109C74}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{13238962-0FF7-4467-BA51-E1325FF70466}" = dir=out | app=c:\program files (x86)\atomi\activepresenter\rlactivator.exe |
"{15DFA59E-E37D-4F7D-834A-6D581DC03DC8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{174F4DF2-5191-4947-BC3C-D3E8EA236B7D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{17B0DE64-F632-468E-B5D8-2B2B6776A30B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{1AC06190-E9C2-4B28-90D5-25E3D4898DAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D5E1830-AC4B-44A1-BC4E-724CC6E428F1}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{1D7C386B-E724-448E-9216-8E3DF079C440}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{1FCE9B51-3A50-4548-BAAD-D7B2F6BA69A8}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{202BE9F3-F67A-41DE-8382-1C74BC8421DD}" = protocol=6 | dir=out | app=system |
"{20C9A32C-9ECA-44C2-A0FA-68708F79AB3B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{21A82E6C-1B06-4DD1-A4AB-4BED7E8ADDF2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{259ED302-0571-40B1-83B5-3BB1DF25458C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26FC3190-8745-43ED-8E20-CD336CD6D9B2}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{29D31539-9B6F-4B18-B5B5-416AA73BE5AF}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{2A30D4CB-4AFD-462D-AA9B-01978CEC3C97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2CA9CECA-40D9-4499-9FB5-E660300FCB46}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{2F4793EE-7804-4456-ABFB-321962D00705}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{2FEC3C97-9227-4932-92FF-A7E7016B9AD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3095D144-AD64-4AD9-981C-6781A49972E9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{317E7856-4893-4BF7-9218-88F95A96E2EF}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{33F7FA90-EA7E-435A-9212-7E77BB148F04}" = dir=in | app=c:\program files (x86)\atomi\activepresenter\activepresenter.exe |
"{34879F4B-06E3-4055-A6C0-BCA05B79A435}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{35BF176A-F1B1-404B-AC4C-923FFE404D2B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3858B888-0461-4B33-AC64-5CC354C6BCDD}" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"{38B30760-96DA-4257-97B8-C1C74EDBE183}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3BBFCD1E-9D69-493F-AAB4-BAB375993451}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3C712C44-51CE-41F2-9334-90451CB4056E}" = protocol=58 | dir=in | [email protected],-28545 |
"{40116B25-3702-4757-847D-AA1A5E1DDE70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43C26D30-A0EC-4C64-94CD-E82CC97D4552}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{46612180-1644-480C-AE74-541032C7E4D4}" = protocol=58 | dir=out | [email protected],-28546 |
"{46790BA4-83EE-4ACB-931F-61932EF1EA36}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{46F74CD6-003E-49B7-8A88-96813594847C}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{48530184-2314-4A56-BEA9-F43CD9E39F54}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{493AFB55-8439-4C6B-9912-F4E476571B6C}" = dir=out | app=c:\program files (x86)\atomi\activepresenter\activepresenter.exe |
"{4CC29450-8614-4667-AD11-3F9DD4A95806}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CCA6F6B-2DF6-4CEB-84E3-D77D527D0EC6}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{4D5DAE63-6720-4A0C-A4F7-913D9A8B1991}" = protocol=6 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe |
"{52CF5925-7135-4CAB-8007-84AAB5610820}" = dir=in | app=c:\program files (x86)\atomi\activepresenter\rlupdater.exe |
"{530F4FB5-F2C8-4AC4-B310-68A541073C0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{580B4358-A04A-4065-9C3B-1F8CB312CEA8}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{587E77EA-A25E-48AF-A7D5-75C2755281B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A1353FE-D83D-478D-968E-9DA44BD7F41E}" = protocol=6 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{5E13248C-529E-4373-AD06-359394A381AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E523133-FD33-4295-B518-F5EB10507EB5}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{5F008423-AE6F-41A1-AEF0-099F1023FB93}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{5F878737-B4EE-4C0E-B1D3-5D5CB8495087}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5FEEDFEE-ADC7-435F-8949-F5E21FC03466}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{614CC726-8E28-44C8-B1ED-C501012A9341}" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"{631804BB-94C4-442A-8E41-0DF57BA165ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbtcoms.exe |
"{655EA7D7-FCAF-49C5-8097-525A96D74434}" = protocol=1 | dir=out | [email protected],-28544 |
"{65A2B097-D814-449A-AA3E-341C4B0D173B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{66A2D1B0-F67A-46DE-A1ED-83A974742018}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"{6DB999B4-379F-46CC-8F5C-2E0FBD542671}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7193CDDB-F817-490B-A926-5B5A8DB47BD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75637BA5-F84F-4022-ADED-7CD5A840E32B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7673CAD6-DF22-414F-BA35-B95CC0DDA1B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{80327A19-21C0-44F5-BD86-D4F25264F8D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{80D417FD-77CA-4E54-9C8B-5C92A8B03FCB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{89FB2979-97DB-430A-833F-30D48660CE76}" = protocol=17 | dir=in | app=c:\users\jfarelas\downloads\cnet2_absetup_exe.exe |
"{8AB56F2C-AAFF-4E72-A316-3651A1782112}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{8AD17B07-B7F5-4C5D-956E-9CE29093A9A9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{8CBD2096-B706-44A3-8BA7-71BD4049E188}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8EFCDE00-C734-4780-9A9B-DB6B1F4FC29B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbtpswx.exe |
"{91163028-D674-49FB-8CB4-82A61C4CD8B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{922D7FBB-DBD1-4F72-9551-5810FD105435}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{927EF3BD-5E83-42E7-84BE-248CD545C5F7}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{96B45A3F-C646-4946-B6CC-6CEEAEC27033}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{989327A3-B799-499A-908E-F83D165BBD73}" = protocol=17 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe |
"{9B146818-B46F-416F-AD06-42D3AA8207FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbtcoms.exe |
"{9BD924F2-7868-44D3-8C6D-5817FF5BE6A2}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{9D0652D5-E128-434A-B514-794D64D4AA13}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9D0BD93F-1899-438A-B319-C755AE7666D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{9D1983DB-B9D8-48D0-B1C2-DC2E2741FA3A}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{9E36FEC4-E181-490D-A362-1FD6D30E6FC2}" = protocol=1 | dir=in | [email protected],-28543 |
"{9E783FAA-B7DF-4576-BB84-BA15B7C09426}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9EBA5B4D-61ED-49A4-B062-076F9573E0BB}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9F703D53-3007-4519-8852-438D50AFC06B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8C407D3-120F-4AE6-BE04-E810E04B0D17}" = protocol=17 | dir=in | app=c:\koramgame\stonline\_launcher.exe |
"{AEAB0C54-F756-49BB-AE16-724AFD9C2021}" = protocol=6 | dir=in | app=c:\koramgame\stonline\_launcher.exe |
"{AEBB4FB1-8F16-4A18-88DA-677C35A016D4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{B21EF2E0-DC4B-4C02-9B9C-A36F8CE17BDF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{B2C52A8D-1C78-4134-B0AB-5178395C4AF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5769528-80A7-4A1C-9947-D1C794AF5D14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B60F259C-8D4E-4D35-8B8E-3443C03BD202}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B6682ED5-1EBA-4BB1-B9CF-89B782D2F7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{B81E213A-3E28-422D-893E-C4ECD743E1E1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbtpswx.exe |
"{B921C429-D90C-46F2-BEC8-8FC8FAC21B32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB9C3FDD-D8E4-49C7-A176-46A1C885815C}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{BC1F2192-D569-4B3D-BECF-C0B72771E069}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC4198CE-230F-4DA9-98F4-EFFF284CB98E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEA9B6E8-AF0C-41DC-8FCA-B43F26E7A60C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CD1CBDC6-26BF-4A75-B41F-E2ACD798E42C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D244EC77-870A-4109-BB15-B78CBE551F61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2DF653A-6ED1-43C1-8EE9-FD7BBDAC6EBD}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D8A5956A-70EC-4DBC-B897-EFFB9BB4B831}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{D9EFCFFC-1A18-4958-BC98-B17B35F00DED}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{DCCE4BC8-C4D1-48B0-B7B2-C3CBF7550B6B}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{E1B84F09-15BC-45B3-A1ED-2A9B8BD286D8}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{E600F615-9F56-4EB2-A62A-9CDFA6D06A06}" = dir=out | app=c:\program files (x86)\atomi\activepresenter\rlupdater.exe |
"{E6E39E8F-BD2E-4A17-99BB-C857F1C89D55}" = protocol=6 | dir=in | app=c:\users\jfarelas\downloads\cnet2_absetup_exe.exe |
"{EA686009-C244-48B5-A0E5-A7B5D6BD7613}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{EB5C3C0E-7B5D-46B3-BE64-93EECCB3352B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F2ED6D43-4B70-4324-BC98-256ABA81B84D}" = protocol=17 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{F3C55EF1-6839-4363-99E8-D72B09EB3578}" = dir=in | app=c:\program files (x86)\atomi\activepresenter\rlactivator.exe |
"{F5CAA8C2-282B-43A9-BACA-8AF329B22004}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F9598150-681B-439C-A3EA-787E4A1E4FBD}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{F97262FD-9498-4367-9D06-74BB25906CF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD2CCB39-0CEE-457C-9D60-173D5B6C371C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{0EE3F128-8C08-46B3-B553-10A2D042C2E0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{136A82E6-2681-46F8-80E8-DEEA95568957}C:\users\jfarelas\desktop\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\jfarelas\desktop\diablo-iii-8370-enus-installer-downloader.exe |
"TCP Query User{2C34B04E-DF54-4D35-9B7B-241942AB97F8}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{5BFF77AD-63E1-4A50-90C8-2570DE7E572E}C:\users\jfarelas\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\jfarelas\downloads\diablo-iii-8370-enus-installer-downloader.exe |
"TCP Query User{61C371BF-5B7B-474E-A643-ECB46A06023B}C:\users\jfarelas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jfarelas\appdata\local\akamai\netsession_win.exe |
"TCP Query User{65D4EED0-6FCA-4792-A06C-F7817A02863F}C:\program files (x86)\sony\vegas pro 8.0\vegsrv80.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vegas pro 8.0\vegsrv80.exe |
"TCP Query User{6A91F576-090D-4B03-915E-0B08A9C75811}C:\users\jfarelas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jfarelas\appdata\local\akamai\netsession_win.exe |
"TCP Query User{87F5D426-5CDC-4926-A945-6592E920F9D4}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{8B48790F-6BC7-4EE9-A98D-199DCB24FDCE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{9999B5D1-CF1A-4388-BE61-10FEF9D41915}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{A1853644-EBA3-4A0B-8FE1-AF3302CDD0D5}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{BF522122-6C1E-4367-9319-A65B409C9B70}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{C3BF14ED-1889-479F-97BF-292F07EC3B6A}C:\users\jfarelas\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\jfarelas\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{D216843F-0BC0-4D33-BE0A-1157770047ED}C:\users\jfarelas\appdata\local\opera\opera\temporary_downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\jfarelas\appdata\local\opera\opera\temporary_downloads\diablo-iii-8370-enus-installer-downloader.exe |
"TCP Query User{D40B977D-F12C-4AE5-A8B8-DAD100A2FF56}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{D82E81C3-C419-4925-9B2E-86C81FCAFB15}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{DEDF27E2-D1F7-4E28-ABC3-FD41D39FF1DC}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{F58F7D75-EA16-40C5-B125-95C219AA806F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{17BCB1D0-35E2-4463-B95D-2198BB7CD432}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{17F5ED6D-73BA-45F1-B802-E5C291F6B701}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"UDP Query User{1DACAF3E-A831-4CCF-A2AE-F30BF97DD89D}C:\users\jfarelas\appdata\local\opera\opera\temporary_downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\jfarelas\appdata\local\opera\opera\temporary_downloads\diablo-iii-8370-enus-installer-downloader.exe |
"UDP Query User{346F406C-10E8-4735-9F8B-567F18BDDE38}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{67EE293C-1FB3-497B-A5FF-55F0E77FC71F}C:\users\jfarelas\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\jfarelas\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{6E993272-0BAD-40D3-AC7E-9FADFD7A496A}C:\users\jfarelas\desktop\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\jfarelas\desktop\diablo-iii-8370-enus-installer-downloader.exe |
"UDP Query User{79654DB7-FC15-44EB-A77A-867258937A7E}C:\users\jfarelas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jfarelas\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7C006545-3D68-4C4B-9657-A35FA083DFBF}C:\users\jfarelas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jfarelas\appdata\local\akamai\netsession_win.exe |
"UDP Query User{811E9AB5-A766-44A9-A406-DEDFCD712E4C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{81AC5B7F-7B5B-4CCB-ADC6-BBD4E25287C4}C:\users\jfarelas\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\jfarelas\downloads\diablo-iii-8370-enus-installer-downloader.exe |
"UDP Query User{8E2348A5-4013-4696-8F19-66B5DCEE03A7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{9AC7584B-1334-42A7-8834-6E2C2AFFB1A7}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{9FFE1716-F85F-489E-AA52-540B3961E507}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{A796BB01-094F-428C-B268-DC7680F19FE0}C:\program files (x86)\sony\vegas pro 8.0\vegsrv80.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vegas pro 8.0\vegsrv80.exe |
"UDP Query User{B31044D9-2944-4B6C-98CA-4A6DFED3CADF}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{CFC996A7-5B45-4D0F-9DE7-A749982FE843}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{EA4F6217-47E8-4DF6-91A5-9414E86548B5}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{FAD9BCFF-6F25-426B-8466-8E4BAE8D12A8}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{80E38EF5-6496-6F66-CF36-C6AE11E45DFA}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark 5200 Series" = Lexmark 5200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14FE48DA-E172-4CC5-B397-92ECA4B0E088}" = STOnline
"{17A059C7-6946-1327-A839-2E5DBCCCCF7F}" = Catalyst Control Center Localization All
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{415ADF7E-6DB8-4481-86C0-1CEC0163CC7B}" = Nexon Game Manager
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1" = ActivePresenter
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD5B5B9F-2C68-0B50-3FBB-053FF9DA0441}" = CCC Help English
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4
"{C31C8291-F1A6-5B8E-0235-349B08B1F4E8}" = Catalyst Control Center Graphics Previews Vista
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFD5EA43-33C7-B45A-0C22-5BDCFF27342B}" = ccc-core-static
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C7D031-9878-C7B9-36E0-0C097F51632D}" = Catalyst Control Center Graphics Previews Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F27BAAE4-7559-1836-67D7-70E27486C9E2}" = HydraVision
"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"AhnLab Online Security" = AhnLab Online Security
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Combat Arms" = Combat Arms
"Dell Dock" = Dell Dock
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FlashGet3.7" = FlashGet3.7
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster
"GoToAssist" = GoToAssist 8.0.0.514
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Maple" = MapleStory
"MapleStory" = MapleStory
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Smart Defrag 2_is1" = Smart Defrag 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek2" = SoulSeek 157 NS 13c
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3195389507-3672305450-632222044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"JoinMe" = join.me
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2012 7:04:32 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4f97994e Faulting module name: MapleStory.exe, version: 1.0.0.1, time stamp:
0x4f97994e Exception code: 0xc0000005 Fault offset: 0x007f7b16 Faulting process id:
0x1bf0 Faulting application start time: 0x01cd2d6eaffd3b9e Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Nexon\MapleStory\MapleStory.exe
Report
Id: 2bdc87dd-9962-11e1-9592-00256486d2f3

Error - 5/8/2012 8:02:16 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4f97994e Faulting module name: MapleStory.exe, version: 1.0.0.1, time stamp:
0x4f97994e Exception code: 0xc0000005 Fault offset: 0x007f7b16 Faulting process id:
0xa94 Faulting application start time: 0x01cd2d6f52b62043 Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Nexon\MapleStory\MapleStory.exe
Report
Id: 3c3e72e6-996a-11e1-9592-00256486d2f3

Error - 5/8/2012 8:07:23 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4f97994e Faulting module name: MapleStory.exe, version: 1.0.0.1, time stamp:
0x4f97994e Exception code: 0xc0000005 Fault offset: 0x007f7b16 Faulting process id:
0x1410 Faulting application start time: 0x01cd2d7732140630 Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Nexon\MapleStory\MapleStory.exe
Report
Id: f33c15b4-996a-11e1-9592-00256486d2f3

Error - 5/8/2012 8:09:34 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4f97994e Faulting module name: MapleStory.exe, version: 1.0.0.1, time stamp:
0x4f97994e Exception code: 0xc0000005 Fault offset: 0x007f7b16 Faulting process id:
0x1ac4 Faulting application start time: 0x01cd2d77cec16f5c Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Nexon\MapleStory\MapleStory.exe
Report
Id: 417ad520-996b-11e1-9592-00256486d2f3

Error - 5/9/2012 11:26:34 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: dragonsaga.exe, version: 0.11.32.0, time
stamp: 0x4fa0da4d Faulting module name: dragonsaga.exe, version: 0.11.32.0, time
stamp: 0x4fa0da4d Exception code: 0xc0000005 Fault offset: 0x00a8c5c7 Faulting process
id: 0xcc0 Faulting application start time: 0x01cd2e53de57fbe4 Faulting application
path: C:\Program Files (x86)\Gravity\DragonSaga\Release\dragonsaga.exe Faulting
module path: C:\Program Files (x86)\Gravity\DragonSaga\Release\dragonsaga.exe Report
Id: f12fd67b-9a4f-11e1-9592-00256486d2f3

Error - 5/10/2012 10:37:15 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4fa8b5ad Faulting module name: MapleStory.exe, version: 1.0.0.1, time stamp:
0x4fa8b5ad Exception code: 0xc0000005 Fault offset: 0x00803536 Faulting process id:
0x1b60 Faulting application start time: 0x01cd2effedce9e80 Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Nexon\MapleStory\MapleStory.exe
Report
Id: 37fb297c-9b12-11e1-9592-00256486d2f3

Error - 5/11/2012 1:58:58 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4fa8b5ad Faulting module name: MapleStory.exe, version: 1.0.0.1, time stamp:
0x4fa8b5ad Exception code: 0xc0000005 Fault offset: 0x00803536 Faulting process id:
0x1b68 Faulting application start time: 0x01cd2f8863178ab9 Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Nexon\MapleStory\MapleStory.exe
Report
Id: faf8c7ab-9b92-11e1-9592-00256486d2f3

Error - 5/12/2012 1:14:24 AM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: _Launcher.exe, version: 1.1.1.1, time stamp:
0x4faa2aa5 Faulting module name: _Launcher.exe, version: 1.1.1.1, time stamp: 0x4faa2aa5
Exception
code: 0xc0000005 Fault offset: 0x004841a6 Faulting process id: 0x1394 Faulting application
start time: 0x01cd2ff5e8f5414d Faulting application path: C:\koramgame\STOnline\_Launcher.exe
Faulting
module path: C:\koramgame\STOnline\_Launcher.exe Report Id: 566dc571-9bf1-11e1-9592-00256486d2f3

Error - 5/12/2012 9:39:45 PM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: _Launcher.exe, version: 1.1.1.1, time stamp:
0x4faa2aa5 Faulting module name: _Launcher.exe, version: 1.1.1.1, time stamp: 0x4faa2aa5
Exception
code: 0xc0000005 Fault offset: 0x004841a6 Faulting process id: 0x1b64 Faulting application
start time: 0x01cd309a5f4d103d Faulting application path: C:\koramgame\STOnline\_Launcher.exe
Faulting
module path: C:\koramgame\STOnline\_Launcher.exe Report Id: 843b39ef-9c9c-11e1-967c-00256486d2f3

Error - 5/13/2012 12:32:13 AM | Computer Name = Jfarelas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4fa8b5ad Faulting module name: MapleStory.exe, version: 1.0.0.1, time stamp:
0x4fa8b5ad Exception code: 0xc0000005 Fault offset: 0x004599ff Faulting process id:
0x1134 Faulting application start time: 0x01cd30c1054a7aee Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Nexon\MapleStory\MapleStory.exe
Report
Id: 9c161c08-9cb4-11e1-967c-00256486d2f3

[ Dell Events ]
Error - 10/2/2010 3:34:34 AM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/2/2010 3:34:34 AM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/3/2010 6:47:18 PM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/3/2010 6:47:18 PM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/17/2011 11:06:05 AM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/17/2011 11:06:05 AM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/24/2011 11:16:24 AM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/24/2011 11:16:24 AM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/3/2011 11:23:15 AM | Computer Name = Jfarelas-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 5/30/2012 1:07:15 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%32

Error - 5/30/2012 1:07:44 PM | Computer Name = Jfarelas-PC | Source = DCOM | ID = 10010
Description =

Error - 5/30/2012 1:07:44 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%32

Error - 5/30/2012 1:08:15 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%32

Error - 5/30/2012 1:08:47 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%32

Error - 6/2/2012 2:42:52 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7030
Description = The FileZilla Server FTP server service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 6/5/2012 8:05:38 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/7/2012 8:58:07 PM | Computer Name = Jfarelas-PC | Source = DCOM | ID = 10010
Description =

Error - 6/7/2012 8:59:41 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 6/7/2012 9:00:11 PM | Computer Name = Jfarelas-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 20:18:07
-----------------------------
20:18:07.501 OS Version: Windows x64 6.1.7601 Service Pack 1
20:18:07.501 Number of processors: 2 586 0x170A
20:18:07.502 ComputerName: JFARELAS-PC UserName: Jfarelas
20:18:09.836 Initialize success
20:19:14.279 AVAST engine defs: 12060701
20:21:00.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:21:00.564 Disk 0 Vendor: ST350041 CC45 Size: 476940MB BusType: 3
20:21:00.577 Disk 0 MBR read successfully
20:21:00.581 Disk 0 MBR scan
20:21:00.587 Disk 0 Windows VISTA default MBR code
20:21:00.589 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:21:00.602 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:21:00.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
20:21:00.633 Disk 0 scanning C:\Windows\system32\drivers
20:21:10.180 Service scanning
20:21:29.924 Modules scanning
20:21:29.937 Disk 0 trace - called modules:
20:21:29.970 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:21:29.975 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048fa060]
20:21:29.979 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80043bf050]
20:21:35.761 AVAST engine scan C:\Windows
20:21:37.925 AVAST engine scan C:\Windows\system32
20:24:34.697 AVAST engine scan C:\Windows\system32\drivers
20:24:47.043 AVAST engine scan C:\Users\Jfarelas
20:37:54.908 File: C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\lptlf.dll **INFECTED** Win32:Adware-gen [Adw]
20:40:43.408 AVAST engine scan C:\ProgramData
20:45:21.682 Scan finished successfully
20:46:14.603 Disk 0 MBR has been saved successfully to "C:\Users\Jfarelas\Desktop\MBR.dat"
20:46:14.607 The log file has been saved successfully to "C:\Users\Jfarelas\Desktop\aswMBR.txt"

Attached Files


  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi trips487,

The good new is I don't see anything major on the system. Let's clean up what the logs show and see where we are.

Also, you don't need to attach the logs to the post. A copy and paste of the log(s) is all I need. If I need anything attached I will let you know.


You have the following Peer-to-Peer program(s) installed:

BitTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.

While you are at it I would recommend that you uninstall Iobit Advanced System Care 5 and IObit Malware Fighter.
These products and all the IOBIT products consume resources unnecessarily and often try to get you to buy the paid version to fix any real issue.
We have alternates that we will use and recommend that do not do that.

I would also recommend that you uninstall Eusing Free Registry Cleaner

GeeksToGo does not recommend the use registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.


Step-1.

Optional Removals


1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

BitTorrent
Iobit Advanced System Care 5
IObit Malware Fighter
Eusing Free Registry Cleaner


3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files(x86)\BitTorrent
C:\Program Files(x86}\IObit


2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff19829ea8
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:9050
[2012/04/17 20:38:45 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3195389507-3672305450-632222044-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.

:FILES
ipconfig /flushdns /c
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\lptlf.dll

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.



We need to have a file scanned:

Step-3.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • In the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan

    C:\koramgame\STOnline\avital\wyqku64.sys.
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button and wait for the reply.
  • Copy and paste the Virustotal link(s) (URL) in your next reply.


Step-4.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-5.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log
3. The results from the Virustotal upload
4. The TDSSKiller log
5. Tell me how the computer is running now.
  • 0

#5
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Just a quick notice. I been busy all weekend and was at the Dentist today. However, I will get my part done for this sometime tmrw. Thank you for the help.
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
:thumbsup:
  • 0

#7
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
System seems fine now and I haven't received any emails about someone trying to get into my hotmail account anymore. So I think things are fixed now but unsure.




OTL Fixes:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\[email protected] folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3195389507-3672305450-632222044-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jfarelas\Desktop\cmd.bat deleted successfully.
C:\Users\Jfarelas\Desktop\cmd.txt deleted successfully.
C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\lptlf.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jfarelas
->Temp folder emptied: 203309353 bytes
->Temporary Internet Files folder emptied: 82051095 bytes
->Java cache emptied: 36849620 bytes
->FireFox cache emptied: 1124070815 bytes
->Google Chrome cache emptied: 376477607 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 34866 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32594653 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,770.00 mb


OTL by OldTimer - Version 3.2.47.0 log created on 06122012_224615

Files\Folders moved on Reboot...
C:\Users\Jfarelas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


OTL log


OTL logfile created on: 6/12/2012 10:54:08 PM - Run 2
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Jfarelas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.77% Memory free
8.00 Gb Paging File | 6.19 Gb Available in Paging File | 77.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 326.73 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive X: | 14.65 Gb Total Space | 9.03 Gb Free Space | 61.61% Space Free | Partition Type: NTFS

Computer Name: JFARELAS-PC | User Name: Jfarelas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 22:51:39 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
PRC - [2012/06/12 15:59:40 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/12 15:59:39 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/07 20:02:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
PRC - [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/05/03 03:50:24 | 000,230,320 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/12 22:51:39 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
MOD - [2012/06/12 15:59:40 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/12 15:59:39 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/06 11:06:17 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 04:13:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 03:55:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:37:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:36:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll
MOD - [2012/05/12 03:36:40 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/12 03:36:24 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:36:18 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 03:36:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/12 03:36:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:35:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:35:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:35:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:35:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/09 13:38:27 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2005/09/20 08:40:20 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5200 Series\lxbtdrec.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/12 22:53:36 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/05/03 03:49:48 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbtcoms.exe -- (lxbt_device)
SRV - [2012/06/12 22:39:49 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/12 15:59:40 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/06 11:06:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/22 22:35:24 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/06/07 09:08:00 | 004,825,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/09 19:57:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/09 19:46:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/28 00:12:00 | 000,182,872 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2011/09/28 00:12:00 | 000,107,096 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2011/09/28 00:12:00 | 000,097,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/05/11 23:24:58 | 000,050,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\koramgame\STOnline\avital\wyqku64.sys -- (uqk)
DRV - [2012/04/15 17:58:18 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/30 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}
IE:64bit: - HKLM\..\SearchScopes\{0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{E9C1531F-6396-405E-91A3-C7E6260BBC9E}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...DT3&ocid=bdtdhp
IE - HKCU\..\SearchScopes,DefaultScope = {2FD59BD9-496D-43F8-9121-9E4CEEE174BB}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKCU\..\SearchScopes\{2FD59BD9-496D-43F8-9121-9E4CEEE174BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8EA94DB3-7D8A-42FF-BFF7-5005AE386A83}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-04-19 02:11:51&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B93A2DEA-4568-406F-83EF-5FFC71D8FACD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll File not found
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jfarelas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Jfarelas\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\OpinionSquare
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/23 01:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 09:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/12 15:59:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/07 19:37:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 08:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 22:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 22:42:53 | 000,000,000 | ---D | M]

[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions
[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/17 20:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions
[2012/03/25 12:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\staged
[2012/06/12 22:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\sgjxpb9b.default\extensions
[2012/06/12 22:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/31 15:23:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/12 22:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/06 11:06:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/12 15:59:39 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
CHR - plugin: AhnLab Online Security Anti-keylogger (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npNxGame.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jfarelas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Jfarelas\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jfarelas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AOL Lifestream = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnabicdoplelkdcpdiodoodgdebaolcn\1.0.0.5_0\
CHR - Extension: AdBlock = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.30_0\
CHR - Extension: AVG Safe Search = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Poppit = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/04/19 01:37:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jfarelas\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXBTCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXBTtime.DLL ()
O4:64bit: - HKLM..\Run: [lxbtmon.exe] c:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jfarelas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://platform.nex...nlab/aosmgr.cab (Aosmgr Control)
O16 - DPF: {0D8004AA-A1CB-4F92-BBEB-0A824B1EE2A2} http://ws.nopp.co.kr.../HGLauncher.cab (HGLauncher Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://d1ylr6sba64qi...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54DAE659-3733-41D7-A1AB-9628E6A64F76}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1E5918D-296B-48BD-92FD-B4B9653DB506}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 22:55:59 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jfarelas\Desktop\tdsskiller.exe
[2012/06/12 22:52:57 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/12 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/12 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2012/06/12 22:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/12 22:46:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/12 22:42:05 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\Macromedia
[2012/06/12 21:09:37 | 2187,711,060 | ---- | C] (Nexon) -- C:\Users\Jfarelas\Desktop\DragonNestSetupV87.exe
[2012/06/12 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{879B375B-76D2-4BCF-A750-2C6362AAC1AA}
[2012/06/12 13:49:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F38075C4-755B-4945-9FE2-C4B959CB06EB}
[2012/06/12 01:49:10 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{CDE01672-AB16-404D-94F9-BABA9B029B16}
[2012/06/11 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{B22A30F3-97BC-4020-82C2-BCA87B75FD44}
[2012/06/11 01:47:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{97A1847C-17A8-447E-B805-49AAE721E75E}
[2012/06/10 13:47:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{54A231D3-1833-49FB-AEAE-2E9FAE0A6E09}
[2012/06/10 13:13:03 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\jagexcache1
[2012/06/10 02:01:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\jagexcache
[2012/06/10 01:46:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{AE08D22F-4B06-449A-99D0-F559C0C172B9}
[2012/06/09 13:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{EC4ACC1C-EAC4-44C0-9A8F-020B0503D52C}
[2012/06/09 01:45:35 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A3912A14-D8D5-40E1-A614-AB4AC2E1AEB3}
[2012/06/08 13:45:00 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1BEE29DC-3BD3-4095-98EB-B6446EE8391E}
[2012/06/08 13:44:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{4BC779EF-3C33-4906-8EBF-06D9C9A7AD37}
[2012/06/07 20:17:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jfarelas\Desktop\aswMBR.exe
[2012/06/07 20:02:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
[2012/06/07 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{31BCD908-4BE3-4D8B-9663-2DD32C4B5496}
[2012/06/07 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{395A9878-6821-428C-916C-4D7CF585B8A5}
[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/06 14:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{71D820C1-925E-47E7-8F50-39E8B671D688}
[2012/06/06 02:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{092610F6-1F2B-459D-A766-4979F5B0346F}
[2012/06/05 14:37:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6AF2E6FF-FF4F-4403-BFB5-7D3FC8014B53}
[2012/06/05 02:37:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{BEB2DB6B-FEA3-4E71-B5E7-3A6C35D735BC}
[2012/06/05 02:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePresenter
[2012/06/05 02:18:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Documents\ActivePresenter
[2012/06/05 02:15:24 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\ActivePresenter
[2012/06/05 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
[2012/06/05 02:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATOMI
[2012/06/04 14:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F8792848-E99F-4198-8156-911F26117FD9}
[2012/06/04 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8CF08B7E-3901-4ABA-B079-8770256A4543}
[2012/06/01 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{52190482-4EF8-493E-B2EE-3BDF7B852BD9}
[2012/06/01 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{189A5844-CF7C-4BBD-953D-E35B7E4EDBC6}
[2012/05/31 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6B954DF5-6F6D-4993-A986-C45AB1F2D045}
[2012/05/31 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A66EC326-F778-4578-9CA3-0C497D705D8B}
[2012/05/30 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{C23CED9B-2698-4B95-8AC8-256A9CD74101}
[2012/05/30 23:34:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5EEECD08-319C-4094-B2A4-AD504B8648EF}
[2012/05/30 11:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DEB1D29D-DC38-496B-9312-29371698663B}
[2012/05/29 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{99E81964-443D-40F0-B92F-802651B00559}
[2012/05/29 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E0E878E0-4D68-422D-85E9-73251292B42A}
[2012/05/29 09:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/28 23:32:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{2C35C83E-9D37-471C-8F37-952C9F9A95A0}
[2012/05/28 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F5499DB7-E977-42D3-A99F-B3E29658B35D}
[2012/05/28 11:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0B34E010-9EB1-414D-A79D-EC280DC9E40F}
[2012/05/27 10:42:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\GMSMultipleMaplesV1.10c
[2012/05/27 00:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5CE92C9D-E30F-4A2F-B34A-46B9C89B9512}
[2012/05/26 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{36735765-409E-4864-AEA6-0C15B0861980}
[2012/05/26 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{058E7D71-AB2C-4E03-AC3C-D489FC11ACF6}
[2012/05/25 12:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6BBF92EF-A51A-43A8-87D0-B6A30F854DB2}
[2012/05/25 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{517926A8-4E16-40B2-9087-213396ACFE15}
[2012/05/25 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{916E1D77-B819-4437-9E2D-2FA0BEE7BACA}
[2012/05/25 00:11:42 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{D58744F2-9BCD-49AF-B02E-B2076250EC60}
[2012/05/24 19:37:08 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\MapleStory
[2012/05/24 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8E9F16AB-214E-4D7B-BA69-B5ED85E7E46A}
[2012/05/24 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7A0C6C71-E7CC-489E-B0B6-12FF98E4BE15}
[2012/05/24 12:10:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A4D2BABD-130D-4C91-99FB-368C4C96B44D}
[2012/05/24 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1F3A4A5E-4883-449C-BFD8-A21ECD293073}
[2012/05/23 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A22781F7-3F9B-4DDD-B909-B0F0F2F4667F}
[2012/05/23 00:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{41AF81D1-C665-413C-AB30-FC3E3A55C42D}
[2012/05/22 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Unity
[2012/05/22 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DFAE591B-827A-4E9D-A640-6F60BE2776D5}
[2012/05/22 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0C0D609B-3186-4B12-ACF5-F9A1D783E6D9}
[2012/05/22 00:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E857EED4-9F70-4941-B875-D4728033BC70}
[2012/05/20 02:32:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E26020CC-4742-4756-9702-9C7D3E8CF760}
[2012/05/19 03:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{EF402122-C6B3-405D-85D2-E8E4BE98F231}
[2012/05/19 03:27:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{4880D5C7-9620-4EC6-9638-397FC4CBC18C}
[2012/05/17 21:44:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/16 15:26:09 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E7B60EC6-6133-4001-BD9D-F8FF7B7C771B}
[2012/05/16 01:18:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{55DBEE05-E53F-4BB2-B053-6E979E05DDAC}
[2012/05/14 23:40:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0E47E3C6-A301-46E8-8421-8682EB8DB688}
[2012/05/14 23:39:54 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{55F5B13D-B8FE-4D84-99D1-4BCAD7579D53}
[2012/05/14 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Documents\Diablo III
[2012/05/14 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{08869591-C6B0-4376-836C-B5DB8B272796}
[2012/05/14 12:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 12:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/14 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{61A830ED-5045-4206-A1C5-5CFC898ECFD7}

========== Files - Modified Within 30 Days ==========

[2012/06/12 22:58:34 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 22:58:34 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 22:56:02 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jfarelas\Desktop\tdsskiller.exe
[2012/06/12 22:52:52 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/12 22:52:24 | 000,000,248 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2012/06/12 22:51:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 22:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 22:50:56 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 21:43:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000UA.job
[2012/06/12 21:33:58 | 2187,711,060 | ---- | M] (Nexon) -- C:\Users\Jfarelas\Desktop\DragonNestSetupV87.exe
[2012/06/12 21:08:38 | 001,951,344 | ---- | M] () -- C:\Users\Jfarelas\Desktop\DragonNestDownloaderV87.exe
[2012/06/12 17:25:39 | 100,275,833 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/12 09:43:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000Core.job
[2012/06/12 00:11:40 | 000,000,047 | ---- | M] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE.dat
[2012/06/10 13:14:43 | 000,000,048 | ---- | M] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE1.dat
[2012/06/09 17:25:04 | 000,500,050 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/07 20:46:14 | 000,000,512 | ---- | M] () -- C:\Users\Jfarelas\Desktop\MBR.dat
[2012/06/07 20:17:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jfarelas\Desktop\aswMBR.exe
[2012/06/07 20:02:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
[2012/06/07 00:46:50 | 000,002,991 | ---- | M] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/05 15:01:19 | 012,674,048 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:31:34 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/05/31 23:14:06 | 000,000,989 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/29 09:03:39 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/05/14 12:23:15 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk

========== Files Created - No Company Name ==========

[2012/06/12 22:52:52 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/12 22:51:24 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2012/06/12 21:08:36 | 001,951,344 | ---- | C] () -- C:\Users\Jfarelas\Desktop\DragonNestDownloaderV87.exe
[2012/06/10 13:13:03 | 000,000,048 | ---- | C] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE1.dat
[2012/06/10 02:01:41 | 000,000,047 | ---- | C] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE.dat
[2012/06/07 20:46:14 | 000,000,512 | ---- | C] () -- C:\Users\Jfarelas\Desktop\MBR.dat
[2012/06/07 00:46:50 | 000,002,991 | ---- | C] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/05 15:01:18 | 012,674,048 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:30:15 | 003,756,544 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Paint.NET.3.5.10.Install.exe
[2012/05/31 23:14:06 | 000,000,989 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/05/14 12:22:52 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/03/28 19:41:01 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2012/03/28 19:27:45 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2012/03/28 18:57:58 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/03/17 17:28:36 | 000,086,394 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\terrain.png
[2012/03/17 17:28:36 | 000,011,771 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\particles.png
[2012/03/17 17:28:36 | 000,006,667 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\color.properties
[2012/03/17 17:28:36 | 000,004,733 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\pack.png
[2011/06/30 15:20:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/10 23:05:03 | 000,003,584 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 15:02:09 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtserv.dll
[2011/03/29 15:02:09 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtusb1.dll
[2011/03/29 15:02:09 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbthbn3.dll
[2011/03/29 15:02:09 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomc.dll
[2011/03/29 15:02:09 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpmui.dll
[2011/03/29 15:02:09 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtlmpm.dll
[2011/03/29 15:02:09 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcoms.exe
[2011/03/29 15:02:09 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomm.dll
[2011/03/29 15:02:09 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtinpa.dll
[2011/03/29 15:02:09 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtiesc.dll
[2011/03/29 15:02:09 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtih.exe
[2011/03/29 15:02:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxbtcomx.dll
[2011/03/29 15:02:09 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcfg.exe
[2011/03/29 15:02:09 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxbtinst.dll
[2011/03/29 15:02:09 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtppls.exe
[2011/03/29 15:02:09 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtprox.dll
[2011/03/29 15:02:09 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpplc.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/04 13:09:11 | 000,007,597 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\Resmon.ResmonCfg
[2010/11/26 14:22:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/19 18:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/16 01:50:53 | 000,001,032 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/20 23:15:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== LOP Check ==========

[2012/04/14 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\.minecraft
[2010/08/08 14:05:48 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\acccore
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\achievement
[2011/01/12 23:41:31 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Acreon
[2012/06/05 23:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\ActivePresenter
[2012/02/01 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\anim
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\armor
[2012/04/16 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Avant Downloader
[2012/04/19 02:11:03 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\AVG2012
[2012/04/17 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Babylon
[2012/06/12 22:52:24 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\BITS
[2012/06/12 22:23:55 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\BitTorrent
[2011/11/13 23:32:53 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\CoreFTP
[2012/01/29 21:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\environment
[2012/01/02 15:22:03 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\EurekaLog
[2012/06/02 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FileZilla
[2012/03/28 19:41:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashGet
[2012/03/28 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashGetBHO
[2012/03/28 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\FlashgetSetup
[2012/02/10 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Foxit Software
[2012/02/01 18:41:04 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\gui
[2012/06/05 19:06:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\IObit
[2011/11/26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\item
[2012/05/11 23:08:46 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\KlLauncherST
[2012/01/28 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\LolClient
[2012/02/24 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\misc
[2012/02/26 16:36:30 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\mob
[2011/03/24 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\NeopleLauncherDFO
[2010/08/09 14:35:27 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\OpenOffice.org
[2012/04/17 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Opera
[2011/06/30 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Publish Providers
[2011/06/04 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\RoboForm
[2012/01/07 22:21:27 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\S.A.D
[2010/09/21 07:49:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Sony
[2012/04/15 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\SystemRequirementsLab
[2011/03/01 10:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\TeamViewer
[2011/02/24 02:33:10 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Template
[2012/03/04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\terrain
[2012/05/22 19:28:51 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Unity
[2010/10/21 14:55:12 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\Windows Live Writer
[2012/03/04 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\Jfarelas\AppData\Roaming\__MACOSX
[2012/06/12 09:43:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000Core.job
[2012/06/12 21:43:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000UA.job
[2011/08/16 20:10:56 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >


Virus scan:

https://www.virustot...sis/1339559724/


TDSKiller:

23:01:43.0425 7928 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:01:43.0806 7928 ============================================================
23:01:43.0806 7928 Current date / time: 2012/06/12 23:01:43.0806
23:01:43.0806 7928 SystemInfo:
23:01:43.0806 7928
23:01:43.0806 7928 OS Version: 6.1.7601 ServicePack: 1.0
23:01:43.0806 7928 Product type: Workstation
23:01:43.0806 7928 ComputerName: JFARELAS-PC
23:01:43.0806 7928 UserName: Jfarelas
23:01:43.0806 7928 Windows directory: C:\Windows
23:01:43.0806 7928 System windows directory: C:\Windows
23:01:43.0806 7928 Running under WOW64
23:01:43.0806 7928 Processor architecture: Intel x64
23:01:43.0806 7928 Number of processors: 2
23:01:43.0806 7928 Page size: 0x1000
23:01:43.0806 7928 Boot type: Normal boot
23:01:43.0806 7928 ============================================================
23:01:44.0176 7928 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:01:44.0206 7928 ============================================================
23:01:44.0206 7928 \Device\Harddisk0\DR0:
23:01:44.0206 7928 MBR partitions:
23:01:44.0206 7928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
23:01:44.0206 7928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
23:01:44.0206 7928 ============================================================
23:01:44.0256 7928 C: <-> \Device\Harddisk0\DR0\Partition1
23:01:44.0256 7928 ============================================================
23:01:44.0256 7928 Initialize success
23:01:44.0256 7928 ============================================================
23:01:49.0606 4944 ============================================================
23:01:49.0606 4944 Scan started
23:01:49.0606 4944 Mode: Manual; SigCheck; TDLFS;
23:01:49.0606 4944 ============================================================
23:01:50.0366 4944 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:01:50.0416 4944 !SASCORE - ok
23:01:50.0726 4944 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:01:50.0746 4944 1394ohci - ok
23:01:50.0856 4944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:01:50.0876 4944 ACPI - ok
23:01:50.0886 4944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:01:50.0906 4944 AcpiPmi - ok
23:01:51.0076 4944 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:01:51.0096 4944 AdobeARMservice - ok
23:01:51.0356 4944 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:01:51.0376 4944 AdobeFlashPlayerUpdateSvc - ok
23:01:51.0406 4944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:01:51.0416 4944 adp94xx - ok
23:01:51.0536 4944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:01:51.0556 4944 adpahci - ok
23:01:51.0596 4944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:01:51.0606 4944 adpu320 - ok
23:01:51.0736 4944 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:01:51.0776 4944 AeLookupSvc - ok
23:01:51.0916 4944 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:01:51.0946 4944 AFD - ok
23:01:52.0006 4944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:01:52.0016 4944 agp440 - ok
23:01:52.0816 4944 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
23:01:52.0816 4944 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
23:01:52.0826 4944 Akamai ( HiddenFile.Multi.Generic ) - warning
23:01:52.0826 4944 Akamai - detected HiddenFile.Multi.Generic (1)
23:01:54.0597 4944 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:01:54.0617 4944 ALG - ok
23:01:54.0737 4944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:01:54.0757 4944 aliide - ok
23:01:54.0848 4944 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
23:01:54.0868 4944 AMD External Events Utility - ok
23:01:54.0868 4944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:01:54.0878 4944 amdide - ok
23:01:54.0918 4944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:01:54.0948 4944 AmdK8 - ok
23:01:56.0128 4944 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
23:01:56.0228 4944 amdkmdag - ok
23:01:57.0958 4944 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
23:01:57.0978 4944 amdkmdap - ok
23:01:58.0048 4944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:01:58.0058 4944 AmdPPM - ok
23:01:58.0158 4944 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:01:58.0168 4944 amdsata - ok
23:01:58.0248 4944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:01:58.0278 4944 amdsbs - ok
23:01:58.0318 4944 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:01:58.0328 4944 amdxata - ok
23:01:58.0388 4944 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:01:58.0438 4944 AppID - ok
23:01:58.0468 4944 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:01:58.0508 4944 AppIDSvc - ok
23:01:58.0598 4944 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:01:58.0628 4944 Appinfo - ok
23:01:58.0808 4944 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:01:58.0828 4944 Apple Mobile Device - ok
23:01:58.0928 4944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:01:58.0948 4944 arc - ok
23:01:59.0028 4944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:01:59.0058 4944 arcsas - ok
23:01:59.0198 4944 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:01:59.0208 4944 aspnet_state - ok
23:01:59.0248 4944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:59.0278 4944 AsyncMac - ok
23:01:59.0338 4944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:01:59.0348 4944 atapi - ok
23:02:01.0218 4944 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
23:02:01.0318 4944 atikmdag - ok
23:02:03.0258 4944 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:02:03.0298 4944 AudioEndpointBuilder - ok
23:02:03.0298 4944 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:02:03.0338 4944 AudioSrv - ok
23:02:03.0798 4944 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
23:02:03.0808 4944 AVG Security Toolbar Service - ok
23:02:05.0009 4944 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
23:02:05.0089 4944 AVGIDSAgent - ok
23:02:05.0179 4944 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:02:05.0199 4944 AVGIDSDriver - ok
23:02:05.0259 4944 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
23:02:05.0269 4944 AVGIDSFilter - ok
23:02:05.0299 4944 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
23:02:05.0309 4944 AVGIDSHA - ok
23:02:05.0329 4944 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
23:02:05.0349 4944 Avgldx64 - ok
23:02:05.0369 4944 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:02:05.0379 4944 Avgmfx64 - ok
23:02:05.0389 4944 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:02:05.0399 4944 Avgrkx64 - ok
23:02:05.0429 4944 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
23:02:05.0449 4944 Avgtdia - ok
23:02:05.0529 4944 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:02:05.0539 4944 avgwd - ok
23:02:05.0579 4944 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:02:05.0819 4944 AxInstSV - ok
23:02:05.0869 4944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:02:05.0889 4944 b06bdrv - ok
23:02:05.0909 4944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:02:05.0919 4944 b57nd60a - ok
23:02:06.0059 4944 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:02:06.0079 4944 BDESVC - ok
23:02:06.0129 4944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:02:06.0159 4944 Beep - ok
23:02:06.0399 4944 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:02:06.0439 4944 BFE - ok
23:02:06.0599 4944 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:02:06.0639 4944 BITS - ok
23:02:06.0739 4944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:02:06.0749 4944 blbdrive - ok
23:02:06.0869 4944 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:02:06.0889 4944 Bonjour Service - ok
23:02:06.0919 4944 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:02:06.0929 4944 bowser - ok
23:02:06.0949 4944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:02:06.0959 4944 BrFiltLo - ok
23:02:06.0989 4944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:02:07.0009 4944 BrFiltUp - ok
23:02:07.0039 4944 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:02:07.0079 4944 BridgeMP - ok
23:02:07.0119 4944 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:02:07.0169 4944 Browser - ok
23:02:07.0219 4944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:02:07.0239 4944 Brserid - ok
23:02:07.0249 4944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:02:07.0269 4944 BrSerWdm - ok
23:02:07.0299 4944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:02:07.0319 4944 BrUsbMdm - ok
23:02:07.0329 4944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:02:07.0339 4944 BrUsbSer - ok
23:02:07.0359 4944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:02:07.0379 4944 BTHMODEM - ok
23:02:07.0489 4944 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:02:07.0519 4944 bthserv - ok
23:02:07.0569 4944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:02:07.0609 4944 cdfs - ok
23:02:07.0719 4944 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:02:07.0739 4944 cdrom - ok
23:02:07.0799 4944 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:02:07.0829 4944 CertPropSvc - ok
23:02:07.0839 4944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:02:07.0859 4944 circlass - ok
23:02:08.0249 4944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:02:08.0279 4944 CLFS - ok
23:02:08.0459 4944 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:02:08.0469 4944 clr_optimization_v2.0.50727_32 - ok
23:02:08.0589 4944 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:02:08.0599 4944 clr_optimization_v2.0.50727_64 - ok
23:02:08.0890 4944 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:02:08.0900 4944 clr_optimization_v4.0.30319_32 - ok
23:02:09.0160 4944 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:02:09.0170 4944 clr_optimization_v4.0.30319_64 - ok
23:02:09.0240 4944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:02:09.0260 4944 CmBatt - ok
23:02:09.0350 4944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:02:09.0360 4944 cmdide - ok
23:02:09.0880 4944 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:02:09.0910 4944 CNG - ok
23:02:09.0960 4944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:02:09.0970 4944 Compbatt - ok
23:02:10.0010 4944 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:02:10.0020 4944 CompositeBus - ok
23:02:10.0020 4944 COMSysApp - ok
23:02:10.0490 4944 cpuz132 - ok
23:02:10.0520 4944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:02:10.0540 4944 crcdisk - ok
23:02:10.0710 4944 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:02:10.0750 4944 CryptSvc - ok
23:02:10.0940 4944 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:02:10.0980 4944 DcomLaunch - ok
23:02:11.0010 4944 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:02:11.0050 4944 defragsvc - ok
23:02:11.0080 4944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:02:11.0110 4944 DfsC - ok
23:02:11.0160 4944 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:02:11.0190 4944 Dhcp - ok
23:02:11.0210 4944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:02:11.0250 4944 discache - ok
23:02:11.0270 4944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:02:11.0280 4944 Disk - ok
23:02:11.0310 4944 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:02:11.0320 4944 Dnscache - ok
23:02:11.0560 4944 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
23:02:11.0570 4944 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
23:02:11.0570 4944 DockLoginService - detected UnsignedFile.Multi.Generic (1)
23:02:11.0911 4944 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:02:11.0951 4944 dot3svc - ok
23:02:12.0101 4944 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:02:12.0131 4944 DPS - ok
23:02:12.0151 4944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:02:12.0171 4944 drmkaud - ok
23:02:12.0631 4944 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
23:02:12.0641 4944 DrvAgent64 - ok
23:02:13.0361 4944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:02:13.0391 4944 DXGKrnl - ok
23:02:13.0391 4944 EagleX64 - ok
23:02:13.0421 4944 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:02:13.0451 4944 EapHost - ok
23:02:13.0531 4944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:02:13.0581 4944 ebdrv - ok
23:02:13.0671 4944 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:02:13.0681 4944 EFS - ok
23:02:13.0731 4944 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:02:13.0751 4944 ehRecvr - ok
23:02:13.0771 4944 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:02:13.0781 4944 ehSched - ok
23:02:13.0821 4944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:02:13.0841 4944 elxstor - ok
23:02:13.0871 4944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:02:13.0881 4944 ErrDev - ok
23:02:13.0931 4944 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:02:13.0961 4944 EventSystem - ok
23:02:13.0981 4944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:02:14.0021 4944 exfat - ok
23:02:14.0031 4944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:02:14.0071 4944 fastfat - ok
23:02:14.0111 4944 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:02:14.0131 4944 Fax - ok
23:02:14.0151 4944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:02:14.0161 4944 fdc - ok
23:02:14.0171 4944 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:02:14.0201 4944 fdPHost - ok
23:02:14.0211 4944 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:02:14.0241 4944 FDResPub - ok
23:02:14.0251 4944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:02:14.0271 4944 FileInfo - ok
23:02:14.0281 4944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:02:14.0311 4944 Filetrace - ok
23:02:14.0381 4944 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:02:14.0401 4944 FLEXnet Licensing Service - ok
23:02:14.0411 4944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:02:14.0431 4944 flpydisk - ok
23:02:14.0461 4944 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:02:14.0471 4944 FltMgr - ok
23:02:14.0531 4944 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:02:14.0561 4944 FontCache - ok
23:02:14.0691 4944 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:02:14.0701 4944 FontCache3.0.0.0 - ok
23:02:14.0741 4944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:02:14.0751 4944 FsDepends - ok
23:02:14.0781 4944 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
23:02:14.0791 4944 fssfltr - ok
23:02:14.0901 4944 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:02:14.0931 4944 fsssvc - ok
23:02:14.0991 4944 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:02:15.0011 4944 Fs_Rec - ok
23:02:15.0041 4944 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:02:15.0061 4944 fvevol - ok
23:02:15.0091 4944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:02:15.0101 4944 gagp30kx - ok
23:02:15.0141 4944 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:02:15.0151 4944 GEARAspiWDM - ok
23:02:15.0201 4944 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
23:02:15.0211 4944 GoToAssist - ok
23:02:15.0241 4944 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:02:15.0291 4944 gpsvc - ok
23:02:15.0301 4944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:02:15.0321 4944 hcw85cir - ok
23:02:15.0351 4944 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:02:15.0371 4944 HdAudAddService - ok
23:02:15.0401 4944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:02:15.0421 4944 HDAudBus - ok
23:02:15.0431 4944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:02:15.0441 4944 HidBatt - ok
23:02:15.0451 4944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:02:15.0471 4944 HidBth - ok
23:02:15.0481 4944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:02:15.0501 4944 HidIr - ok
23:02:15.0511 4944 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:02:15.0551 4944 hidserv - ok
23:02:15.0561 4944 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:02:15.0581 4944 HidUsb - ok
23:02:15.0601 4944 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:02:15.0641 4944 hkmsvc - ok
23:02:15.0671 4944 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:02:15.0691 4944 HomeGroupListener - ok
23:02:15.0751 4944 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:02:15.0761 4944 HomeGroupProvider - ok
23:02:15.0781 4944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:02:15.0791 4944 HpSAMD - ok
23:02:15.0831 4944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:02:15.0871 4944 HTTP - ok
23:02:15.0902 4944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:02:15.0912 4944 hwpolicy - ok
23:02:15.0932 4944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:02:15.0942 4944 i8042prt - ok
23:02:16.0002 4944 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:02:16.0022 4944 IAANTMON - ok
23:02:16.0052 4944 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
23:02:16.0072 4944 iaStor - ok
23:02:16.0102 4944 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:02:16.0122 4944 iaStorV - ok
23:02:16.0212 4944 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:02:16.0232 4944 idsvc - ok
23:02:16.0532 4944 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:02:16.0652 4944 igfx - ok
23:02:16.0722 4944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:02:16.0732 4944 iirsp - ok
23:02:16.0772 4944 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:02:16.0812 4944 IKEEXT - ok
23:02:16.0892 4944 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
23:02:16.0936 4944 IntcAzAudAddService - ok
23:02:16.0986 4944 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
23:02:16.0996 4944 IntcHdmiAddService - ok
23:02:17.0026 4944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:02:17.0036 4944 intelide - ok
23:02:17.0066 4944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:02:17.0076 4944 intelppm - ok
23:02:17.0106 4944 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:02:17.0136 4944 IPBusEnum - ok
23:02:17.0166 4944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:02:17.0206 4944 IpFilterDriver - ok
23:02:17.0226 4944 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:02:17.0266 4944 iphlpsvc - ok
23:02:17.0296 4944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:02:17.0306 4944 IPMIDRV - ok
23:02:17.0316 4944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:02:17.0356 4944 IPNAT - ok
23:02:17.0416 4944 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
23:02:17.0436 4944 iPod Service - ok
23:02:17.0446 4944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:02:17.0466 4944 IRENUM - ok
23:02:17.0476 4944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:02:17.0486 4944 isapnp - ok
23:02:17.0516 4944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:02:17.0526 4944 iScsiPrt - ok
23:02:17.0536 4944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:02:17.0556 4944 kbdclass - ok
23:02:17.0566 4944 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:02:17.0576 4944 kbdhid - ok
23:02:17.0606 4944 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:17.0626 4944 KeyIso - ok
23:02:17.0676 4944 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:02:17.0696 4944 KSecDD - ok
23:02:17.0706 4944 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:02:17.0716 4944 KSecPkg - ok
23:02:17.0736 4944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:02:17.0776 4944 ksthunk - ok
23:02:17.0806 4944 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:02:17.0846 4944 KtmRm - ok
23:02:17.0876 4944 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:02:17.0916 4944 LanmanServer - ok
23:02:17.0946 4944 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:02:17.0986 4944 LanmanWorkstation - ok
23:02:18.0016 4944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:02:18.0046 4944 lltdio - ok
23:02:18.0066 4944 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:02:18.0106 4944 lltdsvc - ok
23:02:18.0116 4944 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:02:18.0156 4944 lmhosts - ok
23:02:18.0176 4944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:02:18.0186 4944 LSI_FC - ok
23:02:18.0196 4944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:02:18.0206 4944 LSI_SAS - ok
23:02:18.0226 4944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:02:18.0236 4944 LSI_SAS2 - ok
23:02:18.0246 4944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:02:18.0256 4944 LSI_SCSI - ok
23:02:18.0276 4944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:02:18.0306 4944 luafv - ok
23:02:18.0316 4944 lxbt_device - ok
23:02:18.0346 4944 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:02:18.0356 4944 MBAMProtector - ok
23:02:18.0436 4944 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:02:18.0456 4944 MBAMService - ok
23:02:18.0486 4944 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:02:18.0516 4944 Mcx2Svc - ok
23:02:18.0536 4944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:02:18.0556 4944 megasas - ok
23:02:18.0576 4944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:02:18.0596 4944 MegaSR - ok
23:02:18.0636 4944 Mkd2Bthf (3df67247d8377700089d0b06f4f7adaf) C:\Windows\system32\drivers\Mkd2Bthf.sys
23:02:18.0656 4944 Mkd2Bthf - ok
23:02:18.0666 4944 Mkd2Nadr (3d88563086e2a2dc31ba9adb47ddb349) C:\Windows\system32\drivers\Mkd2Nadr.sys
23:02:18.0686 4944 Mkd2Nadr - ok
23:02:18.0696 4944 Mkd3kfNt (8712da9a8b621001e7029e1f73ff2d09) C:\Windows\system32\drivers\Mkd3kfNt.sys
23:02:18.0726 4944 Mkd3kfNt - ok
23:02:18.0746 4944 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:02:18.0796 4944 MMCSS - ok
23:02:18.0816 4944 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:02:18.0846 4944 Modem - ok
23:02:18.0876 4944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:02:18.0886 4944 monitor - ok
23:02:18.0916 4944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:02:18.0926 4944 mouclass - ok
23:02:18.0946 4944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:02:18.0966 4944 mouhid - ok
23:02:18.0996 4944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:02:19.0016 4944 mountmgr - ok
23:02:19.0076 4944 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:02:19.0086 4944 MozillaMaintenance - ok
23:02:19.0096 4944 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:02:19.0106 4944 mpio - ok
23:02:19.0126 4944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:02:19.0156 4944 mpsdrv - ok
23:02:19.0206 4944 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:02:19.0246 4944 MpsSvc - ok
23:02:19.0276 4944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:02:19.0296 4944 MRxDAV - ok
23:02:19.0326 4944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:02:19.0336 4944 mrxsmb - ok
23:02:19.0366 4944 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:02:19.0386 4944 mrxsmb10 - ok
23:02:19.0396 4944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:02:19.0416 4944 mrxsmb20 - ok
23:02:19.0446 4944 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:02:19.0456 4944 msahci - ok
23:02:19.0486 4944 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:02:19.0496 4944 msdsm - ok
23:02:19.0536 4944 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:02:19.0556 4944 MSDTC - ok
23:02:19.0606 4944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:02:19.0656 4944 Msfs - ok
23:02:19.0666 4944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:02:19.0706 4944 mshidkmdf - ok
23:02:19.0716 4944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:02:19.0726 4944 msisadrv - ok
23:02:19.0756 4944 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:02:19.0806 4944 MSiSCSI - ok
23:02:19.0816 4944 msiserver - ok
23:02:19.0846 4944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:02:19.0876 4944 MSKSSRV - ok
23:02:19.0886 4944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:02:19.0926 4944 MSPCLOCK - ok
23:02:19.0936 4944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:02:19.0966 4944 MSPQM - ok
23:02:20.0016 4944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:02:20.0026 4944 MsRPC - ok
23:02:20.0056 4944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:02:20.0066 4944 mssmbios - ok
23:02:20.0086 4944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:02:20.0116 4944 MSTEE - ok
23:02:20.0126 4944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:02:20.0146 4944 MTConfig - ok
23:02:20.0156 4944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:02:20.0166 4944 Mup - ok
23:02:20.0186 4944 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:02:20.0226 4944 napagent - ok
23:02:20.0246 4944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:02:20.0266 4944 NativeWifiP - ok
23:02:20.0296 4944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:02:20.0316 4944 NDIS - ok
23:02:20.0336 4944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:02:20.0366 4944 NdisCap - ok
23:02:20.0386 4944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:02:20.0416 4944 NdisTapi - ok
23:02:20.0446 4944 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:02:20.0486 4944 Ndisuio - ok
23:02:20.0516 4944 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:02:20.0556 4944 NdisWan - ok
23:02:20.0576 4944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:02:20.0616 4944 NDProxy - ok
23:02:20.0616 4944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:02:20.0656 4944 NetBIOS - ok
23:02:20.0666 4944 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:02:20.0706 4944 NetBT - ok
23:02:20.0736 4944 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:20.0756 4944 Netlogon - ok
23:02:20.0796 4944 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:02:20.0836 4944 Netman - ok
23:02:20.0906 4944 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:20.0916 4944 NetMsmqActivator - ok
23:02:20.0916 4944 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:20.0936 4944 NetPipeActivator - ok
23:02:20.0966 4944 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:02:21.0006 4944 netprofm - ok
23:02:21.0056 4944 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
23:02:21.0076 4944 netr7364 - ok
23:02:21.0086 4944 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:21.0106 4944 NetTcpActivator - ok
23:02:21.0106 4944 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:21.0116 4944 NetTcpPortSharing - ok
23:02:21.0136 4944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:02:21.0156 4944 nfrd960 - ok
23:02:21.0176 4944 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:02:21.0226 4944 NlaSvc - ok
23:02:21.0236 4944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:02:21.0276 4944 Npfs - ok
23:02:21.0286 4944 npggsvc - ok
23:02:21.0286 4944 NPPTNT2 - ok
23:02:21.0316 4944 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:02:21.0346 4944 nsi - ok
23:02:21.0366 4944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:02:21.0396 4944 nsiproxy - ok
23:02:21.0456 4944 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:02:21.0486 4944 Ntfs - ok
23:02:21.0556 4944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:02:21.0586 4944 Null - ok
23:02:21.0616 4944 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:02:21.0626 4944 nvraid - ok
23:02:21.0636 4944 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:02:21.0656 4944 nvstor - ok
23:02:21.0666 4944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:02:21.0686 4944 nv_agp - ok
23:02:21.0696 4944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:02:21.0716 4944 ohci1394 - ok
23:02:21.0736 4944 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:02:21.0766 4944 p2pimsvc - ok
23:02:21.0796 4944 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:02:21.0826 4944 p2psvc - ok
23:02:21.0846 4944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:02:21.0876 4944 Parport - ok
23:02:21.0906 4944 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:02:21.0926 4944 partmgr - ok
23:02:21.0936 4944 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:02:21.0967 4944 PcaSvc - ok
23:02:22.0007 4944 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:02:22.0017 4944 pci - ok
23:02:22.0027 4944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:02:22.0047 4944 pciide - ok
23:02:22.0067 4944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:02:22.0077 4944 pcmcia - ok
23:02:22.0097 4944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:02:22.0117 4944 pcw - ok
23:02:22.0137 4944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:02:22.0177 4944 PEAUTH - ok
23:02:22.0237 4944 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:02:22.0257 4944 PerfHost - ok
23:02:22.0357 4944 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:02:22.0407 4944 pla - ok
23:02:22.0507 4944 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:02:22.0527 4944 PlugPlay - ok
23:02:22.0547 4944 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:02:22.0557 4944 PNRPAutoReg - ok
23:02:22.0577 4944 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:02:22.0597 4944 PNRPsvc - ok
23:02:22.0647 4944 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:02:22.0677 4944 PolicyAgent - ok
23:02:22.0707 4944 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:02:22.0757 4944 Power - ok
23:02:22.0797 4944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:02:22.0837 4944 PptpMiniport - ok
23:02:22.0857 4944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:02:22.0867 4944 Processor - ok
23:02:22.0907 4944 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:02:22.0947 4944 ProfSvc - ok
23:02:22.0977 4944 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:22.0997 4944 ProtectedStorage - ok
23:02:23.0027 4944 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:02:23.0067 4944 Psched - ok
23:02:23.0097 4944 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:02:23.0107 4944 PxHlpa64 - ok
23:02:23.0147 4944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:02:23.0177 4944 ql2300 - ok
23:02:23.0257 4944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:02:23.0267 4944 ql40xx - ok
23:02:23.0287 4944 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:02:23.0307 4944 QWAVE - ok
23:02:23.0317 4944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:02:23.0337 4944 QWAVEdrv - ok
23:02:23.0357 4944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:02:23.0387 4944 RasAcd - ok
23:02:23.0397 4944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:02:23.0437 4944 RasAgileVpn - ok
23:02:23.0447 4944 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:02:23.0487 4944 RasAuto - ok
23:02:23.0527 4944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:02:23.0557 4944 Rasl2tp - ok
23:02:23.0587 4944 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:02:23.0627 4944 RasMan - ok
23:02:23.0637 4944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:02:23.0677 4944 RasPppoe - ok
23:02:23.0697 4944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:02:23.0737 4944 RasSstp - ok
23:02:23.0767 4944 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:02:23.0807 4944 rdbss - ok
23:02:23.0827 4944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:02:23.0847 4944 rdpbus - ok
23:02:23.0857 4944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:02:23.0897 4944 RDPCDD - ok
23:02:23.0907 4944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:02:23.0947 4944 RDPENCDD - ok
23:02:23.0947 4944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:02:23.0987 4944 RDPREFMP - ok
23:02:24.0017 4944 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:02:24.0037 4944 RDPWD - ok
23:02:24.0077 4944 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:02:24.0087 4944 rdyboost - ok
23:02:24.0117 4944 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:02:24.0157 4944 RemoteAccess - ok
23:02:24.0177 4944 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:02:24.0217 4944 RemoteRegistry - ok
23:02:24.0227 4944 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:02:24.0267 4944 RpcEptMapper - ok
23:02:24.0297 4944 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:02:24.0317 4944 RpcLocator - ok
23:02:24.0367 4944 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:02:24.0407 4944 RpcSs - ok
23:02:24.0427 4944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:02:24.0467 4944 rspndr - ok
23:02:24.0507 4944 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:02:24.0537 4944 RTL8167 - ok
23:02:24.0567 4944 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:24.0577 4944 SamSs - ok
23:02:24.0647 4944 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:02:24.0657 4944 SASDIFSV - ok
23:02:24.0687 4944 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:02:24.0697 4944 SASKUTIL - ok
23:02:24.0727 4944 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:02:24.0737 4944 sbp2port - ok
23:02:24.0767 4944 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:02:24.0807 4944 SCardSvr - ok
23:02:24.0837 4944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:02:24.0877 4944 scfilter - ok
23:02:24.0927 4944 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:02:24.0977 4944 Schedule - ok
23:02:25.0007 4944 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:02:25.0037 4944 SCPolicySvc - ok
23:02:25.0057 4944 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:02:25.0077 4944 SDRSVC - ok
23:02:25.0157 4944 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:02:25.0177 4944 SeaPort - ok
23:02:25.0207 4944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:02:25.0237 4944 secdrv - ok
23:02:25.0267 4944 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:02:25.0317 4944 seclogon - ok
23:02:25.0347 4944 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:02:25.0387 4944 SENS - ok
23:02:25.0397 4944 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:02:25.0427 4944 SensrSvc - ok
23:02:25.0447 4944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:02:25.0457 4944 Serenum - ok
23:02:25.0477 4944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:02:25.0497 4944 Serial - ok
23:02:25.0517 4944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:02:25.0527 4944 sermouse - ok
23:02:25.0577 4944 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:02:25.0607 4944 SessionEnv - ok
23:02:25.0637 4944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:02:25.0647 4944 sffdisk - ok
23:02:25.0657 4944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:02:25.0677 4944 sffp_mmc - ok
23:02:25.0677 4944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:02:25.0697 4944 sffp_sd - ok
23:02:25.0717 4944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:02:25.0727 4944 sfloppy - ok
23:02:25.0797 4944 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:02:25.0827 4944 SftService - ok
23:02:25.0917 4944 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:02:25.0957 4944 SharedAccess - ok
23:02:25.0998 4944 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:02:26.0038 4944 ShellHWDetection - ok
23:02:26.0078 4944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:02:26.0088 4944 SiSRaid2 - ok
23:02:26.0098 4944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:02:26.0118 4944 SiSRaid4 - ok
23:02:26.0178 4944 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:02:26.0188 4944 SkypeUpdate - ok
23:02:26.0218 4944 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
23:02:26.0228 4944 SmartDefragDriver - ok
23:02:26.0258 4944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:02:26.0288 4944 Smb - ok
23:02:26.0318 4944 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:02:26.0338 4944 SNMPTRAP - ok
23:02:26.0368 4944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:02:26.0378 4944 spldr - ok
23:02:26.0408 4944 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:02:26.0448 4944 Spooler - ok
23:02:26.0548 4944 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:02:26.0618 4944 sppsvc - ok
23:02:26.0698 4944 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:02:26.0728 4944 sppuinotify - ok
23:02:26.0778 4944 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:02:26.0788 4944 srv - ok
23:02:26.0808 4944 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:02:26.0828 4944 srv2 - ok
23:02:26.0848 4944 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:02:26.0868 4944 srvnet - ok
23:02:26.0878 4944 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:02:26.0918 4944 SSDPSRV - ok
23:02:26.0928 4944 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:02:26.0958 4944 SstpSvc - ok
23:02:26.0978 4944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:02:26.0988 4944 stexstor - ok
23:02:27.0038 4944 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:02:27.0058 4944 stisvc - ok
23:02:27.0098 4944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:02:27.0118 4944 swenum - ok
23:02:27.0128 4944 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:02:27.0178 4944 swprv - ok
23:02:27.0238 4944 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:02:27.0278 4944 SysMain - ok
23:02:27.0348 4944 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:02:27.0368 4944 TabletInputService - ok
23:02:27.0388 4944 tap0901 (4ef44915e522f3ecd1a3ff540aa64126) C:\Windows\system32\DRIVERS\tap0901.sys
23:02:27.0408 4944 tap0901 - ok
23:02:27.0428 4944 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:02:27.0468 4944 TapiSrv - ok
23:02:27.0488 4944 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:02:27.0528 4944 TBS - ok
23:02:27.0598 4944 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:02:27.0628 4944 Tcpip - ok
23:02:27.0768 4944 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:02:27.0798 4944 TCPIP6 - ok
23:02:27.0868 4944 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:02:27.0908 4944 tcpipreg - ok
23:02:27.0948 4944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:02:27.0968 4944 TDPIPE - ok
23:02:27.0988 4944 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:02:28.0008 4944 TDTCP - ok
23:02:28.0038 4944 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:02:28.0078 4944 tdx - ok
23:02:28.0108 4944 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:02:28.0128 4944 TermDD - ok
23:02:28.0148 4944 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:02:28.0208 4944 TermService - ok
23:02:28.0238 4944 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:02:28.0258 4944 Themes - ok
23:02:28.0288 4944 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:02:28.0328 4944 THREADORDER - ok
23:02:28.0338 4944 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:02:28.0378 4944 TrkWks - ok
23:02:28.0418 4944 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:02:28.0458 4944 TrustedInstaller - ok
23:02:28.0498 4944 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:02:28.0538 4944 tssecsrv - ok
23:02:28.0568 4944 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:02:28.0588 4944 TsUsbFlt - ok
23:02:28.0618 4944 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:02:28.0648 4944 tunnel - ok
23:02:28.0678 4944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:02:28.0688 4944 uagp35 - ok
23:02:28.0728 4944 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:02:28.0758 4944 udfs - ok
23:02:28.0798 4944 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:02:28.0808 4944 UI0Detect - ok
23:02:28.0838 4944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:02:28.0858 4944 uliagpkx - ok
23:02:28.0888 4944 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:02:28.0908 4944 umbus - ok
23:02:28.0918 4944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:02:28.0928 4944 UmPass - ok
23:02:28.0948 4944 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:02:28.0998 4944 upnphost - ok
23:02:29.0048 4944 uqk (786526848586325c94de1b64dd4d82ff) C:\koramgame\STOnline\avital\wyqku64.sys
23:02:29.0068 4944 uqk - ok
23:02:29.0088 4944 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:02:29.0108 4944 USBAAPL64 - ok
23:02:29.0128 4944 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:02:29.0148 4944 usbaudio - ok
23:02:29.0168 4944 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:02:29.0188 4944 usbccgp - ok
23:02:29.0208 4944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:02:29.0228 4944 usbcir - ok
23:02:29.0238 4944 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:02:29.0248 4944 usbehci - ok
23:02:29.0268 4944 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:02:29.0288 4944 usbhub - ok
23:02:29.0308 4944 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:02:29.0318 4944 usbohci - ok
23:02:29.0338 4944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:02:29.0358 4944 usbprint - ok
23:02:29.0378 4944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:02:29.0398 4944 usbscan - ok
23:02:29.0418 4944 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:02:29.0428 4944 USBSTOR - ok
23:02:29.0438 4944 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:02:29.0458 4944 usbuhci - ok
23:02:29.0468 4944 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:02:29.0508 4944 UxSms - ok
23:02:29.0538 4944 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:29.0558 4944 VaultSvc - ok
23:02:29.0608 4944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:02:29.0618 4944 vdrvroot - ok
23:02:29.0658 4944 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:02:29.0698 4944 vds - ok
23:02:29.0718 4944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:02:29.0738 4944 vga - ok
23:02:29.0748 4944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:02:29.0788 4944 VgaSave - ok
23:02:29.0818 4944 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:02:29.0828 4944 vhdmp - ok
23:02:29.0848 4944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:02:29.0858 4944 viaide - ok
23:02:29.0868 4944 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:02:29.0878 4944 volmgr - ok
23:02:29.0918 4944 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:02:29.0928 4944 volmgrx - ok
23:02:29.0948 4944 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:02:29.0958 4944 volsnap - ok
23:02:29.0978 4944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:02:29.0998 4944 vsmraid - ok
23:02:30.0058 4944 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:02:30.0118 4944 VSS - ok
23:02:30.0228 4944 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
23:02:30.0258 4944 vToolbarUpdater11.1.0 - ok
23:02:30.0328 4944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:02:30.0348 4944 vwifibus - ok
23:02:30.0358 4944 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:02:30.0388 4944 vwififlt - ok
23:02:30.0418 4944 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:02:30.0468 4944 W32Time - ok
23:02:30.0498 4944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:02:30.0508 4944 WacomPen - ok
23:02:30.0538 4944 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:30.0578 4944 WANARP - ok
23:02:30.0578 4944 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:30.0618 4944 Wanarpv6 - ok
23:02:30.0678 4944 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:02:30.0698 4944 WatAdminSvc - ok
23:02:30.0768 4944 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:02:30.0808 4944 wbengine - ok
23:02:30.0878 4944 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:02:30.0898 4944 WbioSrvc - ok
23:02:30.0948 4944 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:02:30.0978 4944 wcncsvc - ok
23:02:30.0998 4944 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:02:31.0018 4944 WcsPlugInService - ok
23:02:31.0048 4944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:02:31.0058 4944 Wd - ok
23:02:31.0078 4944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:02:31.0098 4944 Wdf01000 - ok
23:02:31.0108 4944 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:02:31.0138 4944 WdiServiceHost - ok
23:02:31.0138 4944 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:02:31.0168 4944 WdiSystemHost - ok
23:02:31.0198 4944 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:02:31.0228 4944 WebClient - ok
23:02:31.0238 4944 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:02:31.0288 4944 Wecsvc - ok
23:02:31.0298 4944 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:02:31.0338 4944 wercplsupport - ok
23:02:31.0348 4944 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:02:31.0398 4944 WerSvc - ok
23:02:31.0438 4944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:02:31.0478 4944 WfpLwf - ok
23:02:31.0498 4944 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
23:02:31.0518 4944 WimFltr - ok
23:02:31.0528 4944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:02:31.0538 4944 WIMMount - ok
23:02:31.0568 4944 WinDefend - ok
23:02:31.0578 4944 WinHttpAutoProxySvc - ok
23:02:31.0618 4944 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:02:31.0658 4944 Winmgmt - ok
23:02:31.0738 4944 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:02:31.0798 4944 WinRM - ok
23:02:31.0868 4944 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:02:31.0888 4944 WinUsb - ok
23:02:31.0938 4944 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:02:31.0968 4944 Wlansvc - ok
23:02:32.0119 4944 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:02:32.0169 4944 wlidsvc - ok
23:02:32.0239 4944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:02:32.0249 4944 WmiAcpi - ok
23:02:32.0289 4944 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:02:32.0309 4944 wmiApSrv - ok
23:02:32.0339 4944 WMPNetworkSvc - ok
23:02:32.0369 4944 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:02:32.0379 4944 WPCSvc - ok
23:02:32.0409 4944 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:02:32.0429 4944 WPDBusEnum - ok
23:02:32.0449 4944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:02:32.0489 4944 ws2ifsl - ok
23:02:32.0499 4944 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:02:32.0529 4944 wscsvc - ok
23:02:32.0529 4944 WSearch - ok
23:02:32.0589 4944 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:02:32.0649 4944 wuauserv - ok
23:02:32.0719 4944 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:02:32.0759 4944 WudfPf - ok
23:02:32.0769 4944 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:02:32.0809 4944 WUDFRd - ok
23:02:32.0829 4944 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:02:32.0869 4944 wudfsvc - ok
23:02:32.0889 4944 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:02:32.0909 4944 WwanSvc - ok
23:02:32.0969 4944 X6va005 - ok
23:02:32.0999 4944 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
23:02:33.0009 4944 xusb21 - ok
23:02:33.0039 4944 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
23:02:33.0239 4944 \Device\Harddisk0\DR0 - ok
23:02:33.0249 4944 Boot (0x1200) (847126097afbb027ab722a82ca08c5c1) \Device\Harddisk0\DR0\Partition0
23:02:33.0249 4944 \Device\Harddisk0\DR0\Partition0 - ok
23:02:33.0279 4944 Boot (0x1200) (8a41df8a92b9f047acdf0c1395ca961b) \Device\Harddisk0\DR0\Partition1
23:02:33.0279 4944 \Device\Harddisk0\DR0\Partition1 - ok
23:02:33.0289 4944 ============================================================
23:02:33.0289 4944 Scan finished
23:02:33.0289 4944 ============================================================
23:02:33.0299 7364 Detected object count: 2
23:02:33.0299 7364 Actual detected object count: 2
23:02:56.0975 7364 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
23:02:56.0975 7364 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
23:02:56.0985 7364 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:56.0985 7364 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:47.0152 1260 Deinitialize success

Edited by trips487, 12 June 2012 - 10:11 PM.

  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi trips487,

System seems fine now and I haven't received any emails about someone trying to get into my hotmail account anymore.

Good.

So I think things are fixed now but unsure.

That's what we are gonna make sure of. The last OTL log looks good, but we need to do a sweep for malware remanents. Then we should be ready to clean up and finish up. I know the process is involved but we want to be sure your system is at it best before we call it clear.


Step-1.

Scan with MalwareBytes

Please open MalwareBytes
  • Click the Update tab and update the definition files.
  • Click the Scanner tab and click the radio button next to Perform full scan, then click the Scan button to start the scan.
    • This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan.
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-4.

Things For Your Next Post:
1. The MalwareBytes log
2. The ESET scan log
3. The checkup.txt log
4. How is th computer running now?
  • 0

#9
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
I tried using malewarebytes but it freezes during 1 min through the scan. It is scanning something called mapleinstall.exe. Which I believe is used for a game I play so I don't think it is anything bad. My virus scan keeps saying it is a threat though and I am unable to continue with the scan. How do i finish this? I can't quarentee or ignore it. Also as I stated before I am unsure if it is a false positive or not. It won't move to the vault bc it is bigger than 5mb so I am guessing that it is not a virus.
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi trips487,

It's better to be safe than sorry. Let's have the file scanned and see what comes back. If it is clean we can have the MalwareBytes scan ignore it.

First I need to get the path to the file. Please run the following custom scan.


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
%SYSTEMDRIVE%\mapleinstall.exe /s /md5

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside the greyed out None button at the top of the console<---Important
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Step-2.

Things For Your Next Post:
1. The OTL.txt log
  • 0

Advertisements


#11
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
My avg keeps saying multiple threats. Also sometimes my adobe flash crashes when i use the net and I have to reload the pages.

OTL log:

OTL logfile created on: 6/16/2012 11:30:04 AM - Run 3
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Jfarelas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 46.57% Memory free
8.00 Gb Paging File | 5.25 Gb Available in Paging File | 65.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 312.42 Gb Free Space | 69.26% Space Free | Partition Type: NTFS

Computer Name: JFARELAS-PC | User Name: Jfarelas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 12:43:33 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
PRC - [2012/06/12 22:39:49 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/06/12 15:59:40 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/12 15:59:39 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/07 20:02:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
PRC - [2012/06/06 11:06:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/24 16:20:51 | 001,241,184 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 12:43:33 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
MOD - [2012/06/14 03:39:38 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 03:39:26 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:39:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:39:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 03:39:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/14 03:17:51 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cf4a1974ba92ad5b529dbac4d64ac1b1\PresentationFramework.ni.dll
MOD - [2012/06/14 03:17:34 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7543829e8e0da7c1085e144bb4f67e2a\PresentationCore.ni.dll
MOD - [2012/06/14 03:17:24 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\533f500d28764cf9572b01da335e7924\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:17:15 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ea4d09dbd07c463c45677b7472deaade\WindowsBase.ni.dll
MOD - [2012/06/14 03:17:13 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a18c63aa7c778f642abc7bd8863d6995\System.Drawing.ni.dll
MOD - [2012/06/12 22:39:49 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/06/12 15:59:40 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/12 15:59:39 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/06 11:06:17 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 04:14:49 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\03a9076d9e3227158a640d848d049c56\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 04:14:49 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\03a9076d9e3227158a640d848d049c56\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/12 04:14:48 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\fcc62ec7a36ef8e7e0280a60b776d2dd\System.Transactions.ni.dll
MOD - [2012/05/12 04:14:46 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3dbd14ea8c96ea733b74f353012d2528\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 04:14:43 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0976badb1d68c7fd624071301f6e6322\System.Xaml.ni.dll
MOD - [2012/05/12 04:13:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 03:55:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:37:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:36:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:35:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:35:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:35:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:35:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/12 03:10:00 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fe2c1e0cc2c863fd945f5b74693b305d\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:07:16 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b971df815fef08c0cd7487718bb6c2d\System.Data.ni.dll
MOD - [2012/05/12 03:06:58 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\027f61d88923740874065514da631bac\System.Configuration.ni.dll
MOD - [2012/05/12 03:06:57 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4ab356ceb37257c9189408a62d32a3a5\System.Core.ni.dll
MOD - [2012/05/12 03:06:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7d69938d04ab511408af2c6977070361\System.Xml.ni.dll
MOD - [2012/05/12 03:06:49 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\7b437804cd31ddf1a1b31c729417897e\System.ni.dll
MOD - [2012/05/12 03:06:44 | 014,413,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\9fb648b8e8a2832206a9332b19a797a0\mscorlib.ni.dll
MOD - [2012/02/09 13:38:27 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/12 22:53:36 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/05/03 03:49:48 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbtcoms.exe -- (lxbt_device)
SRV - [2012/06/12 22:39:49 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/12 15:59:40 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/06 11:06:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/22 22:35:24 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/06/07 09:08:00 | 004,825,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/09 19:57:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/09 19:46:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/03 03:48:52 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/28 00:12:00 | 000,182,872 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2011/09/28 00:12:00 | 000,107,096 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2011/09/28 00:12:00 | 000,097,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/06/13 01:25:33 | 000,089,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys -- (usj)
DRV - [2012/05/11 23:24:58 | 000,050,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\koramgame\STOnline\avital\wyqku64.sys -- (uqk)
DRV - [2012/04/15 17:58:18 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/30 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}
IE:64bit: - HKLM\..\SearchScopes\{0E63A738-CFC5-44B1-8187-CED0C8ABFC4D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{E9C1531F-6396-405E-91A3-C7E6260BBC9E}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...DT3&ocid=bdtdhp
IE - HKCU\..\SearchScopes,DefaultScope = {2FD59BD9-496D-43F8-9121-9E4CEEE174BB}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKCU\..\SearchScopes\{2FD59BD9-496D-43F8-9121-9E4CEEE174BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8EA94DB3-7D8A-42FF-BFF7-5005AE386A83}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-04-19 02:11:51&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B93A2DEA-4568-406F-83EF-5FFC71D8FACD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll File not found
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jfarelas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Jfarelas\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\OpinionSquare
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/23 01:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 09:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/12 15:59:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/07 19:37:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 08:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 22:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 11:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 22:42:53 | 000,000,000 | ---D | M]

[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions
[2011/02/19 02:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/17 20:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions
[2012/03/25 12:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\klvv2ehc.default\extensions\staged
[2012/06/12 22:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jfarelas\AppData\Roaming\Mozilla\Firefox\Profiles\sgjxpb9b.default\extensions
[2012/06/12 22:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/31 15:23:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/12 22:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/06 11:06:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/12 15:59:39 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: YouTube = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: AVG Safe Search = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Skype Click to Call = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Default Profile = C:\Users\Jfarelas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/04/19 01:37:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jfarelas\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXBTCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXBTtime.DLL ()
O4:64bit: - HKLM..\Run: [lxbtmon.exe] c:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jfarelas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jfarelas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://platform.nex...nlab/aosmgr.cab (Aosmgr Control)
O16 - DPF: {0D8004AA-A1CB-4F92-BBEB-0A824B1EE2A2} http://ws.nopp.co.kr.../HGLauncher.cab (HGLauncher Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://d1ylr6sba64qi...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54DAE659-3733-41D7-A1AB-9628E6A64F76}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1E5918D-296B-48BD-92FD-B4B9653DB506}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 23:38:25 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{B3755883-CE70-484A-B173-9AD30B4D6411}
[2012/06/15 11:37:49 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{953BA2B1-60A0-49A2-A199-497B659D6549}
[2012/06/14 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/14 10:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{36825400-A54D-42FE-BAA3-DA50500040C4}
[2012/06/14 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{67ADE2D6-29FD-4029-B7A4-30B5F45CAA31}
[2012/06/14 03:01:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 03:01:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 03:01:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 03:01:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 03:01:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 03:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 03:01:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 03:01:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 03:00:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 03:00:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 03:00:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 03:00:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 03:00:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6507B948-1316-4E9F-91FF-2CCEA2B12FF8}
[2012/06/13 20:45:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 20:45:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 20:45:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 20:45:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 20:45:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 20:45:29 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 20:45:22 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 20:45:14 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 20:45:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 10:34:59 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{47509263-A0B9-4661-AE06-1DC59A74686C}
[2012/06/13 10:34:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F0E50402-1C84-451C-9945-9CAE27279724}
[2012/06/13 01:32:46 | 002,562,968 | ---- | C] (X-LEGEND ENTERTAINMENT) -- C:\Users\Jfarelas\Desktop\_Launcher.exe
[2012/06/13 01:06:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\Aeria Games
[2012/06/13 01:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/06/13 01:04:25 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/06/13 01:00:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/06/13 01:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/06/13 01:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/06/13 00:37:00 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012/06/12 22:55:59 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jfarelas\Desktop\tdsskiller.exe
[2012/06/12 22:52:57 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/12 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/12 22:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2012/06/12 22:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/12 22:46:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/12 22:42:53 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/12 22:42:53 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/12 22:42:53 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/12 22:42:53 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/12 22:42:05 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\Macromedia
[2012/06/12 21:09:37 | 2187,711,060 | ---- | C] (Nexon) -- C:\Users\Jfarelas\Desktop\DragonNestSetupV87.exe
[2012/06/12 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{879B375B-76D2-4BCF-A750-2C6362AAC1AA}
[2012/06/12 13:49:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F38075C4-755B-4945-9FE2-C4B959CB06EB}
[2012/06/12 01:49:10 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{CDE01672-AB16-404D-94F9-BABA9B029B16}
[2012/06/11 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{B22A30F3-97BC-4020-82C2-BCA87B75FD44}
[2012/06/11 01:47:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{97A1847C-17A8-447E-B805-49AAE721E75E}
[2012/06/10 13:47:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{54A231D3-1833-49FB-AEAE-2E9FAE0A6E09}
[2012/06/10 13:13:03 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\jagexcache1
[2012/06/10 02:01:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\jagexcache
[2012/06/10 01:46:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{AE08D22F-4B06-449A-99D0-F559C0C172B9}
[2012/06/09 13:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{EC4ACC1C-EAC4-44C0-9A8F-020B0503D52C}
[2012/06/09 01:45:35 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A3912A14-D8D5-40E1-A614-AB4AC2E1AEB3}
[2012/06/08 13:45:00 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1BEE29DC-3BD3-4095-98EB-B6446EE8391E}
[2012/06/08 13:44:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{4BC779EF-3C33-4906-8EBF-06D9C9A7AD37}
[2012/06/07 20:17:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jfarelas\Desktop\aswMBR.exe
[2012/06/07 20:02:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
[2012/06/07 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{31BCD908-4BE3-4D8B-9663-2DD32C4B5496}
[2012/06/07 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{395A9878-6821-428C-916C-4D7CF585B8A5}
[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/07 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/06 14:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{71D820C1-925E-47E7-8F50-39E8B671D688}
[2012/06/06 02:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{092610F6-1F2B-459D-A766-4979F5B0346F}
[2012/06/05 14:37:50 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6AF2E6FF-FF4F-4403-BFB5-7D3FC8014B53}
[2012/06/05 02:37:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{BEB2DB6B-FEA3-4E71-B5E7-3A6C35D735BC}
[2012/06/05 02:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePresenter
[2012/06/05 02:18:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Documents\ActivePresenter
[2012/06/05 02:15:24 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\ActivePresenter
[2012/06/05 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
[2012/06/05 02:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATOMI
[2012/06/04 14:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F8792848-E99F-4198-8156-911F26117FD9}
[2012/06/04 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8CF08B7E-3901-4ABA-B079-8770256A4543}
[2012/06/01 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{52190482-4EF8-493E-B2EE-3BDF7B852BD9}
[2012/06/01 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{189A5844-CF7C-4BBD-953D-E35B7E4EDBC6}
[2012/05/31 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6B954DF5-6F6D-4993-A986-C45AB1F2D045}
[2012/05/31 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A66EC326-F778-4578-9CA3-0C497D705D8B}
[2012/05/30 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{C23CED9B-2698-4B95-8AC8-256A9CD74101}
[2012/05/30 23:34:14 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5EEECD08-319C-4094-B2A4-AD504B8648EF}
[2012/05/30 11:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DEB1D29D-DC38-496B-9312-29371698663B}
[2012/05/29 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{99E81964-443D-40F0-B92F-802651B00559}
[2012/05/29 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E0E878E0-4D68-422D-85E9-73251292B42A}
[2012/05/29 09:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/28 23:32:01 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{2C35C83E-9D37-471C-8F37-952C9F9A95A0}
[2012/05/28 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{F5499DB7-E977-42D3-A99F-B3E29658B35D}
[2012/05/28 11:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0B34E010-9EB1-414D-A79D-EC280DC9E40F}
[2012/05/27 10:42:02 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\GMSMultipleMaplesV1.10c
[2012/05/27 00:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{5CE92C9D-E30F-4A2F-B34A-46B9C89B9512}
[2012/05/26 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{36735765-409E-4864-AEA6-0C15B0861980}
[2012/05/26 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{058E7D71-AB2C-4E03-AC3C-D489FC11ACF6}
[2012/05/25 12:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{6BBF92EF-A51A-43A8-87D0-B6A30F854DB2}
[2012/05/25 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{517926A8-4E16-40B2-9087-213396ACFE15}
[2012/05/25 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{916E1D77-B819-4437-9E2D-2FA0BEE7BACA}
[2012/05/25 00:11:42 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{D58744F2-9BCD-49AF-B02E-B2076250EC60}
[2012/05/24 19:37:08 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\Desktop\MapleStory
[2012/05/24 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{8E9F16AB-214E-4D7B-BA69-B5ED85E7E46A}
[2012/05/24 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{7A0C6C71-E7CC-489E-B0B6-12FF98E4BE15}
[2012/05/24 12:10:34 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A4D2BABD-130D-4C91-99FB-368C4C96B44D}
[2012/05/24 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{1F3A4A5E-4883-449C-BFD8-A21ECD293073}
[2012/05/23 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{A22781F7-3F9B-4DDD-B909-B0F0F2F4667F}
[2012/05/23 00:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{41AF81D1-C665-413C-AB30-FC3E3A55C42D}
[2012/05/22 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Unity
[2012/05/22 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{DFAE591B-827A-4E9D-A640-6F60BE2776D5}
[2012/05/22 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{0C0D609B-3186-4B12-ACF5-F9A1D783E6D9}
[2012/05/22 00:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E857EED4-9F70-4941-B875-D4728033BC70}
[2012/05/20 02:32:12 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{E26020CC-4742-4756-9702-9C7D3E8CF760}
[2012/05/19 03:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{EF402122-C6B3-405D-85D2-E8E4BE98F231}
[2012/05/19 03:27:58 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Local\{4880D5C7-9620-4EC6-9638-397FC4CBC18C}
[2012/05/17 21:44:17 | 000,000,000 | ---D | C] -- C:\Users\Jfarelas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook

========== Files - Modified Within 30 Days ==========

[2012/06/16 11:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/16 09:43:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000UA.job
[2012/06/16 09:43:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3195389507-3672305450-632222044-1000Core.job
[2012/06/16 09:35:14 | 100,503,311 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/15 17:13:21 | 000,500,559 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/15 12:50:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:50:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:44:27 | 000,000,248 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2012/06/15 12:42:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 12:41:49 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 16:59:15 | 000,001,619 | ---- | M] () -- C:\Users\Jfarelas\Desktop\DivX Movies.lnk
[2012/06/14 16:59:12 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/06/14 03:35:56 | 004,903,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:15:51 | 000,784,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 03:15:51 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 03:15:51 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 01:04:28 | 000,001,698 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Eden Eternal.lnk
[2012/06/13 01:00:52 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/06/12 23:57:32 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
[2012/06/12 22:56:02 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jfarelas\Desktop\tdsskiller.exe
[2012/06/12 22:52:52 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/12 22:42:48 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/12 22:42:48 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/12 22:42:48 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/12 22:42:48 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/12 22:42:48 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/12 22:39:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/12 22:39:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/12 21:33:58 | 2187,711,060 | ---- | M] (Nexon) -- C:\Users\Jfarelas\Desktop\DragonNestSetupV87.exe
[2012/06/12 21:08:38 | 001,951,344 | ---- | M] () -- C:\Users\Jfarelas\Desktop\DragonNestDownloaderV87.exe
[2012/06/12 00:11:40 | 000,000,047 | ---- | M] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE.dat
[2012/06/10 13:14:43 | 000,000,048 | ---- | M] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE1.dat
[2012/06/07 20:46:14 | 000,000,512 | ---- | M] () -- C:\Users\Jfarelas\Desktop\MBR.dat
[2012/06/07 20:17:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jfarelas\Desktop\aswMBR.exe
[2012/06/07 20:02:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jfarelas\Desktop\OTL.exe
[2012/06/07 00:46:50 | 000,002,991 | ---- | M] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/05 15:01:19 | 012,674,048 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:31:34 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/05/31 23:14:06 | 000,000,989 | ---- | M] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/29 09:03:39 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | M] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/05/17 21:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/05/17 20:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/05/17 20:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/17 20:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/05/17 20:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/05/17 20:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/17 20:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/17 17:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/05/17 17:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/17 17:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/05/17 17:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/17 17:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/17 17:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

========== Files Created - No Company Name ==========

[2012/06/14 16:59:12 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/06/13 01:04:28 | 000,001,698 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Eden Eternal.lnk
[2012/06/13 01:00:52 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/06/12 23:57:32 | 000,000,175 | ---- | C] () -- C:\Users\Public\Desktop\DragonNest.url
[2012/06/12 22:52:52 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/12 22:51:24 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2012/06/12 21:08:36 | 001,951,344 | ---- | C] () -- C:\Users\Jfarelas\Desktop\DragonNestDownloaderV87.exe
[2012/06/10 13:13:03 | 000,000,048 | ---- | C] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE1.dat
[2012/06/10 02:01:41 | 000,000,047 | ---- | C] () -- C:\Users\Jfarelas\jagex_cl_runescape_LIVE.dat
[2012/06/07 20:46:14 | 000,000,512 | ---- | C] () -- C:\Users\Jfarelas\Desktop\MBR.dat
[2012/06/07 00:46:50 | 000,002,991 | ---- | C] () -- C:\Users\Jfarelas\Desktop\HiJackThis.lnk
[2012/06/05 15:01:18 | 012,674,048 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Maple Abroad.avi.approj
[2012/06/05 02:15:12 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Active Presenter.lnk
[2012/06/05 02:15:12 | 000,002,141 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\ActivePresenter.lnk
[2012/06/02 21:30:15 | 003,756,544 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Paint.NET.3.5.10.Install.exe
[2012/05/31 23:14:06 | 000,000,989 | ---- | C] () -- C:\Users\Jfarelas\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/30 20:07:25 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/05/27 10:43:21 | 000,001,031 | ---- | C] () -- C:\Users\Jfarelas\Desktop\Launcher - Shortcut.lnk
[2012/03/28 19:41:01 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2012/03/28 19:27:45 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2012/03/28 18:57:58 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/03/17 17:28:36 | 000,086,394 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\terrain.png
[2012/03/17 17:28:36 | 000,011,771 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\particles.png
[2012/03/17 17:28:36 | 000,006,667 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\color.properties
[2012/03/17 17:28:36 | 000,004,733 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\pack.png
[2011/06/30 15:20:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/10 23:05:03 | 000,003,584 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 15:02:09 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtserv.dll
[2011/03/29 15:02:09 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtusb1.dll
[2011/03/29 15:02:09 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbthbn3.dll
[2011/03/29 15:02:09 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomc.dll
[2011/03/29 15:02:09 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpmui.dll
[2011/03/29 15:02:09 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtlmpm.dll
[2011/03/29 15:02:09 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcoms.exe
[2011/03/29 15:02:09 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcomm.dll
[2011/03/29 15:02:09 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtinpa.dll
[2011/03/29 15:02:09 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtiesc.dll
[2011/03/29 15:02:09 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtih.exe
[2011/03/29 15:02:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxbtcomx.dll
[2011/03/29 15:02:09 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtcfg.exe
[2011/03/29 15:02:09 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxbtinst.dll
[2011/03/29 15:02:09 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtppls.exe
[2011/03/29 15:02:09 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtprox.dll
[2011/03/29 15:02:09 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbtpplc.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/04 13:09:11 | 000,007,597 | ---- | C] () -- C:\Users\Jfarelas\AppData\Local\Resmon.ResmonCfg
[2010/11/26 14:22:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/19 18:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/16 01:50:53 | 000,001,032 | ---- | C] () -- C:\Users\Jfarelas\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/20 23:15:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\mapleinstall.exe /s /md5 >
[2012/03/21 14:48:29 | 2710,336,484 | ---- | M] () Unable to obtain MD5 -- C:\Downloads\software\MapleInstall.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi trips487,

Does AVG say what the threats are? Is your Adobe Flashplayer curent?

The Mapleinstall.exe file looks like the installer for the Maple game. Do you need to keep it? If you don't we can kill it and then run the MalwareBytes scan. If you do need to keep it, let's have the Mapleinstall.exe file scanned for viruses. If it is clean we can have MalwareBytes ignore the file for the scan.

If you don't need to keep the installer, do Setp 1 below and then go to post #8 and finish those steps. If you wan't to keep the installer, start with Step 2 below.
No matter which one you choose, don't forget to complete the rest of the steps in post #8.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:FILES
C:\Downloads\software\MapleInstall.exe

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).



Step-2.

File Scanner
There are some files I need you to upload for checking

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Downloads\software\MapleInstall.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

If the VirScan shows the Mapleinstall.exe file is infected, kill it using Step 1. above and then go back to post #8. If it is clean we can tell MalwareBytes to ignore it during the scan.

Open MalwareBytes and click the Ignore List tab. The Ignore List page will open. Click the Add button and navigate to the C:\Downloads\software\MapleInstall.exe flie. Click on the file to highlight it and click OK to add it to the ignore list.
Then pick up with 2. under the Malware Bytes scan in post #8 and continue, completing all Steps.


Step-3.
The reports/logs I asked for in post #8, and the OTL fixes log if you started with Step 1. above.
  • 0

#13
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
I would like to keep it since I am still playing the game. However, it won't allow me to do the virus scan. Says I do not have permission to open this file, and that I should contact the owner. Then I get my avg pop up saying virus alert. Do you think it's best that I just uninstall the game then reinstall it and see if there's any difference? If not how should I go about this? Also my adobe flash player plug in crashes still sometimes. It shows that I have two of them in the task manager so not sure if that is the problem. Lastly, sometimes when i browse the net I get pop up ads saying that I should scan my pc or somsething. Not every page I go to just some but that could be just the page I am on has some maleware in it. idk though. Thanks for the help and sorry for the wait.
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The Mapleinstall.exe file is just the installation file for the game. Since the game is already installed there is no reason to keep the file.
I would run the OTL fix and see if it will remove the file. If OTL removes the file, go back to post #8 and complete steps 1-4.
  • 0

#15
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Things seem better but sometimes my adobe flash plug in still crashes and/or freezes my screen when i watch videos. Sometimes i have to manually close task and then it will be fine again.

scanner log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=df9afd51f4e9634297c5ba66077ca606
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-19 04:42:56
# local_time=2012-06-19 11:42:56 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 149788 149788 0 0
# compatibility_mode=1024 16777215 100 0 4378374 4378374 0 0
# compatibility_mode=5893 16776574 66 85 30380140 91662848 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=154626
# found=4
# cleaned=4
# scan_time=4777
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jfarelas\Downloads\HC2Setup.exe Win32/Somoto application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06122012_224615\C_Users\Jfarelas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\lptlf.dll a variant of Win32/Adware.Gamevance.BR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok

MaleWarebytes log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jfarelas :: JFARELAS-PC [administrator]

Protection: Disabled

6/19/2012 2:05:55 AM
mbam-log-2012-06-19 (02-05-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 351804
Time elapsed: 59 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Jfarelas\Downloads\SoftonicDownloader_for_dragon-nest.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)

Check up txt

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 33
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP