Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Keylogged, Person Stealing Information!

Started by Gabriel1 , Nov 11 2013 04:07 PM

Please log in to reply

#1
Gabriel1

Posted 11 November 2013 - 04:07 PM

Member

Member
156 posts

I Was recently online purchasing a few things, i was contacted about a great deal, unbeknownst to me this person had malicious intentions, he sent me a link for live chat to his companies website, i unwittingly clicked to accept a java runtime and thats where it began.

He gave me the items (this was a virtual transaction) and i sent him payment. After everything is done, i went to the bathroom, came back and everything was gone. He logged onto my account took everything he just gave me and still has the payment i sent him.

The only way he could possibly get my account information is if i was keylogged. During our entire conversation i was logging onto my bank account, logging onto paypal and other things, i immediatly changed my passwords using a laptop i have but am still afraid he got ahold of other information. i have the link for the website if it helps anyone.

I've run malwarebytes and security essentials and neither found anything.

heres my OTL log

OTL logfile created on: 11/11/2013 5:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Juan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 12.90 Gb Available Physical Memory | 81.14% Memory free
31.80 Gb Paging File | 28.66 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 23.16 Gb Free Space | 19.44% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.42 Mb Free Space | 71.42% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 263.78 Gb Free Space | 56.65% Space Free | Partition Type: NTFS

Computer Name: JUANSBEAST | User Name: Juan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/11 17:02:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Juan\Desktop\OTL.exe
PRC - [2013/11/11 16:44:52 | 000,033,818 | ---- | M] (Microsoft Corporation) -- C:\Users\Juan\AppData\Local\Temp\RegSvcs.exe
PRC - [2013/11/05 23:57:43 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
PRC - [2013/10/10 13:57:30 | 001,141,328 | ---- | M] (BitTorrent Inc.) -- C:\Users\Juan\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/08 17:17:52 | 003,101,056 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
PRC - [2012/07/16 21:01:20 | 000,658,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
PRC - [2012/07/12 16:36:06 | 003,984,032 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
PRC - [2012/03/13 11:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2012/02/02 14:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
PRC - [2011/09/08 20:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/11 16:59:44 | 000,143,872 | ---- | M] () -- C:\Users\Juan\AppData\Local\Temp\BridJExtractedLibraries6657907933462954121\bridj.dll
MOD - [2013/11/11 16:59:44 | 000,056,510 | ---- | M] () -- C:\Users\Juan\AppData\Local\Temp\JNativeHook_4697570738310298803.dll
MOD - [2013/11/11 16:59:44 | 000,048,128 | ---- | M] () -- C:\Users\Juan\AppData\Local\Temp\BridJExtractedLibraries6657907933462954121\OpenIMAJGrabber.dll
MOD - [2013/10/11 21:29:01 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/10/11 21:28:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/10/11 21:28:32 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/10/11 19:54:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/11 19:54:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/10/11 19:54:23 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/10/11 19:54:21 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/11 19:54:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/10/11 19:54:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/10/08 19:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 19:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 19:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 19:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 19:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 19:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2012/08/15 13:42:40 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
MOD - [2012/07/31 14:21:32 | 000,152,064 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
MOD - [2012/06/22 12:32:10 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\DLCapPP.dll
MOD - [2012/05/02 17:04:30 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\AudioProjection.dll
MOD - [2012/04/25 13:47:54 | 000,659,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\PhoneCtrlAPI.dll
MOD - [2012/04/20 15:24:08 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiMoveHelp.dll
MOD - [2012/01/12 15:44:02 | 000,475,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFiGO_HookKey.dll
MOD - [2011/08/09 13:52:50 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\awiscale.dll
MOD - [2010/12/14 16:46:32 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\CoreAudioCap.dll
MOD - [2010/11/04 20:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
MOD - [2009/08/12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/15 14:43:22 | 001,475,744 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2013/10/15 14:24:08 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2013/10/15 14:24:08 | 000,920,736 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe -- (asComSvc)
SRV - [2013/10/15 14:24:08 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/12 19:11:22 | 000,303,952 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe -- (WSWUSB6300)
SRV - [2012/09/20 09:00:18 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\Windows\runSW.exe -- (RunSwUSB)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Disabled | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/10/10 17:01:04 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/06/24 12:36:12 | 000,420,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2013/06/24 12:36:12 | 000,140,032 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/25 18:18:48 | 002,345,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2013/03/25 18:18:48 | 002,345,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RTL8192cu)
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/28 19:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/06/12 21:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/31 10:06:14 | 000,032,400 | ---- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/11 08:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/04/11 08:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/29 08:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE2500w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: James White = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: YouTube = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Autocomplete = on = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WindowsUpdate] C:\Users\Juan\FTZOH\ZEv7G22d.vbe ()
O4 - HKCU..\Run: [File] C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D208E76-EC1A-48FF-BCA0-F861D2BC1919}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{613F64F0-B4E6-4AA4-87E5-D5CBBCB1688C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA2B03EA-D667-4DB6-815B-6213AA7590C7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1E2AB26-47A4-493C-97CA-221B5901B027}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8ab44677-31f7-11e3-92cc-a644df85a930}\Shell - "" = AutoRun
O33 - MountPoints2\{8ab44677-31f7-11e3-92cc-a644df85a930}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/11 17:02:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Juan\Desktop\OTL.exe
[2013/11/11 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/11 16:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/11 16:44:48 | 000,000,000 | -H-D | C] -- C:\Users\Juan\FTZOH
[2013/11/11 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Juan\Desktop\pic_files
[2013/11/11 10:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/11/11 10:30:56 | 000,000,000 | ---D | C] -- C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/11 10:30:49 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Juan\Desktop\revosetup.exe
[2013/11/11 10:27:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/10 14:46:30 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Juan\Desktop\tdsskiller.exe
[2013/11/10 14:44:28 | 000,000,000 | ---D | C] -- C:\Users\Juan\AppData\Roaming\Malwarebytes
[2013/11/10 14:36:26 | 000,000,000 | ---D | C] -- C:\Users\Juan\Desktop\SF_10-11-2013
[2013/11/10 01:58:11 | 000,000,000 | ---D | C] -- C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/11/10 01:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2013/11/08 14:38:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/07 21:49:25 | 000,000,000 | ---D | C] -- C:\Users\Juan\AppData\Roaming\Skype
[2013/11/07 21:49:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/07 21:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/07 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/07 21:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/11/06 12:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013/11/06 12:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/11/06 12:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/11/06 12:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/11/06 00:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Amigo Setup
[2013/11/06 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC Amigo Setup
[2013/11/06 00:00:40 | 000,000,000 | ---D | C] -- C:\Users\Juan\jagexcache5
[2013/11/06 00:00:40 | 000,000,000 | ---D | C] -- C:\Users\Juan\jagexcache4
[2013/11/06 00:00:40 | 000,000,000 | ---D | C] -- C:\Users\Juan\jagexcache3
[2013/11/06 00:00:40 | 000,000,000 | ---D | C] -- C:\Users\Juan\jagexcache2
[2013/11/06 00:00:40 | 000,000,000 | ---D | C] -- C:\Users\Juan\jagexcache1
[2013/11/05 23:58:46 | 000,000,000 | ---D | C] -- C:\Users\Juan\jagexcache
[2013/11/05 23:58:36 | 000,000,000 | ---D | C] -- C:\Users\Juan\AppData\Roaming\.tribot
[2013/11/05 23:58:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/11/05 23:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/05 23:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/05 23:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/05 23:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/05 23:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/05 23:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/16 16:41:38 | 000,000,000 | ---D | C] -- C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Theme Resource Changer X64 v1.0
[2013/10/16 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Theme Resource Changer
[2013/10/16 16:37:51 | 000,000,000 | ---D | C] -- C:\Users\Juan\Desktop\black seven original
[2013/10/16 16:37:51 | 000,000,000 | ---D | C] -- C:\Users\Juan\Desktop\black blue 4
[2013/10/16 16:27:11 | 000,000,000 | ---D | C] -- C:\Users\Juan\Desktop\windows 7 themes alien tech (red)
[2013/10/15 18:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2013/10/15 18:31:46 | 000,430,080 | ---- | C] (Realtek) -- C:\Windows\SwUSB.exe
[2013/10/15 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linksys WUSB6300
[2013/10/15 15:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2013/10/15 15:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2013/10/15 14:48:23 | 000,046,152 | ---- | C] (MCCI Corporation) -- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
[2013/10/15 14:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2013/10/15 14:45:37 | 000,032,400 | ---- | C] (NT Kernel Resources) -- C:\Windows\SysNative\drivers\ndisrd.sys
[2013/10/15 14:43:49 | 000,014,848 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\drivers\AiChargerPlus.sys
[2013/10/15 14:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/10/15 14:30:57 | 000,726,160 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/10/15 14:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/10/15 14:24:37 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2013/10/15 14:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013/10/15 14:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/10/15 14:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2013/10/15 14:24:08 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2013/10/15 14:24:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\MFDLL
[2013/10/15 14:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013/10/13 17:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013/10/13 17:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013/10/13 17:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/10/13 17:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013/10/13 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013/10/13 17:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2013/10/13 14:41:42 | 000,240,248 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\wpcap.dll
[2013/10/13 14:41:42 | 000,088,704 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\packet.dll
[2013/10/13 14:41:42 | 000,068,224 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\WanPacket.dll
[2013/10/13 14:41:42 | 000,040,464 | ---- | C] (CACE Technologies) -- C:\Windows\SysNative\drivers\npf.sys
[2013/10/10 13:57:28 | 000,844,752 | ---- | C] (Google Inc.) -- C:\Users\Juan\AppData\Roaming\mhost.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Juan\AppData\Roaming\*.tmp files -> C:\Users\Juan\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/11 17:04:29 | 000,047,860 | ---- | M] () -- C:\Users\Juan\AppData\Roaming\user
[2013/11/11 17:02:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Juan\Desktop\OTL.exe
[2013/11/11 16:59:43 | 001,576,359 | ---- | M] () -- C:\Users\Juan\AppData\Roaming\File.jar
[2013/11/11 16:59:21 | 000,157,240 | ---- | M] () -- C:\Users\Juan\Desktop\JavaRa-2.3.zip
[2013/11/11 16:52:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/11 16:33:00 | 000,000,043 | ---- | M] () -- C:\Users\Juan\jagex_cl_oldschool_LIVE.dat
[2013/11/11 16:33:00 | 000,000,000 | R--- | M] () -- C:\Users\Juan\random.dat
[2013/11/11 16:31:08 | 001,590,880 | ---- | M] () -- C:\Users\Juan\jbytstvjz.jar
[2013/11/11 16:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 15:35:00 | 000,040,508 | ---- | M] () -- C:\Users\Juan\Desktop\amazon.png
[2013/11/11 13:35:34 | 001,590,880 | ---- | M] () -- C:\Users\Juan\rutyqyi.jar
[2013/11/11 13:34:25 | 001,590,880 | ---- | M] () -- C:\Users\Juan\osshytnks.jar
[2013/11/11 13:20:08 | 000,231,708 | ---- | M] () -- C:\Users\Juan\onbsgsna.jar
[2013/11/11 13:15:50 | 000,173,281 | ---- | M] () -- C:\Users\Juan\KWKMV
[2013/11/11 13:03:26 | 000,231,708 | ---- | M] () -- C:\Users\Juan\xopjvgjxw.jar
[2013/11/11 13:02:56 | 000,231,708 | ---- | M] () -- C:\Users\Juan\vembasibipg.jar
[2013/11/11 13:02:38 | 000,231,708 | ---- | M] () -- C:\Users\Juan\rpzaqtvm.jar
[2013/11/11 13:02:29 | 000,231,708 | ---- | M] () -- C:\Users\Juan\swbzigv.jar
[2013/11/11 12:02:00 | 000,026,982 | ---- | M] () -- C:\Users\Juan\Desktop\[HorribleSubs] Magi S2 - 06 [720p].mkv.torrent
[2013/11/11 11:03:12 | 000,048,621 | ---- | M] () -- C:\Users\Juan\Desktop\TRiBot.jar
[2013/11/11 10:37:43 | 002,430,774 | ---- | M] () -- C:\Users\Juan\Desktop\photo.JPG
[2013/11/11 10:37:35 | 000,289,859 | ---- | M] () -- C:\Users\Juan\Desktop\pic.htm
[2013/11/11 10:30:56 | 000,001,306 | ---- | M] () -- C:\Users\Juan\Desktop\Revo Uninstaller.lnk
[2013/11/11 10:30:50 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Juan\Desktop\revosetup.exe
[2013/11/11 10:22:07 | 000,056,268 | ---- | M] () -- C:\Users\Juan\Desktop\nov.png
[2013/11/11 10:21:07 | 000,067,137 | ---- | M] () -- C:\Users\Juan\Desktop\oct.png
[2013/11/11 07:38:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/11 03:23:01 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 03:23:01 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 03:20:04 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/11 03:20:04 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/11 03:20:04 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/11 03:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/11 03:15:55 | 4216,602,622 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/10 19:32:05 | 000,021,504 | ---- | M] () -- C:\Users\Juan\YMQGIX
[2013/11/10 19:32:04 | 001,523,353 | ---- | M] () -- C:\Users\Juan\5Prg.vbe
[2013/11/10 19:31:49 | 000,237,124 | ---- | M] () -- C:\Users\Juan\VZYQC
[2013/11/10 19:31:47 | 000,466,952 | ---- | M] () -- C:\Users\Juan\VBEBE
[2013/11/10 19:30:46 | 000,236,445 | -H-- | M] () -- C:\Users\Juan\HWBJD
[2013/11/10 14:46:37 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Juan\Desktop\tdsskiller.exe
[2013/11/10 14:39:14 | 000,354,614 | ---- | M] () -- C:\Users\Juan\Desktop\magepker.rar
[2013/11/10 14:35:19 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx
[2013/11/10 14:35:09 | 000,221,159 | ---- | M] () -- C:\Users\Juan\Desktop\SF_Diagnostic_Tool.zip
[2013/11/10 14:30:15 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2013/11/10 12:14:40 | 000,147,955 | ---- | M] () -- C:\Users\Juan\Desktop\pp trans.png
[2013/11/10 11:29:25 | 000,008,389 | ---- | M] () -- C:\Users\Juan\Desktop\Grave Digger.zip
[2013/11/10 11:28:56 | 000,006,827 | ---- | M] () -- C:\Users\Juan\Desktop\DG's BONER .rar
[2013/11/10 01:58:03 | 000,141,480 | ---- | M] () -- C:\Users\Juan\Desktop\bluescreenview_setup.exe
[2013/11/10 01:45:06 | 000,025,685 | ---- | M] () -- C:\Users\Juan\Desktop\[HorribleSubs] One Piece - 620 [720p].mkv.torrent
[2013/11/09 15:33:56 | 000,017,574 | ---- | M] () -- C:\Users\Juan\Desktop\The Wolverine 2013 Unleashed Extended BDRip 720p x264 10bit AAC 5.1-MZON3.torrent
[2013/11/07 23:51:57 | 000,000,043 | ---- | M] () -- C:\Users\Juan\jagex_cl_runescape_LIVE.dat
[2013/11/07 21:49:23 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/06 12:51:25 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/06 01:01:31 | 000,038,154 | ---- | M] () -- C:\Users\Juan\Desktop\AIOMagic2.1.zip
[2013/10/20 14:38:06 | 001,442,775 | ---- | M] () -- C:\Users\Juan\Desktop\ravelry_colors_on_black_by_deepbluerenegade-d4v68dz.jpg
[2013/10/16 15:18:43 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/15 15:05:45 | 005,379,904 | ---- | M] () -- C:\Windows\PE_File.dll
[2013/10/15 14:30:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_M5A97 R2.0.alu
[2013/10/12 20:49:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Juan\AppData\Roaming\*.tmp files -> C:\Users\Juan\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/11 16:59:20 | 000,157,240 | ---- | C] () -- C:\Users\Juan\Desktop\JavaRa-2.3.zip
[2013/11/11 16:52:53 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/11 16:52:00 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/11 16:31:06 | 001,590,880 | ---- | C] () -- C:\Users\Juan\jbytstvjz.jar
[2013/11/11 14:11:56 | 000,040,508 | ---- | C] () -- C:\Users\Juan\Desktop\amazon.png
[2013/11/11 13:35:31 | 001,590,880 | ---- | C] () -- C:\Users\Juan\rutyqyi.jar
[2013/11/11 13:34:22 | 001,590,880 | ---- | C] () -- C:\Users\Juan\osshytnks.jar
[2013/11/11 13:20:07 | 000,231,708 | ---- | C] () -- C:\Users\Juan\onbsgsna.jar
[2013/11/11 13:16:22 | 000,047,490 | ---- | C] () -- C:\Users\Juan\AppData\Roaming\user
[2013/11/11 13:15:50 | 000,173,281 | ---- | C] () -- C:\Users\Juan\KWKMV
[2013/11/11 13:15:47 | 001,523,353 | ---- | C] () -- C:\Users\Juan\5Prg.vbe
[2013/11/11 13:15:47 | 000,466,952 | ---- | C] () -- C:\Users\Juan\VBEBE
[2013/11/11 13:15:47 | 000,237,124 | ---- | C] () -- C:\Users\Juan\VZYQC
[2013/11/11 13:15:47 | 000,236,445 | -H-- | C] () -- C:\Users\Juan\HWBJD
[2013/11/11 13:15:47 | 000,021,504 | ---- | C] () -- C:\Users\Juan\YMQGIX
[2013/11/11 13:03:25 | 000,231,708 | ---- | C] () -- C:\Users\Juan\xopjvgjxw.jar
[2013/11/11 13:02:55 | 000,231,708 | ---- | C] () -- C:\Users\Juan\vembasibipg.jar
[2013/11/11 13:02:37 | 000,231,708 | ---- | C] () -- C:\Users\Juan\rpzaqtvm.jar
[2013/11/11 13:02:30 | 001,576,359 | ---- | C] () -- C:\Users\Juan\AppData\Roaming\File.jar
[2013/11/11 13:02:29 | 000,231,708 | ---- | C] () -- C:\Users\Juan\swbzigv.jar
[2013/11/11 12:02:00 | 000,026,982 | ---- | C] () -- C:\Users\Juan\Desktop\[HorribleSubs] Magi S2 - 06 [720p].mkv.torrent
[2013/11/11 11:03:12 | 000,048,621 | ---- | C] () -- C:\Users\Juan\Desktop\TRiBot.jar
[2013/11/11 10:37:42 | 002,430,774 | ---- | C] () -- C:\Users\Juan\Desktop\photo.JPG
[2013/11/11 10:37:34 | 000,289,859 | ---- | C] () -- C:\Users\Juan\Desktop\pic.htm
[2013/11/11 10:30:56 | 000,001,306 | ---- | C] () -- C:\Users\Juan\Desktop\Revo Uninstaller.lnk
[2013/11/11 10:22:07 | 000,056,268 | ---- | C] () -- C:\Users\Juan\Desktop\nov.png
[2013/11/11 10:21:07 | 000,067,137 | ---- | C] () -- C:\Users\Juan\Desktop\oct.png
[2013/11/10 14:39:13 | 000,354,614 | ---- | C] () -- C:\Users\Juan\Desktop\magepker.rar
[2013/11/10 14:35:08 | 000,221,159 | ---- | C] () -- C:\Users\Juan\Desktop\SF_Diagnostic_Tool.zip
[2013/11/10 12:14:40 | 000,147,955 | ---- | C] () -- C:\Users\Juan\Desktop\pp trans.png
[2013/11/10 11:29:24 | 000,008,389 | ---- | C] () -- C:\Users\Juan\Desktop\Grave Digger.zip
[2013/11/10 11:28:56 | 000,006,827 | ---- | C] () -- C:\Users\Juan\Desktop\DG's BONER .rar
[2013/11/10 01:58:02 | 000,141,480 | ---- | C] () -- C:\Users\Juan\Desktop\bluescreenview_setup.exe
[2013/11/10 01:45:06 | 000,025,685 | ---- | C] () -- C:\Users\Juan\Desktop\[HorribleSubs] One Piece - 620 [720p].mkv.torrent
[2013/11/09 15:33:56 | 000,017,574 | ---- | C] () -- C:\Users\Juan\Desktop\The Wolverine 2013 Unleashed Extended BDRip 720p x264 10bit AAC 5.1-MZON3.torrent
[2013/11/07 23:51:57 | 000,000,043 | ---- | C] () -- C:\Users\Juan\jagex_cl_runescape_LIVE.dat
[2013/11/07 21:49:23 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/06 12:51:25 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/06 01:01:31 | 000,038,154 | ---- | C] () -- C:\Users\Juan\Desktop\AIOMagic2.1.zip
[2013/11/05 23:58:46 | 000,000,043 | ---- | C] () -- C:\Users\Juan\jagex_cl_oldschool_LIVE.dat
[2013/11/05 23:58:46 | 000,000,000 | R--- | C] () -- C:\Users\Juan\random.dat
[2013/10/20 14:38:06 | 001,442,775 | ---- | C] () -- C:\Users\Juan\Desktop\ravelry_colors_on_black_by_deepbluerenegade-d4v68dz.jpg
[2013/10/15 18:31:46 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2013/10/15 14:30:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_M5A97 R2.0.alu
[2013/10/15 14:26:43 | 000,000,000 | ---- | C] () -- C:\Windows\Path.idx
[2013/10/15 14:26:19 | 005,379,904 | ---- | C] () -- C:\Windows\PE_File.dll
[2013/10/15 14:25:44 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2013/10/15 14:25:02 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013/10/15 14:24:08 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/10/15 14:24:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/10/15 14:24:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013/10/13 14:41:42 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/10/12 20:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/10/11 20:17:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/10/10 14:46:50 | 000,000,037 | -HS- | C] () -- C:\Users\Juan\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/10/10 14:18:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/10/10 14:06:06 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/10/10 14:06:05 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/10/10 14:06:05 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/11 12:49:59 | 000,000,000 | ---D | M] -- C:\Users\Juan\AppData\Roaming\.tribot
[2013/11/11 17:03:21 | 000,000,000 | ---D | M] -- C:\Users\Juan\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

heres extras;

OTL Extras logfile created on: 11/11/2013 5:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Juan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 12.90 Gb Available Physical Memory | 81.14% Memory free
31.80 Gb Paging File | 28.66 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 23.16 Gb Free Space | 19.44% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.42 Mb Free Space | 71.42% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 263.78 Gb Free Space | 56.65% Space Free | Partition Type: NTFS

Computer Name: JUANSBEAST | User Name: Juan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe:*:Enabled:Windows Messanger -- (Google Inc.)
"C:\Users\Juan\AppData\Roaming\mhost.exe" = C:\Users\Juan\AppData\Roaming\mhost.exe:*:Enabled:Windows Messanger -- (Google Inc.)
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe:*:Enabled:Windows Messanger -- (Google Inc.)
"C:\Users\Juan\AppData\Roaming\mhost.exe" = C:\Users\Juan\AppData\Roaming\mhost.exe:*:Enabled:Windows Messanger -- (Google Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C0A6F4-5A13-48AD-A21C-AD4920B888C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A618B61-E9B7-4893-AD0F-01A2746F203B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B7988C3-DF5C-4DCE-A1D7-1EAECB99E239}" = rport=137 | protocol=17 | dir=out | app=system |
"{53566748-CD9F-4BA2-A4E0-DA0F4144FCCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66973355-ECC7-415F-95F6-1957628A2660}" = lport=445 | protocol=6 | dir=in | app=system |
"{674C2532-FC6F-4914-8CB9-2A3F4F17E26B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B06CC53-E105-433E-8F53-31B849E7EC19}" = lport=138 | protocol=17 | dir=in | app=system |
"{74BD21F8-0506-468D-9E2F-74A97A5D0BAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77F7BF35-66E8-44DA-8A27-D6ABC849F147}" = lport=137 | protocol=17 | dir=in | app=system |
"{87CBBC2E-680F-49EF-BD47-6D5D3175D72E}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 |
"{881EBFBD-28AF-490F-AC4B-3C26197573A8}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 |
"{933B70E7-1DC8-462D-885D-A84B73507E76}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 |
"{9769318A-33E8-49DF-9FC1-798FF8388155}" = rport=139 | protocol=6 | dir=out | app=system |
"{B745DF66-B779-4EEA-8B05-1B2377A835C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA267103-7FCD-4BF7-8469-36F068E3144B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF98D177-AE2B-4732-8CB5-73786FF527AB}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 |
"{E579A228-0318-4A30-A86C-BE324866336D}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD28A52B-72BF-45A3-8258-8D5A5F715CFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015151CB-2A5E-4EB1-A4DD-1F67696C8495}" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\assassins creed\assassinscreed_dx9.exe |
"{0321378E-8AE2-478A-ABE2-82E0EE11A8EB}" = protocol=17 | dir=in | app=f:\nba2k14.exe |
"{03E92173-8782-4BC0-98F4-FE1783F6799E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\bin\hammer.bat |
"{056AB43A-940E-4191-84F9-0C278C0A69BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E58454A-40B9-4001-AF02-5419CB5FA014}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{0F25FBEE-3EDD-475D-8222-FCAB5398EB48}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1273FBC4-F4CD-4D91-A267-E2DFA4D1F222}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1E6545C6-F56B-46F1-9490-563708208B4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FD41054-3F48-44B0-8DB9-075170625A76}" = protocol=1 | dir=out | [email protected],-28544 |
"{261398B8-0A49-47C2-A7B1-ECCB83F7DE53}" = protocol=6 | dir=in | app=c:\users\juan\appdata\roaming\utorrent\utorrent.exe |
"{2DCC0396-DA7B-480A-9A17-CD6772D55517}" = protocol=17 | dir=in | app=c:\users\juan\appdata\roaming\utorrent\utorrent.exe |
"{2F05B4BB-A66A-40D8-8F21-811F0D0E03D1}" = protocol=6 | dir=in | app=f:\sftk.exe |
"{36276097-EFE1-496C-A26C-90B311D28026}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D1E02C8-9745-448F-8BBC-E5A7FA18F7C0}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\remote go!\assisttools\wifi go! server.exe |
"{416DF442-C95C-494E-8F61-772B45E42CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\assassins creed\assassinscreed_dx10.exe |
"{454EC845-558F-4D0B-8799-D8D91FB7D4D0}" = protocol=17 | dir=in | app=f:\sftk.exe |
"{4905889A-EE11-474D-899E-235D5D8F7AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\remote go!\assisttools\wifi go! server.exe |
"{545A2362-A766-4342-A830-5EE3FE9CEDF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5BC361E3-16A2-4C13-AE59-59D073D4F67D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\bin\hammer.bat |
"{760F5A38-AA76-4DE6-84FC-8C5DAA56E6AA}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{921B1E5C-7294-4250-B40B-8EAF55CFFDA6}" = protocol=1 | dir=in | [email protected],-28543 |
"{9227FFE7-B8BB-48A6-92E1-E84F54AC5EC7}" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\assassins creed\assassinscreed_dx10.exe |
"{984C0EFB-55E7-4E92-8F73-5C0C8134CD55}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2560FF9-26C3-41B5-A341-9DEE98F25AC8}" = protocol=58 | dir=in | [email protected],-28545 |
"{B2E0670A-BF06-4A93-86FE-114288AFCAD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B54118E1-4236-4203-A67B-0DB350A12F99}" = protocol=58 | dir=out | [email protected],-28546 |
"{B6AA1B6C-535E-4C96-93E2-170913CE9526}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC197E71-9F77-42E4-9648-F0F90BFFB245}" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\assassins creed\assassinscreed_dx9.exe |
"{DF743245-CD16-41D8-87C3-97AE31C4A440}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\hl2.exe |
"{E17EAB91-7D18-4ED8-A5CD-302CC86481E3}" = protocol=6 | dir=in | app=f:\nba2k14.exe |
"{FB36C229-07DF-42F8-BB09-B19FAD8B127A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\hl2.exe |
"TCP Query User{D86DD831-FFFF-4286-AE22-405AF8759E0D}C:\users\juan\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\juan\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{7233CD37-3184-463E-A780-3AD401F11759}C:\users\juan\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\juan\appdata\roaming\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9ADF8D-9160-418A-97DD-5E636AE9E652}_is1" = original theme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}" = inSSIDer 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AD492C53-49D3-30A1-837C-16E039DEC8C9}" = Google Chrome
"{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}" = Linksys Dual Band Wireless-AC USB Adapter
"{CB2E4D17-10DA-4368-AA26-ED63BF57C177}" = VLC Amigo Setup
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASIO4ALL" = ASIO4ALL
"Assassin's Creed_is1" = Assassin's Creed
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Revo Uninstaller" = Revo Uninstaller 1.95
"SpeedFan" = SpeedFan (remove only)
"Steam App 224260" = No More Room in [bleep]
"VLC media player" = VLC media player 2.1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2013 6:37:24 PM | Computer Name = JuansBeast | Source = Application Hang | ID = 1002
Description = The program java.exe version 7.0.450.18 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1118 Start Time:
01cede54a6b1fa74 Termination Time: 38 Application Path: C:\Program Files (x86)\Java\jre7\bin\java.exe

Report
Id: aa3f605b-4a58-11e3-8c33-60a44c5ad54f

Error - 11/10/2013 6:41:04 PM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: TurboVHelp.exe, version: 1.0.1.36, time
stamp: 0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting
process id: 0xbe0 Faulting application start time: 0x01cede65eed91eaa Faulting application
path: C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 2e42827b-4a59-11e3-af9e-60a44c5ad54f

Error - 11/10/2013 6:41:08 PM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp:
0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp:
0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting process id:
0xa98 Faulting application start time: 0x01cede65f2216fbc Faulting application path:
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 303902a6-4a59-11e3-af9e-60a44c5ad54f

Error - 11/10/2013 6:41:14 PM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: AI Suite II.exe, version: 2.0.0.0, time
stamp: 0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting
process id: 0xd4c Faulting application start time: 0x01cede65f3f943e5 Faulting application
path: C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 33c82a2e-4a59-11e3-af9e-60a44c5ad54f

Error - 11/11/2013 8:38:05 AM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: TurboVHelp.exe, version: 1.0.1.36, time
stamp: 0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting
process id: 0xba4 Faulting application start time: 0x01cededadc42d8b7 Faulting application
path: C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 1bbb5088-4ace-11e3-91d5-60a44c5ad54f

Error - 11/11/2013 8:38:07 AM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp:
0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp:
0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting process id:
0xc58 Faulting application start time: 0x01cededadf58ee14 Faulting application path:
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 1d3f8537-4ace-11e3-91d5-60a44c5ad54f

Error - 11/11/2013 8:38:14 AM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: AI Suite II.exe, version: 2.0.0.0, time
stamp: 0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting
process id: 0xcac Faulting application start time: 0x01cededae26464be Faulting application
path: C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 21a8bc40-4ace-11e3-91d5-60a44c5ad54f

Error - 11/11/2013 11:24:36 AM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_ASUS AI Suite II, version: 2.0.1.0,
time stamp: 0x506a8088 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting
process id: 0xf94 Faulting application start time: 0x01cedef2201c6f7f Faulting application
path: C:\ProgramData\ASUS\AI Suite II\Setup.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 5f65f734-4ae5-11e3-91d5-60a44c5ad54f

Error - 11/11/2013 11:24:43 AM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_ASUS AI Suite II, version: 2.0.1.0,
time stamp: 0x506a8088 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting
process id: 0x1348 Faulting application start time: 0x01cedef22493896c Faulting application
path: C:\ProgramData\ASUS\AI Suite II\Setup.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 63381c27-4ae5-11e3-91d5-60a44c5ad54f

Error - 11/11/2013 11:32:28 AM | Computer Name = JuansBeast | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_ASUS AI Suite II, version: 2.0.1.0,
time stamp: 0x506a8088 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1116 Exception code: 0x0eedfade Fault offset: 0x0000c41f Faulting
process id: 0x93c Faulting application start time: 0x01cedef339a99e01 Faulting application
path: C:\ProgramData\ASUS\AI Suite II\Setup.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 78bb9a25-4ae6-11e3-91d5-60a44c5ad54f

[ System Events ]
Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = DCOM | ID = 10005
Description =

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = DCOM | ID = 10005
Description =

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/10/2013 3:28:52 PM | Computer Name = JuansBeast | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

< End of report >

any help would be greatly appreciated thanks.

#2
RKinner

Posted 11 November 2013 - 05:47 PM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKLM..\Run: [WindowsUpdate] C:\Users\Juan\FTZOH\ZEv7G22d.vbe ()
O4 - HKCU..\Run: [File] C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)
[2013/11/11 16:59:43 | 001,576,359 | ---- | M] () -- C:\Users\Juan\AppData\Roaming\File.jar
[2013/11/11 16:31:08 | 001,590,880 | ---- | M] () -- C:\Users\Juan\jbytstvjz.jar
[2013/11/11 13:35:34 | 001,590,880 | ---- | M] () -- C:\Users\Juan\rutyqyi.jar
[2013/11/11 13:34:25 | 001,590,880 | ---- | M] () -- C:\Users\Juan\osshytnks.jar
[2013/11/11 13:20:08 | 000,231,708 | ---- | M] () -- C:\Users\Juan\onbsgsna.jar
[2013/11/11 13:15:50 | 000,173,281 | ---- | M] () -- C:\Users\Juan\KWKMV
[2013/11/11 13:03:26 | 000,231,708 | ---- | M] () -- C:\Users\Juan\xopjvgjxw.jar
[2013/11/11 13:02:56 | 000,231,708 | ---- | M] () -- C:\Users\Juan\vembasibipg.jar
[2013/11/11 13:02:38 | 000,231,708 | ---- | M] () -- C:\Users\Juan\rpzaqtvm.jar
[2013/11/11 13:02:29 | 000,231,708 | ---- | M] () -- C:\Users\Juan\swbzigv.jar
[2013/11/11 11:03:12 | 000,048,621 | ---- | M] () -- C:\Users\Juan\Desktop\TRiBot.jar
[2013/11/10 19:32:05 | 000,021,504 | ---- | M] () -- C:\Users\Juan\YMQGIX
[2013/11/10 19:32:04 | 001,523,353 | ---- | M] () -- C:\Users\Juan\5Prg.vbe
[2013/11/10 19:31:49 | 000,237,124 | ---- | M] () -- C:\Users\Juan\VZYQC
[2013/11/10 19:31:47 | 000,466,952 | ---- | M] () -- C:\Users\Juan\VBEBE
[2013/11/10 19:30:46 | 000,236,445 | -H-- | M] () -- C:\Users\Juan\HWBJD
[2013/11/11 16:31:06 | 001,590,880 | ---- | C] () -- C:\Users\Juan\jbytstvjz.jar
[2013/11/11 13:35:31 | 001,590,880 | ---- | C] () -- C:\Users\Juan\rutyqyi.jar
[2013/11/11 13:34:22 | 001,590,880 | ---- | C] () -- C:\Users\Juan\osshytnks.jar
[2013/11/11 13:20:07 | 000,231,708 | ---- | C] () -- C:\Users\Juan\onbsgsna.jar
[2013/11/11 13:15:50 | 000,173,281 | ---- | C] () -- C:\Users\Juan\KWKMV
[2013/11/11 13:15:47 | 001,523,353 | ---- | C] () -- C:\Users\Juan\5Prg.vbe
[2013/11/11 13:15:47 | 000,466,952 | ---- | C] () -- C:\Users\Juan\VBEBE
[2013/11/11 13:15:47 | 000,237,124 | ---- | C] () -- C:\Users\Juan\VZYQC
[2013/11/11 13:15:47 | 000,236,445 | -H-- | C] () -- C:\Users\Juan\HWBJD
[2013/11/11 13:15:47 | 000,021,504 | ---- | C] () -- C:\Users\Juan\YMQGIX
[2013/11/11 13:03:25 | 000,231,708 | ---- | C] () -- C:\Users\Juan\xopjvgjxw.jar
[2013/11/11 13:02:55 | 000,231,708 | ---- | C] () -- C:\Users\Juan\vembasibipg.jar
[2013/11/11 13:02:37 | 000,231,708 | ---- | C] () -- C:\Users\Juan\rpzaqtvm.jar
[2013/11/11 13:02:30 | 001,576,359 | ---- | C] () -- C:\Users\Juan\AppData\Roaming\File.jar
[2013/11/11 13:02:29 | 000,231,708 | ---- | C] () -- C:\Users\Juan\swbzigv.jar
[2013/10/10 14:46:50 | 000,000,037 | -HS- | C] () -- C:\Users\Juan\AppData\Local\70149b02515b3bb20dd492.47983420

:Files
C:\Users\Juan\AppData\Local\Temp\BridJExtractedLibraries6657907933462954121\bridj.dll
C:\Users\Juan\AppData\Local\Temp\JNativeHook_4697570738310298803.dll
C:\Users\Juan\AppData\Local\Temp\BridJExtractedLibraries6657907933462954121\OpenIMAJGrabber.dll
C:\Users\Juan\AppData\Local\Temp\RegSvcs.exe

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\11112013-some number.log so look there if you don't see it.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Gabriel1

Posted 11 November 2013 - 06:56 PM

Member

Topic Starter
Member
156 posts

ill post seperate times for each log to not get confused;

OTL;

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsUpdate not found.
File C:\Users\Juan\FTZOH\ZEv7G22d.vbe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\File not found.
C:\Program Files (x86)\Java\jre7\bin\javaw.exe moved successfully.
C:\Users\Juan\AppData\Roaming\File.jar moved successfully.
C:\Users\Juan\jbytstvjz.jar moved successfully.
C:\Users\Juan\rutyqyi.jar moved successfully.
C:\Users\Juan\osshytnks.jar moved successfully.
C:\Users\Juan\onbsgsna.jar moved successfully.
C:\Users\Juan\KWKMV moved successfully.
C:\Users\Juan\xopjvgjxw.jar moved successfully.
C:\Users\Juan\vembasibipg.jar moved successfully.
C:\Users\Juan\rpzaqtvm.jar moved successfully.
C:\Users\Juan\swbzigv.jar moved successfully.
C:\Users\Juan\Desktop\TRiBot.jar moved successfully.
C:\Users\Juan\YMQGIX moved successfully.
File C:\Users\Juan\5Prg.vbe not found.
C:\Users\Juan\VZYQC moved successfully.
C:\Users\Juan\VBEBE moved successfully.
C:\Users\Juan\HWBJD moved successfully.
File C:\Users\Juan\jbytstvjz.jar not found.
File C:\Users\Juan\rutyqyi.jar not found.
File C:\Users\Juan\osshytnks.jar not found.
File C:\Users\Juan\onbsgsna.jar not found.
File C:\Users\Juan\KWKMV not found.
File C:\Users\Juan\5Prg.vbe not found.
File C:\Users\Juan\VBEBE not found.
File C:\Users\Juan\VZYQC not found.
File C:\Users\Juan\HWBJD not found.
File C:\Users\Juan\YMQGIX not found.
File C:\Users\Juan\xopjvgjxw.jar not found.
File C:\Users\Juan\vembasibipg.jar not found.
File C:\Users\Juan\rpzaqtvm.jar not found.
File C:\Users\Juan\AppData\Roaming\File.jar not found.
File C:\Users\Juan\swbzigv.jar not found.
C:\Users\Juan\AppData\Local\70149b02515b3bb20dd492.47983420 moved successfully.
========== FILES ==========
File\Folder C:\Users\Juan\AppData\Local\Temp\BridJExtractedLibraries6657907933462954121\bridj.dll not found.
File\Folder C:\Users\Juan\AppData\Local\Temp\JNativeHook_4697570738310298803.dll not found.
File\Folder C:\Users\Juan\AppData\Local\Temp\BridJExtractedLibraries6657907933462954121\OpenIMAJGrabber.dll not found.
File\Folder C:\Users\Juan\AppData\Local\Temp\RegSvcs.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Juan
->Flash cache emptied: 1132 bytes

User: Oscar
->Flash cache emptied: 867 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Juan
->Java cache emptied: 0 bytes

User: Oscar

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11112013_194938

#4
Gabriel1

Posted 11 November 2013 - 07:02 PM

Member

Topic Starter
Member
156 posts

fix was not enabled;

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-11 19:57:01
-----------------------------
19:57:01.363 OS Version: Windows x64 6.1.7601 Service Pack 1
19:57:01.364 Number of processors: 6 586 0x200
19:57:01.364 ComputerName: JUANSBEAST UserName: Juan
19:57:01.545 Initialize success
19:57:48.025 AVAST engine defs: 13110901
19:57:54.576 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000068
19:57:54.577 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 11
19:57:54.581 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000069
19:57:54.583 Disk 1 Vendor: M4-CT128 040H Size: 122104MB BusType: 11
19:57:54.603 Disk 1 MBR read successfully
19:57:54.604 Disk 1 MBR scan
19:57:54.607 Disk 1 Windows 7 default MBR code
19:57:54.616 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:57:54.639 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
19:57:54.691 Disk 1 scanning C:\Windows\system32\drivers
19:58:00.126 Service scanning
19:58:12.006 Modules scanning
19:58:12.177 AVAST engine scan C:\Windows
19:58:13.413 AVAST engine scan C:\Windows\system32
19:59:46.832 AVAST engine scan C:\Windows\system32\drivers
19:59:52.912 AVAST engine scan C:\Users\Juan
20:00:12.580 File: C:\Users\Juan\Desktop\black blue 4\1.EXTRAS\ThemeResourceChanger\ThemeResourceChangerX64-v10.exe **INFECTED** Win32:Malware-gen
20:00:12.987 File: C:\Users\Juan\Desktop\black blue 4\1.EXTRAS\ThemeResourceChanger\ThemeResourceChangerX86-v10.exe **INFECTED** Win32:Malware-gen
20:00:16.159 File: C:\Users\Juan\Desktop\black seven original\1.EXTRAS\ThemeResourceChangerX64-v10.exe **INFECTED** Win32:Malware-gen
20:00:16.566 File: C:\Users\Juan\Desktop\black seven original\1.EXTRAS\ThemeResourceChangerX86-v10.exe **INFECTED** Win32:Malware-gen
20:00:24.138 AVAST engine scan C:\ProgramData
20:00:26.856 Scan finished successfully
20:02:21.757 Disk 1 MBR has been saved successfully to "C:\Users\Juan\Desktop\MBR.dat"
20:02:21.761 The log file has been saved successfully to "C:\Users\Juan\Desktop\aswMBR.txt"

#5
Gabriel1

Posted 11 November 2013 - 07:09 PM

Member

Topic Starter
Member
156 posts

combofix

ComboFix 13-11-11.01 - Juan 11/11/2013 20:05:15.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16284.14468 [GMT -5:00]
Running from: c:\users\Juan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-10-12 to 2013-11-12 )))))))))))))))))))))))))))))))
.
.
2013-11-12 00:49 . 2013-11-12 00:49 -------- d-----w- C:\_OTL
2013-11-11 23:30 . 2013-11-11 23:30 -------- d-----w- c:\users\Juan\AppData\Local\Mozilla
2013-11-11 23:30 . 2013-11-11 23:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-11 22:45 . 2013-11-12 00:55 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B392505-1B5A-4673-9578-633547874A54}\offreg.dll
2013-11-11 22:31 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-11 22:29 . 2013-11-11 22:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-11-11 22:11 . 2013-11-11 22:11 -------- d-----w- c:\program files (x86)\ESET
2013-11-11 21:51 . 2013-11-11 22:29 -------- d-----w- c:\program files\Microsoft Security Client
2013-11-11 21:44 . 2013-11-11 21:44 25 ----a-w- c:\users\Juan\AppData\Roaming\r58Ies.tmp
2013-11-11 21:44 . 2013-11-11 22:24 -------- d-----w- c:\users\Juan\FTZOH
2013-11-11 15:30 . 2013-11-11 15:30 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-11-10 22:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-11-10 22:44 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-11-10 19:44 . 2013-11-10 19:44 -------- d-----w- c:\users\Juan\AppData\Roaming\Malwarebytes
2013-11-10 06:58 . 2013-11-10 06:58 -------- d-----w- c:\program files (x86)\NirSoft
2013-11-08 12:55 . 2013-10-14 07:12 10280728 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA8D6F0-474E-436D-A4EC-1E3574C91FA0}\mpengine.dll
2013-11-08 02:49 . 2013-11-12 00:52 -------- d-----w- c:\users\Juan\AppData\Roaming\Skype
2013-11-08 02:49 . 2013-11-08 02:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-11-08 02:49 . 2013-11-08 02:49 -------- d-----r- c:\program files (x86)\Skype
2013-11-08 02:49 . 2013-11-08 02:49 -------- d-----w- c:\programdata\Skype
2013-11-06 17:51 . 2013-11-06 17:51 -------- d-----w- c:\program files (x86)\dumps
2013-11-06 17:51 . 2013-11-11 03:15 -------- d-----w- c:\program files (x86)\Steam
2013-11-06 17:51 . 2013-11-06 18:20 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-11-06 05:43 . 2013-11-06 05:44 -------- d-----w- c:\program files (x86)\VLC Amigo Setup
2013-11-06 04:58 . 2013-11-06 05:00 -------- d-----w- c:\users\Juan\jagexcache
2013-11-06 04:58 . 2013-11-11 22:24 -------- d-----w- c:\users\Juan\AppData\Roaming\.tribot
2013-11-06 04:58 . 2013-11-06 04:58 -------- d-----w- c:\windows\Sun
2013-11-06 04:58 . 2013-11-06 04:58 -------- d-----w- c:\programdata\Oracle
2013-11-06 04:57 . 2013-11-06 04:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-06 04:57 . 2013-11-06 04:57 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-06 04:57 . 2013-11-06 04:57 -------- d-----w- c:\program files (x86)\Java
2013-11-06 04:57 . 2013-11-06 04:57 -------- d-----w- c:\programdata\McAfee
2013-10-16 21:57 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2013-10-16 21:57 . 2010-11-20 12:21 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2013-10-16 21:41 . 2013-10-16 21:41 -------- d-----w- c:\program files\Theme Resource Changer
2013-10-15 23:46 . 2013-10-15 23:46 -------- d-----w- c:\users\Oscar\AppData\Roaming\2K Sports
2013-10-15 23:31 . 2013-03-25 23:18 2345544 ----a-w- c:\windows\system32\drivers\RTWlanU.sys
2013-10-15 23:31 . 2013-01-21 20:17 430080 ----a-w- c:\windows\SwUSB.exe
2013-10-15 23:31 . 2012-09-20 14:00 36864 ----a-w- c:\windows\runSW.exe
2013-10-15 23:31 . 2011-07-06 12:31 595968 ----a-w- c:\windows\SysWow64\Rtlihvs.dll
2013-10-15 23:31 . 2013-10-15 23:31 -------- d-----w- c:\program files (x86)\Linksys WUSB6300
2013-10-15 20:19 . 2013-10-15 20:19 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2013-10-15 20:04 . 2013-10-15 20:04 -------- d-----w- c:\programdata\ASUS OC Profiles
2013-10-15 19:48 . 2013-10-15 19:48 -------- d-----w- c:\program files\ASUS
2013-10-15 19:48 . 2011-09-20 16:25 46152 ----a-w- c:\windows\SysWow64\drivers\ASUSFILTER.sys
2013-10-15 19:45 . 2012-05-31 15:06 32400 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2013-10-15 19:43 . 2012-04-19 13:19 14848 ----a-w- c:\windows\SysWow64\drivers\AiChargerPlus.sys
2013-10-15 19:38 . 2013-10-15 19:38 -------- d-----w- c:\program files (x86)\AMD APP
2013-10-15 19:38 . 2012-08-29 00:27 58536 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-10-15 19:38 . 2012-04-11 13:40 82560 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2013-10-15 19:38 . 2012-04-11 13:40 42624 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2013-10-15 19:30 . 2012-06-13 02:00 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-10-15 19:30 . 2012-06-13 02:00 726160 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-10-15 19:30 . 2012-06-13 02:00 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-10-15 19:30 . 2013-10-15 19:30 -------- d-----w- c:\program files (x86)\Realtek
2013-10-15 19:26 . 2013-10-15 20:05 5379904 ----a-w- c:\windows\PE_File.dll
2013-10-15 19:25 . 2013-11-10 19:30 1048576 ----a-w- c:\windows\PE_Rom.dll
2013-10-15 19:25 . 2012-10-12 08:59 14464 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2013-10-15 19:24 . 2008-12-03 00:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-10-15 19:24 . 2013-10-15 19:24 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-10-15 19:24 . 2013-11-11 15:34 -------- d-----w- c:\programdata\ASUS
2013-10-15 19:24 . 2013-10-15 19:44 -------- d-----w- c:\program files (x86)\ASUS
2013-10-15 19:24 . 2013-10-15 19:24 -------- d-----w- c:\windows\SysWow64\drivers\MFDLL
2013-10-15 19:24 . 2012-10-12 08:58 15232 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2013-10-15 19:24 . 2012-10-12 08:58 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2013-10-15 19:24 . 2008-01-04 17:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-10-15 19:24 . 2008-01-04 17:34 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-10-15 19:21 . 2013-10-15 19:21 -------- d-----w- c:\users\Oscar\AppData\Local\Adobe
2013-10-14 19:02 . 2013-10-14 19:02 -------- d-----w- c:\users\Oscar\AppData\Roaming\SynthMaker
2013-10-14 00:11 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-10-14 00:11 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-13 23:03 . 2013-10-13 23:03 -------- d-----w- c:\users\Oscar\AppData\Local\Activision
2013-10-13 22:57 . 2013-10-13 22:57 -------- d-----w- c:\users\Oscar\AppData\Roaming\Ubisoft
2013-10-13 22:57 . 2013-10-13 22:57 -------- d-----w- c:\programdata\Ubisoft
2013-10-13 22:57 . 2013-10-13 22:57 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-10-13 22:55 . 2013-10-13 22:55 -------- d-----w- c:\program files (x86)\Activision
2013-10-13 22:55 . 2013-10-13 22:55 -------- d-----w- c:\program files (x86)\GOG.com
2013-10-13 19:41 . 2007-11-06 16:23 40464 ----a-w- c:\windows\system32\drivers\npf.sys
2013-10-13 03:24 . 2013-10-27 00:01 -------- d-----w- c:\users\Oscar\AppData\Roaming\vlc
2013-10-13 01:55 . 2013-10-13 01:55 -------- d-----w- c:\users\Oscar\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 21:57 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2013-10-16 21:57 . 2013-10-10 22:49 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2013-10-16 21:49 . 2013-10-10 22:49 2851840 ----a-w- c:\windows\system32\themeui.dll
2013-10-12 01:34 . 2013-10-12 01:34 16896 ----a-w- c:\windows\AsTaskSched.dll
2013-10-12 01:01 . 2013-10-12 01:01 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-10-12 01:01 . 2013-10-12 01:01 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-10-12 01:01 . 2013-10-12 01:01 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-10-10 23:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-10-10 23:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-10-10 23:06 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2013-10-10 23:06 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2013-10-10 22:01 . 2013-10-10 22:01 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-10-10 19:00 . 2013-10-10 19:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 06:46 . 2013-10-10 20:23 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-14 01:10 . 2013-10-11 22:53 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-11 22:53 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 22:53 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 22:53 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-12 21:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-12 21:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-12 21:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-12 21:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-12 21:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-12 21:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-12 21:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-11 22:53 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 22:53 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 22:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 22:53 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 22:53 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 22:53 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 22:53 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 22:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 22:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 22:53 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 22:53 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 22:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 22:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 22:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 22:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 22:53 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 22:53 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 22:53 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
R4 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
R4 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]
R4 RunSwUSB;RunSwUSB;c:\windows\runSW.exe;c:\windows\runSW.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 WSWUSB6300;WSWUSB6300;c:\program files (x86)\Linksys WUSB6300\WifiSvc.exe;c:\program files (x86)\Linksys WUSB6300\WifiSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 20:15 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 18:57]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 18:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Juan\AppData\Roaming\Mozilla\Firefox\Profiles\aecl662i.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-11 20:09:15
ComboFix-quarantined-files.txt 2013-11-12 01:09
.
Pre-Run: 32,700,129,280 bytes free
Post-Run: 33,428,054,016 bytes free
.
- - End Of File - - 19EA6A3332C5103F7854154390B8A7C8
A36C5E4F47E84449FF07ED3517B43A31

#6
Gabriel1

Posted 11 November 2013 - 07:11 PM

Member

Topic Starter
Member
156 posts

frst:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Juan (administrator) on JUANSBEAST on 11-11-2013 20:09:58
Running from C:\Users\Juan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Juan\AppData\Roaming\Mozilla\Firefox\Profiles\aecl662i.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (James White) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0
CHR Extension: (YouTube) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Autocomplete = on) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-10-15] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-10-15] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-10-15] (ASUSTeK Computer Inc.)
S4 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2013-10-15] (ASUSTeK Computer Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S4 RunSwUSB; C:\Windows\runSW.exe [36864 2012-09-20] ()
S4 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [303952 2013-06-12] ()

==================== Drivers (Whitelisted) ====================

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-10-12] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-10-12] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2345544 2013-03-25] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2345544 2013-03-25] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-10] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
U3 aswMBR; \??\C:\Users\Juan\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-11 20:09 - 2013-11-11 20:09 - 00023593 _____ C:\ComboFix.txt
2013-11-11 20:09 - 2013-11-11 20:09 - 00000000 ____D C:\FRST
2013-11-11 20:04 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-11 20:04 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-11 20:04 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-11 20:04 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-11 20:04 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-11 20:04 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-11 20:04 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-11 20:04 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-11 20:03 - 2013-11-11 20:08 - 00000000 ____D C:\Windows\erdnt
2013-11-11 20:02 - 2013-11-11 20:02 - 00002187 _____ C:\Users\Juan\Desktop\aswMBR.txt
2013-11-11 20:02 - 2013-11-11 20:02 - 00000512 _____ C:\Users\Juan\Desktop\MBR.dat
2013-11-11 19:56 - 2013-11-11 19:56 - 04745728 _____ (AVAST Software) C:\Users\Juan\Desktop\aswmbr.exe
2013-11-11 19:52 - 2013-11-11 19:52 - 01048576 _____ C:\Users\Juan\Desktop\msert.exe
2013-11-11 19:51 - 2013-11-11 19:51 - 05145576 ____R (Swearware) C:\Users\Juan\Desktop\ComboFix.exe
2013-11-11 19:51 - 2013-11-11 19:51 - 01957590 _____ (Farbar) C:\Users\Juan\Desktop\FRST64.exe
2013-11-11 19:49 - 2013-11-11 19:49 - 00602112 _____ (OldTimer Tools) C:\Users\Juan\Desktop\OTL.exe
2013-11-11 19:49 - 2013-11-11 19:49 - 00000000 ____D C:\_OTL
2013-11-11 18:30 - 2013-11-11 18:30 - 00001189 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Mozilla
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\Users\Juan\AppData\Local\Mozilla
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-11 18:29 - 2013-11-11 18:29 - 23294592 _____ (Mozilla) C:\Users\Juan\Desktop\Firefox Setup 25.0.exe
2013-11-11 18:29 - 2013-11-11 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 17:41 - 2013-11-11 17:41 - 22205064 _____ (Microsoft Corporation) C:\Users\Juan\Desktop\Windows-KB890830-x64-V5.5.exe
2013-11-11 17:31 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-11 17:30 - 2013-11-11 17:30 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 17:30 - 2013-11-11 17:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 17:30 - 2013-11-11 17:30 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 17:30 - 2013-11-11 17:30 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 17:30 - 2013-11-11 17:30 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-11 17:30 - 2013-11-11 17:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-11 17:30 - 2013-11-11 17:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-11 17:30 - 2013-11-11 17:30 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-11 17:30 - 2013-11-11 17:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-11 17:30 - 2013-11-11 17:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-11 17:30 - 2013-11-11 17:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 17:29 - 2013-11-11 17:31 - 00007352 _____ C:\Windows\IE11_main.log
2013-11-11 17:29 - 2013-11-11 17:29 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-11 17:29 - 2013-11-11 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-11 17:18 - 2013-11-11 20:09 - 00000000 ____D C:\Qoobox
2013-11-11 17:11 - 2013-11-11 17:11 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-11 17:10 - 2013-11-11 17:11 - 04101100 _____ C:\Users\Juan\Desktop\tdsskiller.zip
2013-11-11 17:05 - 2013-11-11 17:05 - 00054516 _____ C:\Users\Juan\Desktop\Extras.Txt
2013-11-11 17:04 - 2013-11-11 17:04 - 00089424 _____ C:\Users\Juan\Desktop\OTL.Txt
2013-11-11 16:59 - 2013-11-11 16:59 - 00157240 _____ C:\Users\Juan\Desktop\JavaRa-2.3.zip
2013-11-11 16:51 - 2013-11-11 17:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-11 16:44 - 2013-11-11 17:24 - 00000000 ____D C:\Users\Juan\FTZOH
2013-11-11 16:44 - 2013-11-11 17:18 - 00034604 _____ C:\Users\Juan\AppData\Roaming\Juan.txt
2013-11-11 16:44 - 2013-11-11 16:44 - 00000025 _____ C:\Users\Juan\AppData\Roaming\r58Ies.tmp
2013-11-11 12:02 - 2013-11-11 12:02 - 00026982 _____ C:\Users\Juan\Desktop\[HorribleSubs] Magi S2 - 06 [720p].mkv.torrent
2013-11-11 10:30 - 2013-11-11 10:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Juan\Desktop\revosetup.exe
2013-11-11 10:30 - 2013-11-11 10:30 - 00001306 _____ C:\Users\Juan\Desktop\Revo Uninstaller.lnk
2013-11-11 10:30 - 2013-11-11 10:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-10 17:44 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-10 17:44 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-10 14:46 - 2013-11-10 14:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Juan\Desktop\tdsskiller.exe
2013-11-10 14:44 - 2013-11-10 14:44 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Malwarebytes
2013-11-10 14:39 - 2013-11-10 14:39 - 00354614 _____ C:\Users\Juan\Desktop\magepker.rar
2013-11-10 14:36 - 2013-11-10 14:38 - 00000000 ____D C:\Users\Juan\Desktop\SF_10-11-2013
2013-11-10 14:35 - 2013-11-10 14:35 - 00221159 _____ C:\Users\Juan\Desktop\SF_Diagnostic_Tool.zip
2013-11-10 11:29 - 2013-11-10 11:29 - 00008389 _____ C:\Users\Juan\Desktop\Grave Digger.zip
2013-11-10 11:28 - 2013-11-10 11:28 - 00006827 _____ C:\Users\Juan\Desktop\DG's BONER .rar
2013-11-10 01:58 - 2013-11-10 01:58 - 00141480 _____ C:\Users\Juan\Desktop\bluescreenview_setup.exe
2013-11-10 01:58 - 2013-11-10 01:58 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-11-10 01:58 - 2013-11-10 01:58 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-11-10 01:45 - 2013-11-10 01:45 - 00025685 _____ C:\Users\Juan\Desktop\[HorribleSubs] One Piece - 620 [720p].mkv.torrent
2013-11-09 15:33 - 2013-11-09 15:33 - 00017574 _____ C:\Users\Juan\Desktop\The Wolverine 2013 Unleashed Extended BDRip 720p x264 10bit AAC 5.1-MZON3.torrent
2013-11-08 14:38 - 2013-11-08 14:38 - 00276104 _____ C:\Windows\Minidump\110813-33774-01.dmp
2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\Windows\Minidump
2013-11-07 23:51 - 2013-11-07 23:51 - 00000043 _____ C:\Users\Juan\jagex_cl_runescape_LIVE.dat
2013-11-07 21:49 - 2013-11-11 19:52 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Skype
2013-11-07 21:49 - 2013-11-07 21:49 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-07 21:49 - 2013-11-07 21:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-07 21:49 - 2013-11-07 21:49 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 13:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-06 13:17 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-06 13:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-06 13:17 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-06 13:17 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-06 13:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-06 13:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-06 13:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-06 13:17 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-06 13:17 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-11-06 13:17 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-06 13:17 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-06 13:17 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-06 13:17 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-06 13:17 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-06 13:17 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-11-06 13:17 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-11-06 13:17 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-06 13:17 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-11-06 13:17 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-11-06 13:17 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-11-06 13:17 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-11-06 13:17 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-11-06 13:17 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-11-06 13:17 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-11-06 13:17 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-11-06 13:17 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-06 13:17 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-06 13:17 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-11-06 13:17 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-06 13:17 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-11-06 13:17 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-06 13:17 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-11-06 13:17 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-06 13:17 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-06 13:17 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-06 13:17 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-06 13:17 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-06 13:17 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-06 13:17 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-06 13:17 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-06 13:17 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-06 13:17 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-06 13:17 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-06 13:17 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-06 13:17 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-06 13:17 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-11-06 13:17 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-06 13:17 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-06 13:17 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-11-06 13:17 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-11-06 13:17 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-06 13:17 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-06 13:17 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-11-06 13:17 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-11-06 13:17 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-06 13:17 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-11-06 13:17 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-06 13:17 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-11-06 13:17 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-06 13:17 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-11-06 13:17 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-06 13:17 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-06 13:17 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-11-06 13:17 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-11-06 13:17 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-06 13:17 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-11-06 13:17 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-11-06 13:17 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-11-06 13:17 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-06 13:17 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-11-06 13:17 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-06 13:17 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-11-06 13:17 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-06 13:17 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-11-06 13:17 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-06 13:17 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-11-06 13:17 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-06 13:17 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-11-06 13:17 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-06 13:17 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-11-06 13:17 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-06 13:17 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-11-06 13:17 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-06 13:17 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-11-06 13:17 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-06 13:17 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-11-06 13:17 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-06 13:17 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-11-06 13:17 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-06 13:17 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-11-06 13:17 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-06 13:17 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-11-06 13:17 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-11-06 13:17 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-11-06 13:17 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-11-06 13:17 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-11-06 13:17 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-11-06 13:17 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-11-06 13:17 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-06 13:17 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-11-06 13:17 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-11-06 13:17 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-06 13:17 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-11-06 13:17 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-06 13:17 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-11-06 13:17 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-06 13:17 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-11-06 13:17 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-06 13:17 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-11-06 13:17 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-06 13:17 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-11-06 13:17 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-11-06 13:17 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-11-06 13:17 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-11-06 13:17 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-11-06 13:17 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-11-06 13:17 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-11-06 13:17 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-11-06 13:17 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-11-06 13:17 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-11-06 13:17 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-11-06 13:17 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-11-06 13:17 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-11-06 13:17 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-11-06 13:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-11-06 13:17 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-11-06 13:17 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-11-06 13:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-11-06 13:17 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-11-06 13:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-11-06 13:17 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-11-06 13:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-11-06 13:17 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-11-06 13:17 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-11-06 13:17 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-11-06 13:17 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-11-06 13:17 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-11-06 13:17 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-11-06 13:17 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-11-06 13:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-11-06 13:17 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-11-06 13:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-11-06 13:17 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-11-06 13:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-11-06 13:17 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-11-06 13:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-11-06 13:17 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-11-06 13:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-11-06 12:51 - 2013-11-10 22:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-06 12:51 - 2013-11-06 12:51 - 00000955 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-06 12:51 - 2013-11-06 12:51 - 00000000 ____D C:\Program Files (x86)\dumps
2013-11-06 01:01 - 2013-11-06 01:01 - 00038154 _____ C:\Users\Juan\Desktop\AIOMagic2.1.zip
2013-11-06 00:43 - 2013-11-06 00:44 - 00000000 ____D C:\Program Files (x86)\VLC Amigo Setup
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache5
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache4
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache3
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache2
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache1
2013-11-05 23:58 - 2013-11-11 18:03 - 00000043 _____ C:\Users\Juan\jagex_cl_oldschool_LIVE.dat
2013-11-05 23:58 - 2013-11-11 18:03 - 00000000 ____R C:\Users\Juan\random.dat
2013-11-05 23:58 - 2013-11-11 17:24 - 00000000 ____D C:\Users\Juan\AppData\Roaming\.tribot
2013-11-05 23:58 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache
2013-11-05 23:58 - 2013-11-05 23:58 - 00000000 ____D C:\Windows\Sun
2013-11-05 23:58 - 2013-11-05 23:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 23:57 - 2013-11-05 23:57 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 23:57 - 2013-11-05 23:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 23:57 - 2013-11-05 23:57 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 23:57 - 2013-11-05 23:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 23:57 - 2013-11-05 23:57 - 00000000 ____D C:\ProgramData\Sun
2013-11-05 23:57 - 2013-11-05 23:57 - 00000000 ____D C:\ProgramData\McAfee
2013-11-05 23:57 - 2013-11-05 23:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-31 20:19 - 2013-10-31 20:19 - 00000054 _____ C:\Users\Juan\Desktop\New Text Document.txt
2013-10-31 20:12 - 2013-10-31 20:12 - 00000000 _____ C:\Users\Juan\Desktop\cardspaid.txt
2013-10-25 19:15 - 2013-10-25 19:15 - 00000000 ____D C:\Users\Oscar\Documents\Games for Windows - LIVE Demos
2013-10-25 19:07 - 2013-10-25 19:07 - 00000000 ____D C:\Users\Oscar\Documents\Square Enix
2013-10-20 17:06 - 2013-10-20 17:06 - 00000017 _____ C:\Users\Juan\Desktop\Cards.txt
2013-10-16 16:57 - 2010-11-20 07:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup
2013-10-16 16:57 - 2009-07-13 20:11 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup
2013-10-16 16:41 - 2013-10-16 16:41 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Theme Resource Changer X64 v1.0
2013-10-16 16:41 - 2013-10-16 16:41 - 00000000 ____D C:\Program Files\Theme Resource Changer
2013-10-16 16:37 - 2013-11-05 23:52 - 00000000 ____D C:\Users\Juan\Desktop\black blue 4
2013-10-16 16:37 - 2012-03-02 10:20 - 00000000 ____D C:\Users\Juan\Desktop\black seven original
2013-10-16 16:34 - 2013-10-16 16:34 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-16 16:27 - 2013-10-16 16:27 - 00000000 ____D C:\Users\Juan\Desktop\windows 7 themes alien tech (red)
2013-10-15 18:46 - 2013-10-15 18:46 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\2K Sports
2013-10-15 18:31 - 2013-10-15 18:31 - 00000000 ____D C:\Program Files (x86)\Linksys WUSB6300
2013-10-15 18:31 - 2013-03-25 18:18 - 02345544 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2013-10-15 18:31 - 2013-01-21 15:17 - 00430080 _____ (Realtek) C:\Windows\SwUSB.exe
2013-10-15 18:31 - 2012-09-20 09:00 - 00036864 _____ () C:\Windows\runSW.exe
2013-10-15 18:31 - 2011-07-06 07:31 - 00595968 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2013-10-15 15:19 - 2013-10-15 15:19 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2013-10-15 14:48 - 2013-10-15 14:48 - 00000000 ____D C:\Program Files\ASUS
2013-10-15 14:48 - 2011-09-20 11:25 - 00046152 _____ (MCCI Corporation) C:\Windows\SysWOW64\Drivers\ASUSFILTER.sys
2013-10-15 14:47 - 2013-10-15 14:47 - 00000000 ____D C:\Users\Oscar\Documents\ASUS Remote GO!
2013-10-15 14:45 - 2012-05-31 10:06 - 00032400 _____ (NT Kernel Resources) C:\Windows\system32\Drivers\ndisrd.sys
2013-10-15 14:43 - 2012-04-19 08:19 - 00014848 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\Drivers\AiChargerPlus.sys
2013-10-15 14:41 - 2013-10-15 14:41 - 00003084 _____ C:\Windows\System32\Tasks\{136F6544-B552-4E21-A69A-3C4EC520F278}
2013-10-15 14:38 - 2013-10-15 14:38 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-10-15 14:38 - 2012-08-28 19:27 - 00058536 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2013-10-15 14:38 - 2012-04-11 08:40 - 00082560 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2013-10-15 14:38 - 2012-04-11 08:40 - 00042624 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2013-10-15 14:30 - 2013-10-15 14:30 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-15 14:30 - 2013-10-15 14:30 - 00000000 _____ C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_M5A97 R2.0.alu
2013-10-15 14:30 - 2012-06-12 21:00 - 00726160 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-10-15 14:30 - 2012-06-12 21:00 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-10-15 14:30 - 2012-06-12 21:00 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2013-10-15 14:26 - 2013-11-10 14:35 - 00000000 _____ C:\Windows\Path.idx
2013-10-15 14:26 - 2013-10-15 15:05 - 05379904 _____ C:\Windows\PE_File.dll
2013-10-15 14:25 - 2013-11-10 14:30 - 01048576 _____ C:\Windows\PE_Rom.dll
2013-10-15 14:25 - 2012-10-12 03:59 - 00014464 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys
2013-10-15 14:24 - 2013-11-11 10:34 - 00000000 ____D C:\ProgramData\ASUS
2013-10-15 14:24 - 2013-10-15 14:48 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-10-15 14:24 - 2013-10-15 14:44 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-10-15 14:24 - 2013-10-15 14:24 - 00000000 ____D C:\Windows\SysWOW64\Drivers\MFDLL
2013-10-15 14:24 - 2012-10-12 03:58 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2013-10-15 14:24 - 2012-10-12 03:58 - 00015232 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2013-10-15 14:24 - 2008-12-02 19:05 - 00184320 _____ (ASUSTeK) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll
2013-10-15 14:24 - 2008-01-04 12:34 - 00011832 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2013-10-15 14:24 - 2008-01-04 12:34 - 00010216 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2013-10-15 14:21 - 2013-10-15 14:21 - 00000000 ____D C:\Users\Oscar\AppData\Local\Adobe
2013-10-15 13:52 - 2013-11-10 17:39 - 00043439 _____ C:\Windows\runSW.log
2013-10-14 15:19 - 2013-10-14 15:19 - 00000000 ____D C:\Users\Oscar\Documents\CAPCOM
2013-10-14 14:02 - 2013-10-14 14:02 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\SynthMaker
2013-10-13 21:50 - 2013-10-13 21:50 - 00001306 _____ C:\Users\Oscar\Desktop\BlackOps - Shortcut.lnk
2013-10-13 19:11 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-13 19:11 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-13 18:13 - 2013-10-15 18:39 - 00000000 ____D C:\Users\Oscar\Downloads\Final.Fantasy.VII.Remake-RELOADED
2013-10-13 18:12 - 2013-10-15 18:34 - 00000000 ____D C:\Users\Oscar\Downloads\NBA.2K14-RELOADED
2013-10-13 18:11 - 2013-10-15 18:40 - 00000252 _____ C:\Users\Oscar\Documents\ax_files.xml
2013-10-13 18:03 - 2013-10-13 18:03 - 00000000 ____D C:\Users\Oscar\AppData\Local\Activision
2013-10-13 17:58 - 2013-10-13 17:58 - 00001806 _____ C:\Users\Oscar\Desktop\AssassinsCreed_Game - Shortcut.lnk
2013-10-13 17:57 - 2013-10-13 17:57 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\Ubisoft
2013-10-13 17:57 - 2013-10-13 17:57 - 00000000 ____D C:\ProgramData\Ubisoft
2013-10-13 17:57 - 2013-10-13 17:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-13 17:55 - 2013-10-13 17:55 - 00000000 ____D C:\Program Files (x86)\GOG.com
2013-10-13 17:55 - 2013-10-13 17:55 - 00000000 ____D C:\Program Files (x86)\Activision
2013-10-13 14:41 - 2013-10-13 14:41 - 00000000 ____D C:\Users\Oscar\Desktop\AE2500Win7_WHQL
2013-10-13 14:41 - 2007-11-06 11:23 - 00040464 _____ (CACE Technologies) C:\Windows\system32\Drivers\npf.sys
2013-10-12 22:24 - 2013-10-26 19:01 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\vlc
2013-10-12 21:07 - 2013-10-12 21:07 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\Macromedia
2013-10-12 20:49 - 2013-10-12 20:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-12 16:45 - 2013-10-12 16:46 - 00007542 _____ C:\Windows\IE10_main.log
2013-10-12 16:44 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 16:44 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 16:44 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 16:44 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 16:44 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 16:44 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-12 16:44 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 16:44 - 2013-01-13 16:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 16:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-12 16:44 - 2013-01-13 15:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-12 16:44 - 2013-01-13 15:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-12 16:44 - 2013-01-13 15:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-12 16:44 - 2013-01-13 15:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-12 16:44 - 2013-01-13 14:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-12 16:44 - 2013-01-13 14:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-12 16:44 - 2013-01-13 14:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-12 16:44 - 2013-01-13 14:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-12 16:44 - 2013-01-13 14:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-12 16:44 - 2013-01-13 14:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-12 16:44 - 2013-01-13 14:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-12 16:44 - 2013-01-13 14:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-12 16:44 - 2013-01-13 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-12 16:44 - 2013-01-13 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-12 16:44 - 2013-01-13 14:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-12 16:44 - 2013-01-13 14:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-12 16:44 - 2013-01-13 14:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-12 16:44 - 2013-01-13 14:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-12 16:44 - 2013-01-13 14:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-12 16:44 - 2013-01-13 14:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-12 16:44 - 2013-01-13 14:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-12 16:44 - 2013-01-13 14:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-12 16:44 - 2013-01-13 13:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-12 16:44 - 2013-01-13 13:32 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-12 16:44 - 2013-01-13 13:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-12 16:44 - 2013-01-13 12:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-12 16:44 - 2013-01-13 12:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-12 16:44 - 2013-01-04 01:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-12 16:44 - 2013-01-04 01:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-12 16:44 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-10-12 16:44 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-10-12 16:14 - 2013-10-12 16:15 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-10-12 16:14 - 2013-10-12 16:14 - 00001049 _____ C:\Users\Oscar\Desktop\SpeedFan.lnk
2013-10-12 16:14 - 2013-10-12 16:14 - 00001049 _____ C:\Users\Juan\Desktop\SpeedFan.lnk
2013-10-12 16:14 - 2013-10-12 16:14 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-10-12 16:14 - 2013-10-12 16:14 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan

==================== One Month Modified Files and Folders =======

2013-11-11 20:09 - 2013-11-11 20:09 - 00023593 _____ C:\ComboFix.txt
2013-11-11 20:09 - 2013-11-11 20:09 - 00000000 ____D C:\FRST
2013-11-11 20:09 - 2013-11-11 17:18 - 00000000 ____D C:\Qoobox
2013-11-11 20:09 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-11-11 20:08 - 2013-11-11 20:03 - 00000000 ____D C:\Windows\erdnt
2013-11-11 20:08 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-11-11 20:02 - 2013-11-11 20:02 - 00002187 _____ C:\Users\Juan\Desktop\aswMBR.txt
2013-11-11 20:02 - 2013-11-11 20:02 - 00000512 _____ C:\Users\Juan\Desktop\MBR.dat
2013-11-11 20:01 - 2009-07-14 00:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 20:00 - 2009-07-13 23:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 20:00 - 2009-07-13 23:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 19:59 - 2013-10-10 13:51 - 01967397 _____ C:\Windows\WindowsUpdate.log
2013-11-11 19:56 - 2013-11-11 19:56 - 04745728 _____ (AVAST Software) C:\Users\Juan\Desktop\aswmbr.exe
2013-11-11 19:55 - 2013-10-10 13:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 19:55 - 2013-10-10 13:50 - 00001455 _____ C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-11 19:55 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 19:55 - 2009-07-13 23:51 - 00021364 _____ C:\Windows\setupact.log
2013-11-11 19:54 - 2013-10-10 13:57 - 00000000 ____D C:\Users\Juan\AppData\Roaming\uTorrent
2013-11-11 19:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-11 19:52 - 2013-11-11 19:52 - 01048576 _____ C:\Users\Juan\Desktop\msert.exe
2013-11-11 19:52 - 2013-11-07 21:49 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Skype
2013-11-11 19:51 - 2013-11-11 19:51 - 05145576 ____R (Swearware) C:\Users\Juan\Desktop\ComboFix.exe
2013-11-11 19:51 - 2013-11-11 19:51 - 01957590 _____ (Farbar) C:\Users\Juan\Desktop\FRST64.exe
2013-11-11 19:49 - 2013-11-11 19:49 - 00602112 _____ (OldTimer Tools) C:\Users\Juan\Desktop\OTL.exe
2013-11-11 19:49 - 2013-11-11 19:49 - 00000000 ____D C:\_OTL
2013-11-11 19:49 - 2013-10-10 13:50 - 00000000 ____D C:\Users\Juan
2013-11-11 19:14 - 2013-10-10 13:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-11 18:30 - 2013-11-11 18:30 - 00001189 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Mozilla
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\Users\Juan\AppData\Local\Mozilla
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-11 18:30 - 2013-11-11 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-11 18:29 - 2013-11-11 18:29 - 23294592 _____ (Mozilla) C:\Users\Juan\Desktop\Firefox Setup 25.0.exe
2013-11-11 18:29 - 2013-11-11 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 18:03 - 2013-11-05 23:58 - 00000043 _____ C:\Users\Juan\jagex_cl_oldschool_LIVE.dat
2013-11-11 18:03 - 2013-11-05 23:58 - 00000000 ____R C:\Users\Juan\random.dat
2013-11-11 17:41 - 2013-11-11 17:41 - 22205064 _____ (Microsoft Corporation) C:\Users\Juan\Desktop\Windows-KB890830-x64-V5.5.exe
2013-11-11 17:31 - 2013-11-11 17:29 - 00007352 _____ C:\Windows\IE11_main.log
2013-11-11 17:30 - 2013-11-11 17:30 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 17:30 - 2013-11-11 17:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 17:30 - 2013-11-11 17:30 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 17:30 - 2013-11-11 17:30 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 17:30 - 2013-11-11 17:30 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-11 17:30 - 2013-11-11 17:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-11 17:30 - 2013-11-11 17:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-11 17:30 - 2013-11-11 17:30 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-11 17:30 - 2013-11-11 17:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-11 17:30 - 2013-11-11 17:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-11 17:30 - 2013-11-11 17:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-11 17:30 - 2013-11-11 17:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-11 17:30 - 2013-11-11 17:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 17:29 - 2013-11-11 17:29 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-11 17:29 - 2013-11-11 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-11 17:29 - 2013-11-11 16:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-11 17:24 - 2013-11-11 16:44 - 00000000 ____D C:\Users\Juan\FTZOH
2013-11-11 17:24 - 2013-11-05 23:58 - 00000000 ____D C:\Users\Juan\AppData\Roaming\.tribot
2013-11-11 17:24 - 2013-10-10 21:18 - 00000000 ____D C:\Users\Oscar
2013-11-11 17:24 - 2013-10-10 13:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-11 17:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-11-11 17:18 - 2013-11-11 16:44 - 00034604 _____ C:\Users\Juan\AppData\Roaming\Juan.txt
2013-11-11 17:11 - 2013-11-11 17:11 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-11 17:11 - 2013-11-11 17:10 - 04101100 _____ C:\Users\Juan\Desktop\tdsskiller.zip
2013-11-11 17:05 - 2013-11-11 17:05 - 00054516 _____ C:\Users\Juan\Desktop\Extras.Txt
2013-11-11 17:04 - 2013-11-11 17:04 - 00089424 _____ C:\Users\Juan\Desktop\OTL.Txt
2013-11-11 16:59 - 2013-11-11 16:59 - 00157240 _____ C:\Users\Juan\Desktop\JavaRa-2.3.zip
2013-11-11 16:44 - 2013-11-11 16:44 - 00000025 _____ C:\Users\Juan\AppData\Roaming\r58Ies.tmp
2013-11-11 12:02 - 2013-11-11 12:02 - 00026982 _____ C:\Users\Juan\Desktop\[HorribleSubs] Magi S2 - 06 [720p].mkv.torrent
2013-11-11 10:34 - 2013-10-15 14:24 - 00000000 ____D C:\ProgramData\ASUS
2013-11-11 10:30 - 2013-11-11 10:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Juan\Desktop\revosetup.exe
2013-11-11 10:30 - 2013-11-11 10:30 - 00001306 _____ C:\Users\Juan\Desktop\Revo Uninstaller.lnk
2013-11-11 10:30 - 2013-11-11 10:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-11 10:27 - 2013-10-10 14:06 - 00000000 ____D C:\ProgramData\AMD
2013-11-10 22:15 - 2013-11-06 12:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-10 17:39 - 2013-10-15 13:52 - 00043439 _____ C:\Windows\runSW.log
2013-11-10 14:46 - 2013-11-10 14:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Juan\Desktop\tdsskiller.exe
2013-11-10 14:44 - 2013-11-10 14:44 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Malwarebytes
2013-11-10 14:39 - 2013-11-10 14:39 - 00354614 _____ C:\Users\Juan\Desktop\magepker.rar
2013-11-10 14:38 - 2013-11-10 14:36 - 00000000 ____D C:\Users\Juan\Desktop\SF_10-11-2013
2013-11-10 14:35 - 2013-11-10 14:35 - 00221159 _____ C:\Users\Juan\Desktop\SF_Diagnostic_Tool.zip
2013-11-10 14:35 - 2013-10-15 14:26 - 00000000 _____ C:\Windows\Path.idx
2013-11-10 14:30 - 2013-10-15 14:25 - 01048576 _____ C:\Windows\PE_Rom.dll
2013-11-10 11:29 - 2013-11-10 11:29 - 00008389 _____ C:\Users\Juan\Desktop\Grave Digger.zip
2013-11-10 11:28 - 2013-11-10 11:28 - 00006827 _____ C:\Users\Juan\Desktop\DG's BONER .rar
2013-11-10 01:58 - 2013-11-10 01:58 - 00141480 _____ C:\Users\Juan\Desktop\bluescreenview_setup.exe
2013-11-10 01:58 - 2013-11-10 01:58 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2013-11-10 01:58 - 2013-11-10 01:58 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-11-10 01:45 - 2013-11-10 01:45 - 00025685 _____ C:\Users\Juan\Desktop\[HorribleSubs] One Piece - 620 [720p].mkv.torrent
2013-11-09 15:49 - 2013-10-10 19:38 - 00000000 ____D C:\Users\Juan\AppData\Roaming\vlc
2013-11-09 15:33 - 2013-11-09 15:33 - 00017574 _____ C:\Users\Juan\Desktop\The Wolverine 2013 Unleashed Extended BDRip 720p x264 10bit AAC 5.1-MZON3.torrent
2013-11-08 14:38 - 2013-11-08 14:38 - 00276104 _____ C:\Windows\Minidump\110813-33774-01.dmp
2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\Windows\Minidump
2013-11-07 23:51 - 2013-11-07 23:51 - 00000043 _____ C:\Users\Juan\jagex_cl_runescape_LIVE.dat
2013-11-07 21:49 - 2013-11-07 21:49 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-07 21:49 - 2013-11-07 21:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-07 21:49 - 2013-11-07 21:49 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 13:17 - 2013-10-10 14:29 - 00096792 _____ C:\Windows\DirectX.log
2013-11-06 12:51 - 2013-11-06 12:51 - 00000955 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-06 12:51 - 2013-11-06 12:51 - 00000000 ____D C:\Program Files (x86)\dumps
2013-11-06 01:01 - 2013-11-06 01:01 - 00038154 _____ C:\Users\Juan\Desktop\AIOMagic2.1.zip
2013-11-06 00:44 - 2013-11-06 00:43 - 00000000 ____D C:\Program Files (x86)\VLC Amigo Setup
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache5
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache4
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache3
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache2
2013-11-06 00:00 - 2013-11-06 00:00 - 00000000 ____D C:\Users\Juan\jagexcache1
2013-11-06 00:00 - 2013-11-05 23:58 - 00000000 ____D C:\Users\Juan\jagexcache
2013-11-05 23:58 - 2013-11-05 23:58 - 00000000 ____D C:\Windows\Sun
2013-11-05 23:58 - 2013-11-05 23:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 23:57 - 2013-11-05 23:57 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 23:57 - 2013-11-05 23:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 23:57 - 2013-11-05 23:57 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 23:57 - 2013-11-05 23:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 23:57 - 2013-11-05 23:57 - 00000000 ____D C:\ProgramData\Sun
2013-11-05 23:57 - 2013-11-05 23:57 - 00000000 ____D C:\ProgramData\McAfee
2013-11-05 23:57 - 2013-11-05 23:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-05 23:53 - 2013-10-10 13:57 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-05 23:52 - 2013-10-16 16:37 - 00000000 ____D C:\Users\Juan\Desktop\black blue 4
2013-10-31 20:19 - 2013-10-31 20:19 - 00000054 _____ C:\Users\Juan\Desktop\New Text Document.txt
2013-10-31 20:12 - 2013-10-31 20:12 - 00000000 _____ C:\Users\Juan\Desktop\cardspaid.txt
2013-10-26 19:01 - 2013-10-12 22:24 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\vlc
2013-10-25 19:50 - 2013-10-11 19:55 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\uTorrent
2013-10-25 19:15 - 2013-10-25 19:15 - 00000000 ____D C:\Users\Oscar\Documents\Games for Windows - LIVE Demos
2013-10-25 19:07 - 2013-10-25 19:07 - 00000000 ____D C:\Users\Oscar\Documents\Square Enix
2013-10-20 17:06 - 2013-10-20 17:06 - 00000017 _____ C:\Users\Juan\Desktop\Cards.txt
2013-10-20 14:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\oobe
2013-10-16 19:53 - 2013-10-10 14:18 - 00005870 _____ C:\Windows\PFRO.log
2013-10-16 16:57 - 2013-10-10 17:49 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-10-16 16:57 - 2009-07-13 18:39 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-16 16:49 - 2013-10-10 17:49 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-10-16 16:41 - 2013-10-16 16:41 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Theme Resource Changer X64 v1.0
2013-10-16 16:41 - 2013-10-16 16:41 - 00000000 ____D C:\Program Files\Theme Resource Changer
2013-10-16 16:34 - 2013-10-16 16:34 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-16 16:27 - 2013-10-16 16:27 - 00000000 ____D C:\Users\Juan\Desktop\windows 7 themes alien tech (red)
2013-10-16 15:18 - 2013-10-10 13:57 - 00002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 18:46 - 2013-10-15 18:46 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\2K Sports
2013-10-15 18:40 - 2013-10-13 18:11 - 00000252 _____ C:\Users\Oscar\Documents\ax_files.xml
2013-10-15 18:39 - 2013-10-13 18:13 - 00000000 ____D C:\Users\Oscar\Downloads\Final.Fantasy.VII.Remake-RELOADED
2013-10-15 18:34 - 2013-10-13 18:12 - 00000000 ____D C:\Users\Oscar\Downloads\NBA.2K14-RELOADED
2013-10-15 18:31 - 2013-10-15 18:31 - 00000000 ____D C:\Program Files (x86)\Linksys WUSB6300
2013-10-15 15:21 - 2013-10-11 19:59 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-10-15 15:19 - 2013-10-15 15:19 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2013-10-15 15:19 - 2013-10-11 20:18 - 00055436 _____ C:\Windows\DPINST.LOG
2013-10-15 15:05 - 2013-10-15 14:26 - 05379904 _____ C:\Windows\PE_File.dll
2013-10-15 14:48 - 2013-10-15 14:48 - 00000000 ____D C:\Program Files\ASUS
2013-10-15 14:48 - 2013-10-15 14:24 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-10-15 14:47 - 2013-10-15 14:47 - 00000000 ____D C:\Users\Oscar\Documents\ASUS Remote GO!
2013-10-15 14:44 - 2013-10-15 14:24 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-10-15 14:41 - 2013-10-15 14:41 - 00003084 _____ C:\Windows\System32\Tasks\{136F6544-B552-4E21-A69A-3C4EC520F278}
2013-10-15 14:38 - 2013-10-15 14:38 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-10-15 14:30 - 2013-10-15 14:30 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-15 14:30 - 2013-10-15 14:30 - 00000000 _____ C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_M5A97 R2.0.alu
2013-10-15 14:24 - 2013-10-15 14:24 - 00000000 ____D C:\Windows\SysWOW64\Drivers\MFDLL
2013-10-15 14:21 - 2013-10-15 14:21 - 00000000 ____D C:\Users\Oscar\AppData\Local\Adobe
2013-10-15 14:21 - 2013-10-11 19:56 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\Adobe
2013-10-14 22:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-14 18:00 - 2013-11-11 17:31 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-10-14 15:19 - 2013-10-14 15:19 - 00000000 ____D C:\Users\Oscar\Documents\CAPCOM
2013-10-14 14:02 - 2013-10-14 14:02 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\SynthMaker
2013-10-13 21:50 - 2013-10-13 21:50 - 00001306 _____ C:\Users\Oscar\Desktop\BlackOps - Shortcut.lnk
2013-10-13 18:03 - 2013-10-13 18:03 - 00000000 ____D C:\Users\Oscar\AppData\Local\Activision
2013-10-13 17:58 - 2013-10-13 17:58 - 00001806 _____ C:\Users\Oscar\Desktop\AssassinsCreed_Game - Shortcut.lnk
2013-10-13 17:57 - 2013-10-13 17:57 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\Ubisoft
2013-10-13 17:57 - 2013-10-13 17:57 - 00000000 ____D C:\ProgramData\Ubisoft
2013-10-13 17:57 - 2013-10-13 17:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-13 17:55 - 2013-10-13 17:55 - 00000000 ____D C:\Program Files (x86)\GOG.com
2013-10-13 17:55 - 2013-10-13 17:55 - 00000000 ____D C:\Program Files (x86)\Activision
2013-10-13 14:41 - 2013-10-13 14:41 - 00000000 ____D C:\Users\Oscar\Desktop\AE2500Win7_WHQL
2013-10-13 13:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-10-12 21:09 - 2013-10-10 13:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 21:09 - 2013-10-10 13:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 21:07 - 2013-10-12 21:07 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\Macromedia
2013-10-12 20:49 - 2013-10-12 20:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-12 18:16 - 2013-10-10 21:18 - 00001455 _____ C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-12 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-12 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-12 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-10-12 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-10-12 16:46 - 2013-10-12 16:45 - 00007542 _____ C:\Windows\IE10_main.log
2013-10-12 16:15 - 2013-10-12 16:14 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-10-12 16:14 - 2013-10-12 16:14 - 00001049 _____ C:\Users\Oscar\Desktop\SpeedFan.lnk
2013-10-12 16:14 - 2013-10-12 16:14 - 00001049 _____ C:\Users\Juan\Desktop\SpeedFan.lnk
2013-10-12 16:14 - 2013-10-12 16:14 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-10-12 16:14 - 2013-10-12 16:14 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-10-12 16:08 - 2013-10-10 13:50 - 00000000 ___RD C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-12 16:08 - 2013-10-10 13:50 - 00000000 ___RD C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Files to move or delete:
====================
C:\Users\Juan\jagex_cl_oldschool_LIVE.dat
C:\Users\Juan\jagex_cl_runescape_LIVE.dat
C:\Users\Juan\random.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-10 02:44

==================== End Of Log ============================

additional;

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Juan at 2013-11-11 20:10:21
Running from C:\Users\Juan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30180)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70928.1539)
ASIO4ALL (x32 Version: 2.10)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.10.0)
Assassin's Creed (x32)
Call of Duty: Black Ops (x32)
FINAL FANTASY VII (x32 Version: 1.0)
FL Studio 10 (x32)
Google Chrome (x32 Version: 65.143.49221)
Google Update Helper (x32 Version: 1.3.21.165)
inSSIDer 3 (x32 Version: 3.0.7.48)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Linksys Dual Band Wireless-AC USB Adapter (x32 Version: 1.0.0.12)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
NirSoft BlueScreenView (x32)
No More Room in [bleep] (x32)
NVIDIA PhysX (x32 Version: 9.12.0213)
original theme (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.61.612.2012)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Skype™ 6.10 (x32 Version: 6.10.104)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
Street Fighter X Tekken (x32 Version: 1.0.0.0)
Theme Resource Changer X64 v1.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VLC Amigo Setup (x32 Version: 3.2.0)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 5.00 (64-bit) (Version: 5.00.0)

==================== Restore Points =========================

12-11-2013 01:04:42 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-11-11 20:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {02DD44F5-34FE-4CDA-A637-8981DEACD156} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {1908B5DD-0CF1-4599-AB13-2CF875993169} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4288066342-3130126178-2976922584-1000
Task: {5301E6AF-3CBE-4DC5-A02F-5E83A3FA5B3F} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe
Task: {56B9A19D-00DE-4FAA-AB1C-AB1E1E300605} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {5C440800-5ED2-4CEE-9DBA-C0603031286D} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {7D5B649E-FB81-4E57-A75F-B8A7345EBED3} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe
Task: {BE00C452-F417-46E0-B059-20EFC336BED0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {CF694B74-8EB0-4D8B-B28C-4399ADA6D0DB} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe [2012-07-12] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-16 15:18 - 2013-10-08 19:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-16 15:18 - 2013-10-08 19:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-16 15:18 - 2013-10-08 19:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-16 15:18 - 2013-10-08 19:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-16 15:18 - 2013-10-08 19:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2013 10:32:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: Setup.exe_ASUS AI Suite II, version: 2.0.1.0, time stamp: 0x506a8088
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x93c
Faulting application start time: 0xSetup.exe_ASUS AI Suite II0
Faulting application path: Setup.exe_ASUS AI Suite II1
Faulting module path: Setup.exe_ASUS AI Suite II2
Report Id: Setup.exe_ASUS AI Suite II3

Error: (11/11/2013 10:24:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: Setup.exe_ASUS AI Suite II, version: 2.0.1.0, time stamp: 0x506a8088
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x1348
Faulting application start time: 0xSetup.exe_ASUS AI Suite II0
Faulting application path: Setup.exe_ASUS AI Suite II1
Faulting module path: Setup.exe_ASUS AI Suite II2
Report Id: Setup.exe_ASUS AI Suite II3

Error: (11/11/2013 10:24:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: Setup.exe_ASUS AI Suite II, version: 2.0.1.0, time stamp: 0x506a8088
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xf94
Faulting application start time: 0xSetup.exe_ASUS AI Suite II0
Faulting application path: Setup.exe_ASUS AI Suite II1
Faulting module path: Setup.exe_ASUS AI Suite II2
Report Id: Setup.exe_ASUS AI Suite II3

Error: (11/11/2013 07:38:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: AI Suite II.exe, version: 2.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xcac
Faulting application start time: 0xAI Suite II.exe0
Faulting application path: AI Suite II.exe1
Faulting module path: AI Suite II.exe2
Report Id: AI Suite II.exe3

Error: (11/11/2013 07:38:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xc58
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3

Error: (11/11/2013 07:38:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: TurboVHelp.exe, version: 1.0.1.36, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xba4
Faulting application start time: 0xTurboVHelp.exe0
Faulting application path: TurboVHelp.exe1
Faulting module path: TurboVHelp.exe2
Report Id: TurboVHelp.exe3

Error: (11/10/2013 05:41:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: AI Suite II.exe, version: 2.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xd4c
Faulting application start time: 0xAI Suite II.exe0
Faulting application path: AI Suite II.exe1
Faulting module path: AI Suite II.exe2
Report Id: AI Suite II.exe3

Error: (11/10/2013 05:41:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xa98
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3

Error: (11/10/2013 05:41:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: TurboVHelp.exe, version: 1.0.1.36, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xbe0
Faulting application start time: 0xTurboVHelp.exe0
Faulting application path: TurboVHelp.exe1
Faulting module path: TurboVHelp.exe2
Report Id: TurboVHelp.exe3

Error: (11/10/2013 05:37:24 PM) (Source: Application Hang) (User: )
Description: The program java.exe version 7.0.450.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1118

Start Time: 01cede54a6b1fa74

Termination Time: 38

Application Path: C:\Program Files (x86)\Java\jre7\bin\java.exe

Report Id: aa3f605b-4a58-11e3-8c33-60a44c5ad54f

System errors:
=============
Error: (11/11/2013 08:08:12 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/11/2013 08:07:40 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/11/2013 08:06:17 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/11/2013 07:54:22 PM) (Source: DCOM) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (11/11/2013 05:56:38 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/11/2013 05:30:06 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.3.0215.00

Source Path: 4.3.0215.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/11/2013 05:30:06 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.3.0215.00

Source Path: 4.3.0215.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/11/2013 05:30:06 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.3.0215.00

Source Path: 4.3.0215.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/11/2013 05:27:00 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/11/2013 05:27:00 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (11/11/2013 10:32:28 AM) (Source: Application Error)(User: )
Description: Setup.exe_ASUS AI Suite II2.0.1.0506a8088KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f93c01cedef339a99e01C:\ProgramData\ASUS\AI Suite II\Setup.exeC:\Windows\syswow64\KERNELBASE.dll78bb9a25-4ae6-11e3-91d5-60a44c5ad54f

Error: (11/11/2013 10:24:43 AM) (Source: Application Error)(User: )
Description: Setup.exe_ASUS AI Suite II2.0.1.0506a8088KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f134801cedef22493896cC:\ProgramData\ASUS\AI Suite II\Setup.exeC:\Windows\syswow64\KERNELBASE.dll63381c27-4ae5-11e3-91d5-60a44c5ad54f

Error: (11/11/2013 10:24:36 AM) (Source: Application Error)(User: )
Description: Setup.exe_ASUS AI Suite II2.0.1.0506a8088KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41ff9401cedef2201c6f7fC:\ProgramData\ASUS\AI Suite II\Setup.exeC:\Windows\syswow64\KERNELBASE.dll5f65f734-4ae5-11e3-91d5-60a44c5ad54f

Error: (11/11/2013 07:38:14 AM) (Source: Application Error)(User: )
Description: AI Suite II.exe2.0.0.000000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fcac01cededae26464beC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Windows\syswow64\KERNELBASE.dll21a8bc40-4ace-11e3-91d5-60a44c5ad54f

Error: (11/11/2013 07:38:07 AM) (Source: Application Error)(User: )
Description: EPUHelp.exe1.0.0.3100000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fc5801cededadf58ee14C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Windows\syswow64\KERNELBASE.dll1d3f8537-4ace-11e3-91d5-60a44c5ad54f

Error: (11/11/2013 07:38:05 AM) (Source: Application Error)(User: )
Description: TurboVHelp.exe1.0.1.3600000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fba401cededadc42d8b7C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exeC:\Windows\syswow64\KERNELBASE.dll1bbb5088-4ace-11e3-91d5-60a44c5ad54f

Error: (11/10/2013 05:41:14 PM) (Source: Application Error)(User: )
Description: AI Suite II.exe2.0.0.000000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fd4c01cede65f3f943e5C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Windows\syswow64\KERNELBASE.dll33c82a2e-4a59-11e3-af9e-60a44c5ad54f

Error: (11/10/2013 05:41:08 PM) (Source: Application Error)(User: )
Description: EPUHelp.exe1.0.0.3100000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fa9801cede65f2216fbcC:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Windows\syswow64\KERNELBASE.dll303902a6-4a59-11e3-af9e-60a44c5ad54f

Error: (11/10/2013 05:41:04 PM) (Source: Application Error)(User: )
Description: TurboVHelp.exe1.0.1.3600000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fbe001cede65eed91eaaC:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exeC:\Windows\syswow64\KERNELBASE.dll2e42827b-4a59-11e3-af9e-60a44c5ad54f

Error: (11/10/2013 05:37:24 PM) (Source: Application Hang)(User: )
Description: java.exe7.0.450.18111801cede54a6b1fa7438C:\Program Files (x86)\Java\jre7\bin\java.exeaa3f605b-4a58-11e3-8c33-60a44c5ad54f

CodeIntegrity Errors:
===================================
Date: 2013-11-11 20:07:40.910
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 20:07:40.879
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:51.336
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Juan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:51.310
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Juan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:51.284
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Juan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:51.257
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Juan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:50.302
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Juan\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:50.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Juan\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:47.188
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-11 17:19:47.162
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 16284.36 MB
Available physical RAM: 14053.52 MB
Total Pagefile: 32566.89 MB
Available Pagefile: 30342.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:31.15 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:465.66 GB) (Free:275.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 756716F8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 798E20CC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#7
RKinner

Posted 11 November 2013 - 07:54 PM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\Windows\SysNative\drivers\ndisrd.sys
C:\Users\Juan\AppData\Roaming\Juan.txt
C:\Users\Juan\AppData\Roaming\r58Ies.tmp

Driver::
ndisrd

Folder::
C:\Users\Juan\FTZOH
C:\Program Files\Theme Resource Changer

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

You certainly had something. Can't tell what it was Java based.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Go into Control Panel, Java, Security and set the slider to the Highest then OK.

I'm not really impressed by Microsoft Security Essentials so I'd like you to install the free Avast and run a boot-time scan:

http://www.avast.com/index
Click on Download then choose the free version. Save the installer (decline the Chrome and Google Toolbar offers and stick with the free Basic service.)

Uninstall Microsoft Security Essentials

Reboot

Install Avast by right clicking and Run As Admin. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Once you get it installed and updated set it up to do a boot-time scan:

First mute the speakers so it won't wake you up when Windows loads. (I recommend running this while you sleep because it can take over 6 hours to complete.)
Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report. If it found anything then open the aswBoot.txt file and copy and paste it. If you can't find it then take a screen shot of the Detailed Report:

Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.

Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Avast

Select a file type. jpeg

Click the Save button.

I would not be surprised to see Avast find stuff in c:\_OTL\ and in C:\Combofix. These are were OTL and Combofix keep the files they remove.

#8
Gabriel1

Posted 11 November 2013 - 08:04 PM

Member

Topic Starter
Member
156 posts

heres the combofix log, currently working on the other steps.

ComboFix 13-11-11.01 - Juan 11/11/2013 20:57:01.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16284.13648 [GMT -5:00]
Running from: c:\users\Juan\Desktop\ComboFix.exe
Command switches used :: c:\users\Juan\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Juan\AppData\Roaming\Juan.txt"
"c:\users\Juan\AppData\Roaming\r58Ies.tmp"
"c:\windows\system32\drivers\ndisrd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Theme Resource Changer
c:\program files\Theme Resource Changer\sseexec.dat
c:\program files\Theme Resource Changer\SSEun.dat
c:\program files\Theme Resource Changer\ThemeResourceChanger.dll
c:\program files\Theme Resource Changer\Uninstall-ThemeResourceChangerX64.exe
c:\users\Juan\AppData\Roaming\Juan.txt
c:\users\Juan\AppData\Roaming\r58Ies.tmp
c:\users\Juan\FTZOH
c:\users\Juan\FTZOH\CHYVS
c:\users\Juan\FTZOH\IZCKP
c:\users\Juan\FTZOH\NRJKQ
c:\users\Juan\FTZOH\QMCXH
c:\users\Juan\FTZOH\XRLVF
c:\users\Juan\FTZOH\YMQGIX
c:\windows\system32\drivers\ndisrd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NDISRD
-------\Service_ndisrd
.
.
((((((((((((((((((((((((( Files Created from 2013-10-12 to 2013-11-12 )))))))))))))))))))))))))))))))
.
.
2013-11-12 01:59 . 2013-11-12 01:59 -------- d-----w- c:\users\Oscar\AppData\Local\temp
2013-11-12 01:59 . 2013-11-12 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 01:14 . 2013-11-12 01:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-12 01:14 . 2013-11-12 01:14 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-12 01:14 . 2013-11-12 01:14 -------- d-----w- c:\program files (x86)\Java
2013-11-12 01:09 . 2013-11-12 01:09 -------- d-----w- C:\FRST
2013-11-12 00:49 . 2013-11-12 00:49 -------- d-----w- C:\_OTL
2013-11-11 23:30 . 2013-11-11 23:30 -------- d-----w- c:\users\Juan\AppData\Local\Mozilla
2013-11-11 23:30 . 2013-11-11 23:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-11 22:31 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-11 22:29 . 2013-11-11 22:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-11-11 22:11 . 2013-11-11 22:11 -------- d-----w- c:\program files (x86)\ESET
2013-11-11 21:51 . 2013-11-11 22:29 -------- d-----w- c:\program files\Microsoft Security Client
2013-11-11 15:30 . 2013-11-11 15:30 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-11-10 22:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-11-10 22:44 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-11-10 19:44 . 2013-11-10 19:44 -------- d-----w- c:\users\Juan\AppData\Roaming\Malwarebytes
2013-11-10 06:58 . 2013-11-10 06:58 -------- d-----w- c:\program files (x86)\NirSoft
2013-11-08 12:55 . 2013-10-14 07:12 10280728 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA8D6F0-474E-436D-A4EC-1E3574C91FA0}\mpengine.dll
2013-11-08 02:49 . 2013-11-12 01:49 -------- d-----w- c:\users\Juan\AppData\Roaming\Skype
2013-11-08 02:49 . 2013-11-08 02:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-11-08 02:49 . 2013-11-08 02:49 -------- d-----r- c:\program files (x86)\Skype
2013-11-08 02:49 . 2013-11-08 02:49 -------- d-----w- c:\programdata\Skype
2013-11-06 17:51 . 2013-11-06 17:51 -------- d-----w- c:\program files (x86)\dumps
2013-11-06 17:51 . 2013-11-11 03:15 -------- d-----w- c:\program files (x86)\Steam
2013-11-06 17:51 . 2013-11-06 18:20 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-11-06 05:43 . 2013-11-06 05:44 -------- d-----w- c:\program files (x86)\VLC Amigo Setup
2013-11-06 04:58 . 2013-11-06 05:00 -------- d-----w- c:\users\Juan\jagexcache
2013-11-06 04:58 . 2013-11-11 22:24 -------- d-----w- c:\users\Juan\AppData\Roaming\.tribot
2013-11-06 04:58 . 2013-11-06 04:58 -------- d-----w- c:\windows\Sun
2013-11-06 04:58 . 2013-11-12 01:14 -------- d-----w- c:\programdata\Oracle
2013-11-06 04:57 . 2013-11-06 04:57 -------- d-----w- c:\programdata\McAfee
2013-10-16 21:57 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2013-10-16 21:57 . 2010-11-20 12:21 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2013-10-15 23:46 . 2013-10-15 23:46 -------- d-----w- c:\users\Oscar\AppData\Roaming\2K Sports
2013-10-15 23:31 . 2013-03-25 23:18 2345544 ----a-w- c:\windows\system32\drivers\RTWlanU.sys
2013-10-15 23:31 . 2013-01-21 20:17 430080 ----a-w- c:\windows\SwUSB.exe
2013-10-15 23:31 . 2012-09-20 14:00 36864 ----a-w- c:\windows\runSW.exe
2013-10-15 23:31 . 2011-07-06 12:31 595968 ----a-w- c:\windows\SysWow64\Rtlihvs.dll
2013-10-15 23:31 . 2013-10-15 23:31 -------- d-----w- c:\program files (x86)\Linksys WUSB6300
2013-10-15 20:19 . 2013-10-15 20:19 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2013-10-15 20:04 . 2013-10-15 20:04 -------- d-----w- c:\programdata\ASUS OC Profiles
2013-10-15 19:48 . 2013-10-15 19:48 -------- d-----w- c:\program files\ASUS
2013-10-15 19:48 . 2011-09-20 16:25 46152 ----a-w- c:\windows\SysWow64\drivers\ASUSFILTER.sys
2013-10-15 19:45 . 2012-05-31 15:06 32400 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2013-10-15 19:43 . 2012-04-19 13:19 14848 ----a-w- c:\windows\SysWow64\drivers\AiChargerPlus.sys
2013-10-15 19:38 . 2013-10-15 19:38 -------- d-----w- c:\program files (x86)\AMD APP
2013-10-15 19:38 . 2012-08-29 00:27 58536 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-10-15 19:38 . 2012-04-11 13:40 82560 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2013-10-15 19:38 . 2012-04-11 13:40 42624 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2013-10-15 19:30 . 2012-06-13 02:00 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-10-15 19:30 . 2012-06-13 02:00 726160 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-10-15 19:30 . 2012-06-13 02:00 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-10-15 19:30 . 2013-10-15 19:30 -------- d-----w- c:\program files (x86)\Realtek
2013-10-15 19:26 . 2013-10-15 20:05 5379904 ----a-w- c:\windows\PE_File.dll
2013-10-15 19:25 . 2013-11-10 19:30 1048576 ----a-w- c:\windows\PE_Rom.dll
2013-10-15 19:25 . 2012-10-12 08:59 14464 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2013-10-15 19:24 . 2008-12-03 00:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-10-15 19:24 . 2013-10-15 19:24 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-10-15 19:24 . 2013-11-11 15:34 -------- d-----w- c:\programdata\ASUS
2013-10-15 19:24 . 2013-10-15 19:44 -------- d-----w- c:\program files (x86)\ASUS
2013-10-15 19:24 . 2013-10-15 19:24 -------- d-----w- c:\windows\SysWow64\drivers\MFDLL
2013-10-15 19:24 . 2012-10-12 08:58 15232 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2013-10-15 19:24 . 2012-10-12 08:58 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2013-10-15 19:24 . 2008-01-04 17:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-10-15 19:24 . 2008-01-04 17:34 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-10-15 19:21 . 2013-10-15 19:21 -------- d-----w- c:\users\Oscar\AppData\Local\Adobe
2013-10-14 19:02 . 2013-10-14 19:02 -------- d-----w- c:\users\Oscar\AppData\Roaming\SynthMaker
2013-10-14 00:11 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-10-14 00:11 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-13 23:03 . 2013-10-13 23:03 -------- d-----w- c:\users\Oscar\AppData\Local\Activision
2013-10-13 22:57 . 2013-10-13 22:57 -------- d-----w- c:\users\Oscar\AppData\Roaming\Ubisoft
2013-10-13 22:57 . 2013-10-13 22:57 -------- d-----w- c:\programdata\Ubisoft
2013-10-13 22:57 . 2013-10-13 22:57 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-10-13 22:55 . 2013-10-13 22:55 -------- d-----w- c:\program files (x86)\Activision
2013-10-13 22:55 . 2013-10-13 22:55 -------- d-----w- c:\program files (x86)\GOG.com
2013-10-13 19:41 . 2007-11-06 16:23 40464 ----a-w- c:\windows\system32\drivers\npf.sys
2013-10-13 03:24 . 2013-10-27 00:01 -------- d-----w- c:\users\Oscar\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 21:57 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2013-10-16 21:57 . 2013-10-10 22:49 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2013-10-16 21:49 . 2013-10-10 22:49 2851840 ----a-w- c:\windows\system32\themeui.dll
2013-10-12 01:34 . 2013-10-12 01:34 16896 ----a-w- c:\windows\AsTaskSched.dll
2013-10-12 01:01 . 2013-10-12 01:01 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-10-12 01:01 . 2013-10-12 01:01 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-10-12 01:01 . 2013-10-12 01:01 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-10-10 23:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-10-10 23:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-10-10 23:06 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2013-10-10 23:06 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2013-10-10 22:01 . 2013-10-10 22:01 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-10-10 19:00 . 2013-10-10 19:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 06:46 . 2013-10-10 20:23 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-14 01:10 . 2013-10-11 22:53 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-11 22:53 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 22:53 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 22:53 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-12 21:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-12 21:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-12 21:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-12 21:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-12 21:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-12 21:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-12 21:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-11 22:53 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 22:53 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 22:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 22:53 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 22:53 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 22:53 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 22:53 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 22:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 22:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 22:53 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 22:53 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 22:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 22:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 22:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 22:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 22:53 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 22:53 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 22:53 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
R4 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
R4 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]
R4 RunSwUSB;RunSwUSB;c:\windows\runSW.exe;c:\windows\runSW.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 WSWUSB6300;WSWUSB6300;c:\program files (x86)\Linksys WUSB6300\WifiSvc.exe;c:\program files (x86)\Linksys WUSB6300\WifiSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 20:15 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 18:57]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 18:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Juan\AppData\Roaming\Mozilla\Firefox\Profiles\aecl662i.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
c:\program files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
.
**************************************************************************
.
Completion time: 2013-11-11 21:01:35 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-12 02:01
ComboFix2.txt 2013-11-12 01:09
.
Pre-Run: 33,095,946,240 bytes free
Post-Run: 33,220,648,960 bytes free
.
- - End Of File - - 6CF205A78F98A6D8D33133864F6084D5
A36C5E4F47E84449FF07ED3517B43A31

#9
RKinner

Posted 11 November 2013 - 08:14 PM

Malware Expert

Expert
24,625 posts

OK. Looks good now but we will let Avast make the final decision. Like I said it will take a long time to do the boot-time scan so best to just let it run while you sleep.

Your infection was still active at least until we ran the OTL fix so you should probably change all of your passwords again.

#10
Gabriel1

Posted 11 November 2013 - 08:16 PM

Member

Topic Starter
Member
156 posts

Thanks a lot for the quick responses i greatly appreciate it. luckily all my passwords (except the one he took) were saved on my PC so i didnt type them. i used the onscreen keyboard to change the other one.

I'll do the scan overnight and post tomorrow morning thanks again.

Edited by Gabriel1, 11 November 2013 - 08:18 PM.

#11
Gabriel1

Posted 11 November 2013 - 09:42 PM

Member

Topic Starter
Member
156 posts

alrighty. took 2 hours only. pretty quick.

heres the avast report;

11/11/2013 21:19
Scan of all local drives

File C:\Users\Juan\Desktop\black blue 4\1.EXTRAS\ThemeResourceChanger\ThemeResourceChangerX64-v10.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Juan\Desktop\black blue 4\1.EXTRAS\ThemeResourceChanger\ThemeResourceChangerX86-v10.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Juan\Desktop\black seven original\1.EXTRAS\ThemeResourceChangerX64-v10.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Juan\Desktop\black seven original\1.EXTRAS\ThemeResourceChangerX86-v10.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Juan\Desktop\windows 7 themes alien tech (red)\windows 7 themes alien tech (red)..exe|>AutoPlay\Docs\ThemeResourceChangerX64-v10.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Juan\Desktop\windows 7 themes alien tech (red)\windows 7 themes alien tech (red)..exe|>AutoPlay\Docs\ThemeResourceChangerX86-v10.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Juan\Downloads\Windows 7 Home Premium x64 (64-bit) (ISO) UNTOUCHED\Windows Loader v1.9.2 - By Daz\Windows Loader.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\FINAL FANTASY VII\FF7_Launcher.exe is infected by Win32:PatchDll-A [PUP], Moved to chest
File F:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NH4NB3S\vfnxyrtrxc-2011-gop-presidential-debate[1].txt is infected by JS:ScriptIP-inf [Trj], Moved to chest
File F:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9OCW7D0\lzhfqgznvn-the-biggest-threat-to-our-national-security-is-our-financial-condition[1].txt is infected by JS:ScriptIP-inf [Trj], Moved to chest
File F:\Users\Efrain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7HNLZ22\OnlineScanner[1].cab|>OnlineCmdLineScanner.exe Error 42127 {CAB archive is corrupted.}
File F:\Users\Efrain\AppData\LocalLow\Google\GoogleEarth\webdata\f_000045|>sv.kml Error 42125 {ZIP archive is corrupted.}
File F:\Users\Efrain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1fe6b2f-602a93eb|>main.class is infected by Java:CVE-2012-4681-HX [Expl], Moved to chest
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%AppData%\Microsoft\Office\Groove12.pip Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Common AppData%\Microsoft\OFFICE\DATA\OPA12.BAK Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Common AppData%\Microsoft\OFFICE\DocumentRepository.ico Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Common AppData%\Microsoft\OFFICE\MySite.ico Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Common Programs%\Microsoft Office\Microsoft Office Excel 2007.lnk Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Common Programs%\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Common Programs%\Microsoft Office\Microsoft Office Word 2007.lnk Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Program Files Common%\Microsoft Shared\GRPHFLT\MS.GIF Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word\Microsoft Word 2007.exe|>FS\%Program Files Common%\Microsoft Shared\GRPHFLT\MS.JPG Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%AppData%\Microsoft\Office\Groove12.pip Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Common AppData%\Microsoft\OFFICE\DATA\OPA12.BAK Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Common AppData%\Microsoft\OFFICE\DocumentRepository.ico Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Common AppData%\Microsoft\OFFICE\MySite.ico Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Common Programs%\Microsoft Office\Microsoft Office Excel 2007.lnk Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Common Programs%\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Common Programs%\Microsoft Office\Microsoft Office Word 2007.lnk Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Program Files Common%\Microsoft Shared\GRPHFLT\MS.GIF Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Stuff\Excel & Word.rar|>Excel & Word\Microsoft Word 2007.exe|>FS\%Program Files Common%\Microsoft Shared\GRPHFLT\MS.JPG Error 42145 {Installer archive is corrupted.}
File F:\Users\Efrain\Desktop\Prison.Break.S01-S04.COMPLETE.DVDRiP.XviD-iPT\Prison.Break.S01.DVDRiP.XviD-MiXEDGRPS\Prison.Break.S01E15.DVDRip.XviD-TOPAZ\tpz-pbreak115.rar|>Prison.Break.S01E15.DVDRip.XviD-TOPAZ.avi Error 42126 {RAR archive is corrupted.}
File F:\Users\Efrain\Downloads\Windows 7 Home Premium x64 (64-bit) (ISO) UNTOUCHED\Windows Loader v1.9.2 - By Daz\Windows Loader.exe is infected by Win32:PUP-gen [PUP], Moved to chest
Number of searched folders: 47191
Number of tested files: 621654
Number of infected files: 12

#12
RKinner

Posted 12 November 2013 - 12:53 AM

Malware Expert

Expert
24,625 posts

That was quick. Looks like it did find some stuff. I think you are probably OK now. I should mention that using the on screen keyboard does not necessarily fool a key logger. They also monitor the tcp/ip traffic using WinPcap. (We removed WinPcap from yours. WinPcap is not really malware. Just a free utility to monitor packets. Used in a lot of legit programs but if it's not in the install list then it was installed by malware so needs to go.)

Unless you see other problems I think we are done and can clean up

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Pause your anti-virus, Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.

If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

#13
Gabriel1

Posted 12 November 2013 - 06:56 AM

Member

Topic Starter
Member
156 posts

thanks so much for all your help! Just the nature of a keylogger is extremely scary so i hope its gone. I'll definitely be donating!

#14
Gabriel1

Posted 13 November 2013 - 12:26 PM

Member

Topic Starter
Member
156 posts

Hey, I just got a call from Citibank that someone from the UK logged into my account. Do you think they still have access to my info or is this just residuals?

#15
RKinner

Posted 13 November 2013 - 12:33 PM

Malware Expert

Expert
24,625 posts

Depends on when you changed the password to that account. If you changed it before we finished then it is because the keylogger wasn't fooled by your on screen keyboard.