Virus/Malware plays a wierd sound in random intervals

Solved
By jadariin
Nov 5, 2011
  1. This started 2 days ago and my computer plays a wierd sound reminiscent of a starcraft soundbyte in random intervals. At first I thought it was a messenger alert tone but Ive muted every single one of them including steam/origin/etc but the sound is still there. Ive tried every malware/spyware/virus remover ive had but still to no avail. The sound is still there. Its tolerable but the idea of having a virus/spyware in my computer gives me a scare since I use this pc for banking and other personal stuff and prompted me to change all my passwords. Can you please help me?


    LOGS


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8089

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    11/6/2011 7:31:38 AM
    mbam-log-2011-11-06 (07-31-38).txt

    Scan type: Quick scan
    Objects scanned: 169096
    Time elapsed: 1 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Start (Disabled.Cryptsvc) -> Bad: (4) Good: (2) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-06 07:45:27
    Windows 6.1.7601 Service Pack 1
    Running: few7wolv.exe


    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 148480 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{2270c1f8-0799-11e1-9904-002522183aa8}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{2270c1f8-0799-11e1-9904-002522183aa8}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{2270c1f8-0799-11e1-9904-002522183aa8}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\webStorage 0 bytes
    File C:\## aswSnx private storage\webStorage\attrib 0 bytes
    File C:\## aswSnx private storage\webStorage\image 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-3218E401.pf 16580 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-BC8A94AF.pf 16140 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\PEV.3XE-49CBEEB9.pf 16012 bytes
    File C:\## aswSnx private storage\webStorage\snx_fs.dat 740 bytes

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Jaime at 7:46:11 on 2011-11-06
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jaime\AppData\Roaming\Mozilla\Firefox\Profiles\g4am3xke.default\
    FF - component: C:\Users\Jaime\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - C:\Users\Jaime\AppData\Roaming\IDM\idmmzcc3
    FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2011-11-05 12:08:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-11-05 12:08:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-11-05 10:29:11 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-11-05 10:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2011-11-05 10:28:19 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2011-11-05 10:27:31 -------- d-----w- C:\Program Files\ATI Technologies
    2011-11-05 09:09:43 -------- d-----w- C:\Users\Jaime\AppData\Roaming\Malwarebytes
    2011-11-05 09:07:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-05 09:07:11 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-11-05 09:07:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-05 08:29:39 -------- d-----w- C:\Windows\pss
    2011-11-05 08:09:11 -------- d-----w- C:\Program Files (x86)\Smart Virus Remover
    2011-11-05 03:56:04 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-11-05 00:50:57 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-11-05 00:26:37 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-11-05 00:26:19 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-11-04 15:24:37 -------- d-----w- C:\Program Files\Ragnarok Online
    2011-11-03 23:49:47 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2011-10-31 06:55:07 -------- d--h--w- C:\Windows\msdownld.tmp
    2011-10-31 06:55:07 -------- d-----w- C:\Windows\SysWow64\directx
    2011-10-31 06:54:57 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.8
    2011-10-29 23:18:40 -------- d-----w- C:\Program Files (x86)\uTorrent
    2011-10-29 23:18:17 -------- d-----w- C:\Users\Jaime\AppData\Roaming\uTorrent
    2011-10-29 23:18:17 -------- d-----w- C:\Users\Jaime\AppData\Local\uTorrent
    2011-10-28 10:32:29 -------- d-----w- C:\Users\Jaime\AppData\Local\ESN Sonar
    2011-10-27 22:17:49 -------- d-----w- C:\Program Files\AntiFreeze
    2011-10-27 21:53:00 -------- d-----w- C:\Program Files (x86)\AnVir Task Manager Free
    2011-10-27 21:52:52 -------- d-----w- C:\Users\Jaime\AppData\Local\AnVir
    2011-10-27 13:53:26 -------- d-----w- C:\Users\Jaime\AppData\Local\ODUI
    2011-10-27 13:53:16 -------- d-----w- C:\Users\Jaime\AppData\Roaming\Stardock
    2011-10-27 13:53:11 -------- d-----w- C:\Users\Jaime\AppData\Local\Stardock
    2011-10-27 13:53:07 -------- dc-h--w- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
    2011-10-27 13:53:05 -------- d-----w- C:\Program Files (x86)\Stardock
    2011-10-27 13:52:55 -------- d-----w- C:\Users\Jaime\AppData\Local\PackageAware
    2011-10-27 04:48:54 -------- d-----w- C:\Users\Jaime\AppData\Roaming\Mumble
    2011-10-27 04:42:23 -------- d-----w- C:\Program Files (x86)\Mumble
    2011-10-27 03:23:23 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
    2011-10-27 03:23:23 -------- d-----w- C:\Program Files\CPUID
    2011-10-26 13:26:10 -------- d-----w- C:\Users\Jaime\AppData\Local\SKIDROW
    2011-10-26 13:21:51 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
    2011-10-26 12:59:02 -------- d-----w- C:\Program Files (x86)\Black_Box
    2011-10-26 04:31:25 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
    2011-10-26 04:23:22 -------- d-----w- C:\ProgramData\Nero
    2011-10-26 04:23:22 -------- d-----w- C:\Program Files (x86)\Nero
    2011-10-26 04:18:45 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2011-10-26 03:51:07 -------- d-----w- C:\Windows\Panther
    2011-10-26 03:06:44 -------- d-----w- C:\Windows.old
    2011-10-26 00:08:42 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
    2011-10-26 00:02:26 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-10-26 00:02:22 -------- d-----w- C:\Users\Jaime\AppData\Local\PunkBuster
    2011-10-26 00:02:05 -------- d-----w- C:\ProgramData\EA Core
    2011-10-26 00:00:12 450048 ----a-w- C:\Windows\System32\drivers\rtl8187B.sys
    2011-10-26 00:00:12 448512 ----a-w- C:\Windows\System32\drivers\rtl8187.sys
    2011-10-26 00:00:10 614400 ----a-w- C:\Windows\SysWow64\Rtlihvs.dll
    2011-10-26 00:00:10 380928 ----a-w- C:\Windows\RtlUI2.exe
    2011-10-26 00:00:10 188416 ----a-w- C:\Windows\SysWow64\RTLExtUI.dll
    2011-10-26 00:00:09 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
    2011-10-26 00:00:09 -------- d-----w- C:\Program Files (x86)\REALTEK
    2011-10-25 23:10:58 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
    2011-10-25 23:10:34 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-10-25 23:10:34 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-10-25 23:10:30 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-10-25 22:26:11 -------- d-----w- C:\Users\Jaime\AppData\Roaming\Origin
    2011-10-25 22:26:10 -------- d-----w- C:\Users\Jaime\AppData\Local\Origin
    2011-10-25 22:26:02 -------- d-----w- C:\ProgramData\Origin
    2011-10-25 22:26:01 -------- d-----w- C:\ProgramData\Electronic Arts
    2011-10-25 22:26:01 -------- d-----w- C:\Program Files (x86)\Origin Games
    2011-10-25 22:25:52 -------- d-----w- C:\Program Files (x86)\Origin
    2011-10-25 22:20:59 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-10-25 22:20:59 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-10-25 22:20:54 41184 ----a-w- C:\Windows\avastSS.scr
    2011-10-25 14:35:55 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-25 14:00:23 -------- d-----w- C:\Users\Jaime\AppData\Local\Google
    2011-10-25 13:58:25 -------- d-----w- C:\ProgramData\AVAST Software
    2011-10-25 13:58:24 -------- d-----w- C:\Program Files\AVAST Software
    2011-10-25 13:56:22 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2011-10-25 13:56:21 -------- d-----w- C:\Program Files (x86)\Steam
    2011-10-25 13:29:38 -------- d-----w- C:\Program Files (x86)\ACD Systems
    2011-10-25 13:22:29 601088 ----a-w- C:\Windows\System32\VMAPO64.DLL
    2011-10-25 13:21:54 414632 ------w- C:\Windows\difxapi.dll
    2011-10-25 13:21:54 -------- d-----w- C:\Program Files (x86)\VIA
    2011-10-25 13:21:04 -------- d-----w- C:\Users\Jaime\AppData\Local\AMD
    2011-10-25 13:20:24 -------- d-----w- C:\Users\Jaime\AppData\Local\ATI
    2011-10-25 13:18:39 0 ----a-w- C:\Windows\ativpsrm.bin
    2011-10-25 13:04:33 -------- d-----w- C:\ProgramData\AMD
    2011-10-25 13:04:13 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
    2011-10-25 12:58:56 -------- d-----w- C:\Program Files\ATI
    2011-10-25 12:51:58 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2011-10-25 12:51:18 -------- d-sh--w- C:\Windows\Installer
    2011-10-25 12:50:32 702976 ----a-r- C:\Windows\System32\cohelper.dll
    2011-10-25 12:50:32 5940 ----a-r- C:\Windows\System32\drivers\nvphy.bin
    2011-10-25 12:50:29 899584 ----a-w- C:\Windows\System32\fdco1.dll
    2011-10-25 12:50:29 339360 ----a-w- C:\Windows\System32\drivers\nvmf6264.sys
    2011-10-25 12:50:29 159232 ----a-w- C:\Windows\System32\nvconrm.dll
    2011-10-25 12:50:22 506400 ----a-w- C:\Windows\System32\NVUNINST.EXE
    2011-10-25 12:47:23 -------- d-----w- C:\Users\Jaime\AppData\Local\VirtualStore
    2011-10-25 12:43:13 -------- d-sh--w- C:\Recovery
    2011-10-25 11:04:23 -------- d-sh--w- C:\Boot
    2011-10-22 00:18:52 -------- d-----w- C:\AMD
    2011-10-19 14:14:52 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-10-19 02:33:15 -------- d-----w- C:\ATI
    2011-10-07 05:21:40 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-10-07 03:47:08 24996864 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-10-07 03:33:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-10-07 03:33:44 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-07 03:32:12 867328 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-10-07 03:29:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-10-07 03:29:10 487936 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-10-07 03:28:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-10-07 03:27:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-10-07 03:27:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-10-07 03:26:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-07 03:26:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-07 03:26:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-10-07 03:26:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-10-07 03:26:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-07 03:25:04 18836992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-07 03:23:22 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-07 03:12:56 4960768 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-10-07 03:01:18 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-07 02:54:32 5431808 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-10-07 02:53:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-10-07 02:53:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-07 02:52:58 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-10-07 02:52:56 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-07 02:52:46 9809920 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-10-07 02:49:02 8390656 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-07 02:46:48 479744 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-10-07 02:46:40 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-07 02:46:26 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-10-07 02:46:22 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-07 02:46:22 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-10-07 02:46:18 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-10-07 02:46:10 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-07 02:46:02 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-10-07 02:45:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-10-07 02:45:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-07 02:45:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-10-07 02:44:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-07 02:44:18 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-10-07 02:43:32 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-10-07 02:42:56 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-07 02:42:44 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-10-07 02:31:52 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-07 02:22:22 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-10-07 02:14:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-10-07 02:14:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-10-07 02:14:00 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-07 02:14:00 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    .
    ==================== Find3M ====================
    .
    2011-10-06 14:30:54 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2011-10-06 14:30:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2011-10-06 14:30:36 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-10-06 14:29:54 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-10-06 14:29:04 51200 ----a-w- C:\Windows\System32\OpenCL.dll
    2011-10-06 14:29:00 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    .
    ============= FINISH: 7:47:57.82 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    ACDSee Trial Version
    Ad-Aware
    Adobe Flash Player 10 Plugin
    AMD VISION Engine Control Center
    AnVir Task Manager Free
    avast! Free Antivirus
    Battlefield 3™
    Battlelog Web Plugins
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    DC Universe Online
    ESN Sonar
    Google Chrome
    Google Update Helper
    HydraVision
    Internet Download Manager
    LightScribe System Software
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox (3.5.6)
    Mumble 1.2.3
    Nero 8 Essentials
    neroxml
    NVIDIA ForceWare Network Access Manager
    ObjectDock Free
    Origin
    PCSX2 - Playstation 2 Emulator
    Platform
    PunkBuster Services
    REALTEK Wireless LAN Driver and Utility
    Spybot - Search & Destroy
    Steam
    VCRedistSetup
    VIA Platform Device Manager
    VLC media player 1.1.11
    WinRAR archiver
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    Ok done. Will update if I hear the sound again. here are the logs :)


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-06 09:40:39
    -----------------------------
    09:40:39.825 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:40:39.825 Number of processors: 4 586 0x403
    09:40:39.825 ComputerName: JAIME-PC UserName: Jaime
    09:40:41.012 Initialize success
    09:40:41.528 AVAST engine defs: 11110503
    09:40:42.559 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
    09:40:42.559 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    09:40:44.622 Disk 0 MBR read successfully
    09:40:44.622 Disk 0 MBR scan
    09:40:44.622 Disk 0 Windows 7 default MBR code
    09:40:44.637 Service scanning
    09:40:46.985 Modules scanning
    09:40:46.985 Disk 0 trace - called modules:
    09:40:47.001 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
    09:40:47.001 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800474b060]
    09:40:47.001 3 CLASSPNP.SYS[fffff8800196743f] -> nt!IofCallDriver -> [0xfffffa800365cab0]
    09:40:47.001 5 ACPI.sys[fffff88000e7d7a1] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80037d9060]
    09:40:47.313 AVAST engine scan C:\Windows
    09:40:51.129 AVAST engine scan C:\Windows\system32
    09:42:06.630 AVAST engine scan C:\Windows\system32\drivers
    09:42:14.630 AVAST engine scan C:\Users\Jaime
    09:44:16.406 AVAST engine scan C:\ProgramData
    09:44:44.751 Scan finished successfully
    09:46:29.844 Disk 0 MBR has been saved successfully to "C:\Users\Jaime\Documents\SHOW THESE\next\MBR.dat"
    09:46:29.844 The log file has been saved successfully to "C:\Users\Jaime\Documents\SHOW THESE\next\aswMBR.txt"


    ComboFix 11-11-05.03 - Jaime 11/06/2011 9:57.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.63.1033.18.4095.1803 [GMT 8:00]
    Running from: c:\users\Jaime\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Jaime\AppData\Local\Temp\7zS692E\HPSLPSVC64.DLL
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\install.js
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\install.rdf
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
    c:\users\Jaime\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
    c:\users\Jaime\Desktop\Smart Virus Remover.lnk
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_HPSLPSVC
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-06 02:03 . 2011-11-06 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-05 12:08 . 2011-11-05 22:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-11-05 12:08 . 2011-11-05 12:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-05 10:31 . 2011-11-05 10:31 -------- d-----w- c:\programdata\ATI
    2011-11-05 10:29 . 2011-11-05 10:29 -------- d-----w- c:\program files (x86)\AMD APP
    2011-11-05 10:29 . 2011-11-05 10:29 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2011-11-05 10:28 . 2011-11-05 10:28 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2011-11-05 10:27 . 2011-11-05 10:28 -------- d-----w- c:\program files\ATI Technologies
    2011-11-05 09:07 . 2011-11-05 09:07 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-05 09:07 . 2011-11-05 09:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-05 09:07 . 2011-08-31 09:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-05 08:09 . 2011-11-05 08:09 -------- d-----w- c:\program files (x86)\Smart Virus Remover
    2011-11-05 03:56 . 2011-11-05 00:50 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-11-05 00:50 . 2011-11-05 00:50 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-05 00:26 . 2011-11-05 00:26 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-11-05 00:26 . 2011-11-03 04:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-11-05 00:26 . 2011-11-05 00:26 -------- d-----w- c:\program files (x86)\Lavasoft
    2011-11-05 00:26 . 2011-11-05 00:26 -------- d-----w- c:\programdata\Lavasoft
    2011-11-04 15:24 . 2011-11-05 03:56 -------- d-----w- c:\program files\Ragnarok Online
    2011-11-03 23:49 . 2011-11-05 10:29 -------- d-----w- c:\program files (x86)\ATI Technologies
    2011-10-31 06:55 . 2011-10-31 06:55 -------- d--h--w- c:\windows\msdownld.tmp
    2011-10-31 06:54 . 2011-10-31 06:55 -------- d-----w- c:\program files (x86)\PCSX2 0.9.8
    2011-10-29 23:18 . 2011-10-29 23:18 -------- d-----w- c:\program files (x86)\uTorrent
    2011-10-27 22:17 . 2011-10-27 22:17 -------- d-----w- c:\program files\AntiFreeze
    2011-10-27 21:53 . 2011-10-27 21:53 -------- d-----w- c:\program files (x86)\AnVir Task Manager Free
    2011-10-27 13:53 . 2011-10-27 13:53 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
    2011-10-27 13:53 . 2011-10-27 13:53 -------- d-----w- c:\program files (x86)\Stardock
    2011-10-27 04:42 . 2011-10-27 04:42 -------- d-----w- c:\program files (x86)\Mumble
    2011-10-27 03:23 . 2011-10-27 03:23 -------- d-----w- c:\program files\CPUID
    2011-10-27 03:23 . 2010-11-09 07:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
    2011-10-26 13:21 . 2011-10-26 13:21 -------- d-----w- c:\program files (x86)\Bethesda Softworks
    2011-10-26 12:59 . 2011-10-26 13:27 -------- d-----w- c:\program files (x86)\Black_Box
    2011-10-26 04:31 . 2011-10-26 04:31 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
    2011-10-26 04:26 . 2011-10-26 04:26 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
    2011-10-26 04:23 . 2011-10-26 04:25 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2011-10-26 04:23 . 2011-10-26 04:23 -------- d-----w- c:\programdata\Nero
    2011-10-26 04:23 . 2011-10-26 04:23 -------- d-----w- c:\program files (x86)\Nero
    2011-10-26 04:18 . 2011-10-26 04:18 -------- d-----w- c:\program files (x86)\VideoLAN
    2011-10-26 03:51 . 2011-10-25 12:44 -------- d-----w- c:\windows\Panther
    2011-10-26 03:06 . 2011-10-25 14:05 -------- d-----w- C:\Windows.old
    2011-10-26 00:08 . 2011-11-04 15:18 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
    2011-10-26 00:02 . 2011-11-05 04:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-10-26 00:02 . 2011-10-26 00:02 -------- d-----w- c:\programdata\EA Core
    2011-10-26 00:00 . 2010-03-31 03:10 450048 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
    2011-10-26 00:00 . 2010-01-07 03:20 448512 ----a-w- c:\windows\system32\drivers\rtl8187.sys
    2011-10-26 00:00 . 2009-04-02 02:27 188416 ----a-w- c:\windows\SysWow64\RTLExtUI.dll
    2011-10-26 00:00 . 2009-03-31 06:31 380928 ----a-w- c:\windows\RtlUI2.exe
    2011-10-26 00:00 . 2008-07-01 04:31 614400 ----a-w- c:\windows\SysWow64\Rtlihvs.dll
    2011-10-26 00:00 . 2011-10-26 00:00 -------- d-----w- c:\program files (x86)\REALTEK
    2011-10-26 00:00 . 2010-12-01 01:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
    2011-10-25 23:10 . 2011-10-25 23:10 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
    2011-10-25 23:10 . 2011-11-05 04:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-10-25 23:10 . 2011-11-05 00:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-10-25 23:10 . 2011-10-26 01:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-10-25 22:26 . 2011-10-26 00:01 -------- d-----w- c:\programdata\Origin
    2011-10-25 22:26 . 2011-10-26 00:02 -------- d-----w- c:\programdata\Electronic Arts
    2011-10-25 22:26 . 2011-10-25 22:47 -------- d-----w- c:\program files (x86)\Origin Games
    2011-10-25 22:25 . 2011-10-25 22:37 -------- d-----w- c:\program files (x86)\Origin
    2011-10-25 22:21 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-10-25 22:21 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-10-25 22:20 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-25 22:20 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-10-25 22:20 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-10-25 22:20 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-10-25 22:20 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-25 22:20 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-10-25 14:35 . 2011-10-25 14:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-25 14:35 . 2011-10-25 14:35 -------- d-----w- c:\windows\SysWow64\Macromed
    2011-10-25 14:00 . 2011-10-25 14:40 -------- d-----w- c:\program files (x86)\Google
    2011-10-25 14:00 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-10-25 13:58 . 2011-10-25 22:20 -------- d-----w- c:\programdata\AVAST Software
    2011-10-25 13:58 . 2011-10-25 13:58 -------- d-----w- c:\program files\AVAST Software
    2011-10-25 13:56 . 2011-11-05 07:53 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2011-10-25 13:56 . 2011-11-06 01:15 -------- d-----w- c:\program files (x86)\Steam
    2011-10-25 13:29 . 2011-10-25 13:29 -------- d-----w- c:\program files (x86)\ACD Systems
    2011-10-25 13:27 . 2011-10-25 13:28 -------- d-----w- c:\program files (x86)\Internet Download Manager
    2011-10-25 13:21 . 2011-10-25 14:22 -------- d-----w- c:\program files (x86)\VIA
    2011-10-25 13:21 . 2007-04-11 07:35 414632 ------w- c:\windows\difxapi.dll
    2011-10-25 13:21 . 2011-10-25 13:21 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
    2011-10-25 13:18 . 2011-10-25 13:18 0 ----a-w- c:\windows\ativpsrm.bin
    2011-10-25 13:04 . 2011-11-05 10:28 -------- d-----w- c:\programdata\AMD
    2011-10-25 13:04 . 2010-02-18 01:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
    2011-10-25 12:58 . 2011-10-25 12:58 -------- d-----w- c:\program files\ATI
    2011-10-25 12:52 . 2011-10-26 00:00 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
    2011-10-25 12:51 . 2011-10-25 12:51 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-10-25 12:51 . 2011-11-05 10:29 -------- d-sh--w- c:\windows\Installer
    2011-10-25 12:50 . 2009-04-30 04:46 702976 ----a-r- c:\windows\system32\cohelper.dll
    2011-10-25 12:50 . 2009-04-28 21:27 5940 ----a-r- c:\windows\system32\drivers\nvphy.bin
    2011-10-25 12:50 . 2009-04-30 05:06 339360 ----a-w- c:\windows\system32\drivers\nvmf6264.sys
    2011-10-25 12:50 . 2009-04-30 04:46 899584 ----a-w- c:\windows\system32\fdco1.dll
    2011-10-25 12:50 . 2009-04-28 16:46 159232 ----a-w- c:\windows\system32\nvconrm.dll
    2011-10-25 12:50 . 2009-04-26 01:32 506400 ----a-w- c:\windows\system32\NVUNINST.EXE
    2011-10-25 12:44 . 2011-10-25 13:56 -------- d-----w- c:\users\Jaime
    2011-10-25 12:43 . 2011-10-25 12:43 -------- d-----w- C:\Recovery
    2011-10-25 11:04 . 2011-10-26 03:50 -------- d-----w- C:\Boot
    2011-10-22 00:18 . 2011-10-25 12:55 -------- d-----w- C:\AMD
    2011-10-19 14:14 . 2011-10-19 14:14 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-10-19 02:33 . 2011-10-19 02:33 -------- d-----w- C:\ATI
    2011-10-07 05:21 . 2011-10-07 05:21 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-10-07 03:47 . 2011-10-07 03:47 24996864 ----a-w- c:\windows\system32\atio6axx.dll
    2011-10-07 03:33 . 2011-10-07 03:33 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-10-07 03:33 . 2011-10-07 03:33 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-10-07 03:32 . 2011-10-07 03:32 867328 ----a-w- c:\windows\system32\aticfx64.dll
    2011-10-07 03:29 . 2011-10-07 03:29 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-10-07 03:29 . 2011-10-07 03:29 487936 ----a-w- c:\windows\system32\atieclxx.exe
    2011-10-07 03:28 . 2011-10-07 03:28 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-10-07 03:27 . 2011-10-07 03:27 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-10-07 03:27 . 2011-10-07 03:27 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-10-07 03:26 . 2011-10-07 03:26 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-10-07 03:26 . 2011-10-07 03:26 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-10-07 03:26 . 2011-10-07 03:26 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-10-07 03:26 . 2011-10-07 03:26 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-10-07 03:26 . 2011-10-07 03:26 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-10-07 03:25 . 2011-10-07 03:25 18836992 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-10-07 03:23 . 2011-10-07 03:23 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-10-07 03:12 . 2011-10-07 03:12 4960768 ----a-w- c:\windows\system32\atidxx64.dll
    2011-10-07 03:01 . 2011-10-07 03:01 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-10-07 02:54 . 2011-10-07 02:54 5431808 ----a-w- c:\windows\system32\atiumd64.dll
    2011-10-07 02:53 . 2011-10-07 02:53 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-10-07 02:53 . 2011-10-07 02:53 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-10-07 02:52 . 2011-10-07 02:52 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-10-07 02:52 . 2011-10-07 02:52 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-10-07 02:52 . 2011-10-07 02:52 9809920 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-10-07 02:49 . 2011-10-07 02:49 8390656 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-10-07 02:46 . 2011-10-07 02:46 479744 ----a-w- c:\windows\system32\atiadlxx.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-06 14:30 . 2011-10-06 14:30 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
    2011-10-06 14:30 . 2011-10-06 14:30 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2011-10-06 14:30 . 2011-10-06 14:30 16787456 ----a-w- c:\windows\system32\amdocl64.dll
    2011-10-06 14:29 . 2011-10-06 14:29 13753856 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-10-06 14:29 . 2011-10-06 14:29 51200 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-06 14:29 . 2011-10-06 14:29 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-29 641400]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-25 1242448]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-10-25 3171760]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-10-20 28651144]
    "AnVir Task Manager Free"="c:\program files (x86)\AnVir Task Manager Free\AnVir.exe" [2009-09-28 1581280]
    "AntiFreeze"="c:\program files\AntiFreeze\AntiFreeze.exe" [2007-12-16 139776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-06 343168]
    "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    c:\users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-7 3768176]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-06 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-23 55424]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-03-17 05:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 14:32]
    .
    2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 14:32]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF8633.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
    TCP: Interfaces\{A25C20DD-909D-442E-8477-39459A156D11}: NameServer = 210.4.2.61 202.78.97.41
    FF - ProfilePath - c:\users\Jaime\AppData\Roaming\Mozilla\Firefox\Profiles\g4am3xke.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\SysWOW64\IoctlSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\REALTEK\Wireless LAN Utility\RtWlan.exe
    c:\program files (x86)\REALTEK\Wireless LAN Utility\RTLDHCP.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-06 10:09:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-06 02:09
    .
    Pre-Run: 21,325,860,864 bytes free
    Post-Run: 21,065,019,392 bytes free
    .
    - - End Of File - - 8370B4458A0D6C33FB3813250D84C5F1
  4. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    UPDATE:

    Its still there :(
  5. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Combofix log looks clean.

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Avast.
    One of them has to go.
    I suggest Lavasoft goes.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    Uninstalled Adaware and here is the log


    10:50:16.0823 2120 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
    10:50:17.0527 2120 ============================================================
    10:50:17.0527 2120 Current date / time: 2011/11/06 10:50:17.0527
    10:50:17.0527 2120 SystemInfo:
    10:50:17.0527 2120
    10:50:17.0527 2120 OS Version: 6.1.7601 ServicePack: 1.0
    10:50:17.0527 2120 Product type: Workstation
    10:50:17.0528 2120 ComputerName: JAIME-PC
    10:50:17.0528 2120 UserName: Jaime
    10:50:17.0528 2120 Windows directory: C:\Windows
    10:50:17.0528 2120 System windows directory: C:\Windows
    10:50:17.0528 2120 Running under WOW64
    10:50:17.0528 2120 Processor architecture: Intel x64
    10:50:17.0528 2120 Number of processors: 4
    10:50:17.0528 2120 Page size: 0x1000
    10:50:17.0528 2120 Boot type: Normal boot
    10:50:17.0528 2120 ============================================================
    10:50:18.0709 2120 Initialize success
    10:50:20.0412 3556 ============================================================
    10:50:20.0412 3556 Scan started
    10:50:20.0412 3556 Mode: Manual;
    10:50:20.0412 3556 ============================================================
    10:50:21.0193 3556 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    10:50:21.0193 3556 1394ohci - ok
    10:50:21.0240 3556 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    10:50:21.0240 3556 ACPI - ok
    10:50:21.0255 3556 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    10:50:21.0255 3556 AcpiPmi - ok
    10:50:21.0302 3556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    10:50:21.0302 3556 adp94xx - ok
    10:50:21.0349 3556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    10:50:21.0349 3556 adpahci - ok
    10:50:21.0365 3556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    10:50:21.0365 3556 adpu320 - ok
    10:50:21.0427 3556 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    10:50:21.0427 3556 AFD - ok
    10:50:21.0474 3556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    10:50:21.0474 3556 agp440 - ok
    10:50:21.0505 3556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    10:50:21.0505 3556 aliide - ok
    10:50:21.0584 3556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    10:50:21.0584 3556 amdide - ok
    10:50:21.0630 3556 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    10:50:21.0630 3556 amdiox64 - ok
    10:50:21.0662 3556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    10:50:21.0662 3556 AmdK8 - ok
    10:50:21.0849 3556 amdkmdag (43bd304bb9f43973a75b37c6d7c88a83) C:\Windows\system32\DRIVERS\atikmdag.sys
    10:50:21.0896 3556 amdkmdag - ok
    10:50:21.0959 3556 amdkmdap (783f10e1cb8503b556e5a9df0a264031) C:\Windows\system32\DRIVERS\atikmpag.sys
    10:50:21.0959 3556 amdkmdap - ok
    10:50:22.0005 3556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    10:50:22.0005 3556 AmdPPM - ok
    10:50:22.0037 3556 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    10:50:22.0037 3556 amdsata - ok
    10:50:22.0084 3556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    10:50:22.0084 3556 amdsbs - ok
    10:50:22.0099 3556 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    10:50:22.0099 3556 amdxata - ok
    10:50:22.0287 3556 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    10:50:22.0287 3556 AODDriver4.01 - ok
    10:50:22.0334 3556 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    10:50:22.0334 3556 AppID - ok
    10:50:22.0380 3556 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    10:50:22.0380 3556 arc - ok
    10:50:22.0396 3556 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    10:50:22.0396 3556 arcsas - ok
    10:50:22.0459 3556 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
    10:50:22.0459 3556 aswFsBlk - ok
    10:50:22.0505 3556 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
    10:50:22.0505 3556 aswMonFlt - ok
    10:50:22.0521 3556 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
    10:50:22.0537 3556 aswRdr - ok
    10:50:22.0552 3556 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
    10:50:22.0552 3556 aswSnx - ok
    10:50:22.0584 3556 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
    10:50:22.0584 3556 aswSP - ok
    10:50:22.0599 3556 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
    10:50:22.0599 3556 aswTdi - ok
    10:50:22.0630 3556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    10:50:22.0630 3556 AsyncMac - ok
    10:50:22.0677 3556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    10:50:22.0677 3556 atapi - ok
    10:50:22.0740 3556 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
    10:50:22.0740 3556 AtiHDAudioService - ok
    10:50:22.0818 3556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    10:50:22.0818 3556 b06bdrv - ok
    10:50:22.0834 3556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    10:50:22.0834 3556 b57nd60a - ok
    10:50:22.0865 3556 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    10:50:22.0865 3556 Beep - ok
    10:50:22.0927 3556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    10:50:22.0927 3556 blbdrive - ok
    10:50:22.0943 3556 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    10:50:22.0943 3556 bowser - ok
    10:50:22.0959 3556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    10:50:22.0959 3556 BrFiltLo - ok
    10:50:22.0974 3556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    10:50:22.0974 3556 BrFiltUp - ok
    10:50:22.0990 3556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    10:50:22.0990 3556 Brserid - ok
    10:50:23.0005 3556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    10:50:23.0005 3556 BrSerWdm - ok
    10:50:23.0052 3556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    10:50:23.0068 3556 BrUsbMdm - ok
    10:50:23.0146 3556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    10:50:23.0146 3556 BrUsbSer - ok
    10:50:23.0162 3556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    10:50:23.0162 3556 BTHMODEM - ok
    10:50:23.0193 3556 catchme - ok
    10:50:23.0224 3556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    10:50:23.0224 3556 cdfs - ok
    10:50:23.0271 3556 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    10:50:23.0271 3556 cdrom - ok
    10:50:23.0302 3556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    10:50:23.0302 3556 circlass - ok
    10:50:23.0349 3556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    10:50:23.0349 3556 CLFS - ok
    10:50:23.0396 3556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    10:50:23.0396 3556 CmBatt - ok
    10:50:23.0412 3556 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    10:50:23.0412 3556 cmdide - ok
    10:50:23.0427 3556 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    10:50:23.0443 3556 CNG - ok
    10:50:23.0474 3556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    10:50:23.0474 3556 Compbatt - ok
    10:50:23.0505 3556 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    10:50:23.0505 3556 CompositeBus - ok
    10:50:23.0568 3556 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
    10:50:23.0568 3556 cpuz135 - ok
    10:50:23.0584 3556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    10:50:23.0584 3556 crcdisk - ok
    10:50:23.0646 3556 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    10:50:23.0662 3556 CSC - ok
    10:50:23.0709 3556 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    10:50:23.0709 3556 DfsC - ok
    10:50:23.0724 3556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    10:50:23.0724 3556 discache - ok
    10:50:23.0755 3556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    10:50:23.0755 3556 Disk - ok
    10:50:23.0787 3556 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
    10:50:23.0787 3556 dmvsc - ok
    10:50:23.0849 3556 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    10:50:23.0849 3556 drmkaud - ok
    10:50:23.0880 3556 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    10:50:23.0880 3556 DXGKrnl - ok
    10:50:23.0959 3556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    10:50:23.0974 3556 ebdrv - ok
    10:50:24.0005 3556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    10:50:24.0005 3556 elxstor - ok
    10:50:24.0021 3556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    10:50:24.0021 3556 ErrDev - ok
    10:50:24.0052 3556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    10:50:24.0052 3556 exfat - ok
    10:50:24.0084 3556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    10:50:24.0084 3556 fastfat - ok
    10:50:24.0115 3556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    10:50:24.0115 3556 fdc - ok
    10:50:24.0146 3556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    10:50:24.0146 3556 FileInfo - ok
    10:50:24.0162 3556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    10:50:24.0162 3556 Filetrace - ok
    10:50:24.0177 3556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    10:50:24.0177 3556 flpydisk - ok
    10:50:24.0193 3556 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    10:50:24.0209 3556 FltMgr - ok
    10:50:24.0240 3556 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    10:50:24.0240 3556 FsDepends - ok
    10:50:24.0255 3556 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    10:50:24.0255 3556 Fs_Rec - ok
    10:50:24.0271 3556 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    10:50:24.0271 3556 fvevol - ok
    10:50:24.0302 3556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    10:50:24.0302 3556 gagp30kx - ok
    10:50:24.0334 3556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    10:50:24.0334 3556 hcw85cir - ok
    10:50:24.0396 3556 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    10:50:24.0396 3556 HdAudAddService - ok
    10:50:24.0443 3556 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:50:24.0443 3556 HDAudBus - ok
    10:50:24.0443 3556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    10:50:24.0443 3556 HidBatt - ok
    10:50:24.0474 3556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    10:50:24.0474 3556 HidBth - ok
    10:50:24.0490 3556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    10:50:24.0490 3556 HidIr - ok
    10:50:24.0537 3556 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    10:50:24.0537 3556 HidUsb - ok
    10:50:24.0552 3556 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    10:50:24.0552 3556 HpSAMD - ok
    10:50:24.0599 3556 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    10:50:24.0599 3556 HTTP - ok
    10:50:24.0646 3556 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    10:50:24.0646 3556 hwpolicy - ok
    10:50:24.0677 3556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    10:50:24.0677 3556 i8042prt - ok
    10:50:24.0724 3556 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    10:50:24.0724 3556 iaStorV - ok
    10:50:24.0755 3556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    10:50:24.0755 3556 iirsp - ok
    10:50:24.0771 3556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    10:50:24.0771 3556 intelide - ok
    10:50:24.0802 3556 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    10:50:24.0802 3556 intelppm - ok
    10:50:24.0818 3556 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:50:24.0818 3556 IpFilterDriver - ok
    10:50:24.0818 3556 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    10:50:24.0818 3556 IPMIDRV - ok
    10:50:24.0834 3556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    10:50:24.0834 3556 IPNAT - ok
    10:50:24.0865 3556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    10:50:24.0865 3556 IRENUM - ok
    10:50:24.0880 3556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    10:50:24.0880 3556 isapnp - ok
    10:50:24.0912 3556 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    10:50:24.0912 3556 iScsiPrt - ok
    10:50:24.0943 3556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    10:50:24.0943 3556 kbdclass - ok
    10:50:24.0974 3556 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    10:50:24.0974 3556 kbdhid - ok
    10:50:24.0990 3556 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    10:50:24.0990 3556 KSecDD - ok
    10:50:25.0005 3556 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    10:50:25.0005 3556 KSecPkg - ok
    10:50:25.0021 3556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    10:50:25.0021 3556 ksthunk - ok
    10:50:25.0068 3556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    10:50:25.0068 3556 lltdio - ok
    10:50:25.0099 3556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    10:50:25.0099 3556 LSI_FC - ok
    10:50:25.0115 3556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    10:50:25.0115 3556 LSI_SAS - ok
    10:50:25.0130 3556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    10:50:25.0130 3556 LSI_SAS2 - ok
    10:50:25.0146 3556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    10:50:25.0146 3556 LSI_SCSI - ok
    10:50:25.0177 3556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    10:50:25.0177 3556 luafv - ok
    10:50:25.0224 3556 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
    10:50:25.0224 3556 MBAMProtector - ok
    10:50:25.0255 3556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    10:50:25.0255 3556 megasas - ok
    10:50:25.0287 3556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    10:50:25.0287 3556 MegaSR - ok
    10:50:25.0302 3556 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    10:50:25.0302 3556 Modem - ok
    10:50:25.0334 3556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    10:50:25.0334 3556 monitor - ok
    10:50:25.0365 3556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    10:50:25.0380 3556 mouclass - ok
    10:50:25.0412 3556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
    10:50:25.0412 3556 mouhid - ok
    10:50:25.0427 3556 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    10:50:25.0427 3556 mountmgr - ok
    10:50:25.0459 3556 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    10:50:25.0459 3556 mpio - ok
    10:50:25.0459 3556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    10:50:25.0459 3556 mpsdrv - ok
    10:50:25.0474 3556 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    10:50:25.0474 3556 MRxDAV - ok
    10:50:25.0490 3556 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:50:25.0490 3556 mrxsmb - ok
    10:50:25.0505 3556 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:50:25.0505 3556 mrxsmb10 - ok
    10:50:25.0521 3556 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:50:25.0521 3556 mrxsmb20 - ok
    10:50:25.0537 3556 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    10:50:25.0537 3556 msahci - ok
    10:50:25.0552 3556 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    10:50:25.0552 3556 msdsm - ok
    10:50:25.0584 3556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    10:50:25.0584 3556 Msfs - ok
    10:50:25.0615 3556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    10:50:25.0630 3556 mshidkmdf - ok
    10:50:25.0646 3556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    10:50:25.0646 3556 msisadrv - ok
    10:50:25.0693 3556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    10:50:25.0693 3556 MSKSSRV - ok
    10:50:25.0740 3556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    10:50:25.0740 3556 MSPCLOCK - ok
    10:50:25.0771 3556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    10:50:25.0771 3556 MSPQM - ok
    10:50:25.0802 3556 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    10:50:25.0802 3556 MsRPC - ok
    10:50:25.0818 3556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    10:50:25.0818 3556 mssmbios - ok
    10:50:25.0834 3556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    10:50:25.0834 3556 MSTEE - ok
    10:50:25.0849 3556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    10:50:25.0849 3556 MTConfig - ok
    10:50:25.0849 3556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    10:50:25.0849 3556 Mup - ok
    10:50:25.0912 3556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    10:50:25.0912 3556 NativeWifiP - ok
    10:50:25.0974 3556 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    10:50:25.0974 3556 NDIS - ok
    10:50:26.0021 3556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    10:50:26.0021 3556 NdisCap - ok
    10:50:26.0068 3556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    10:50:26.0068 3556 NdisTapi - ok
    10:50:26.0130 3556 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    10:50:26.0130 3556 Ndisuio - ok
    10:50:26.0130 3556 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    10:50:26.0130 3556 NdisWan - ok
    10:50:26.0146 3556 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    10:50:26.0146 3556 NDProxy - ok
    10:50:26.0209 3556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    10:50:26.0209 3556 NetBIOS - ok
    10:50:26.0224 3556 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    10:50:26.0224 3556 NetBT - ok
    10:50:26.0271 3556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    10:50:26.0271 3556 nfrd960 - ok
    10:50:26.0318 3556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    10:50:26.0318 3556 Npfs - ok
    10:50:26.0349 3556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    10:50:26.0349 3556 nsiproxy - ok
    10:50:26.0427 3556 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    10:50:26.0427 3556 Ntfs - ok
    10:50:26.0459 3556 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    10:50:26.0459 3556 Null - ok
    10:50:26.0505 3556 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
    10:50:26.0521 3556 NVENETFD - ok
    10:50:26.0568 3556 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
    10:50:26.0568 3556 NVNET - ok
    10:50:26.0599 3556 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    10:50:26.0599 3556 nvraid - ok
    10:50:26.0630 3556 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    10:50:26.0630 3556 nvstor - ok
    10:50:26.0630 3556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    10:50:26.0630 3556 nv_agp - ok
    10:50:26.0662 3556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    10:50:26.0662 3556 ohci1394 - ok
    10:50:26.0709 3556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    10:50:26.0724 3556 Parport - ok
    10:50:26.0724 3556 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    10:50:26.0724 3556 partmgr - ok
    10:50:26.0740 3556 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    10:50:26.0740 3556 pci - ok
    10:50:26.0771 3556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    10:50:26.0771 3556 pciide - ok
    10:50:26.0802 3556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    10:50:26.0802 3556 pcmcia - ok
    10:50:26.0818 3556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    10:50:26.0818 3556 pcw - ok
    10:50:26.0834 3556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    10:50:26.0849 3556 PEAUTH - ok
    10:50:26.0927 3556 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    10:50:26.0927 3556 PptpMiniport - ok
    10:50:26.0943 3556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    10:50:26.0943 3556 Processor - ok
    10:50:27.0005 3556 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    10:50:27.0005 3556 Psched - ok
    10:50:27.0052 3556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    10:50:27.0052 3556 ql2300 - ok
    10:50:27.0068 3556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    10:50:27.0084 3556 ql40xx - ok
    10:50:27.0099 3556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    10:50:27.0099 3556 QWAVEdrv - ok
    10:50:27.0115 3556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    10:50:27.0115 3556 RasAcd - ok
    10:50:27.0162 3556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    10:50:27.0162 3556 RasAgileVpn - ok
    10:50:27.0177 3556 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:50:27.0177 3556 Rasl2tp - ok
    10:50:27.0193 3556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    10:50:27.0193 3556 RasPppoe - ok
    10:50:27.0224 3556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    10:50:27.0224 3556 RasSstp - ok
    10:50:27.0255 3556 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    10:50:27.0255 3556 rdbss - ok
    10:50:27.0271 3556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    10:50:27.0271 3556 rdpbus - ok
    10:50:27.0287 3556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:50:27.0287 3556 RDPCDD - ok
    10:50:27.0334 3556 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    10:50:27.0334 3556 RDPDR - ok
    10:50:27.0365 3556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    10:50:27.0365 3556 RDPENCDD - ok
    10:50:27.0380 3556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    10:50:27.0380 3556 RDPREFMP - ok
    10:50:27.0427 3556 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    10:50:27.0427 3556 RdpVideoMiniport - ok
    10:50:27.0427 3556 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    10:50:27.0443 3556 RDPWD - ok
    10:50:27.0474 3556 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    10:50:27.0474 3556 rdyboost - ok
    10:50:27.0552 3556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    10:50:27.0552 3556 rspndr - ok
    10:50:27.0584 3556 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
    10:50:27.0584 3556 RTL8187 - ok
    10:50:27.0615 3556 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    10:50:27.0615 3556 s3cap - ok
    10:50:27.0630 3556 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    10:50:27.0646 3556 sbp2port - ok
    10:50:27.0662 3556 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    10:50:27.0662 3556 scfilter - ok
    10:50:27.0709 3556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    10:50:27.0709 3556 secdrv - ok
    10:50:27.0771 3556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    10:50:27.0771 3556 Serenum - ok
    10:50:27.0771 3556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    10:50:27.0787 3556 Serial - ok
    10:50:27.0818 3556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    10:50:27.0818 3556 sermouse - ok
    10:50:27.0849 3556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    10:50:27.0849 3556 sffdisk - ok
    10:50:27.0865 3556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    10:50:27.0865 3556 sffp_mmc - ok
    10:50:27.0880 3556 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    10:50:27.0880 3556 sffp_sd - ok
    10:50:27.0912 3556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    10:50:27.0912 3556 sfloppy - ok
    10:50:27.0943 3556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    10:50:27.0943 3556 SiSRaid2 - ok
    10:50:27.0959 3556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    10:50:27.0959 3556 SiSRaid4 - ok
    10:50:27.0990 3556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    10:50:27.0990 3556 Smb - ok
    10:50:28.0037 3556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    10:50:28.0037 3556 spldr - ok
    10:50:28.0068 3556 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
    10:50:28.0068 3556 srv - ok
    10:50:28.0084 3556 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
    10:50:28.0084 3556 srv2 - ok
    10:50:28.0099 3556 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
    10:50:28.0099 3556 srvnet - ok
    10:50:28.0255 3556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    10:50:28.0255 3556 stexstor - ok
    10:50:28.0334 3556 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    10:50:28.0334 3556 storflt - ok
    10:50:28.0380 3556 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    10:50:28.0380 3556 storvsc - ok
    10:50:28.0396 3556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    10:50:28.0396 3556 swenum - ok
    10:50:28.0443 3556 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
    10:50:28.0443 3556 Synth3dVsc - ok
    10:50:28.0490 3556 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    10:50:28.0505 3556 Tcpip - ok
    10:50:28.0537 3556 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    10:50:28.0552 3556 TCPIP6 - ok
    10:50:28.0584 3556 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    10:50:28.0584 3556 tcpipreg - ok
    10:50:28.0615 3556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    10:50:28.0615 3556 TDPIPE - ok
    10:50:28.0630 3556 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    10:50:28.0630 3556 TDTCP - ok
    10:50:28.0677 3556 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    10:50:28.0677 3556 tdx - ok
    10:50:28.0709 3556 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    10:50:28.0709 3556 TermDD - ok
    10:50:28.0740 3556 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
    10:50:28.0740 3556 terminpt - ok
    10:50:28.0771 3556 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:50:28.0771 3556 tssecsrv - ok
    10:50:28.0802 3556 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    10:50:28.0802 3556 TsUsbFlt - ok
    10:50:28.0802 3556 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    10:50:28.0802 3556 TsUsbGD - ok
    10:50:28.0834 3556 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
    10:50:28.0834 3556 tsusbhub - ok
    10:50:28.0896 3556 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    10:50:28.0896 3556 tunnel - ok
    10:50:28.0912 3556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    10:50:28.0912 3556 uagp35 - ok
    10:50:28.0943 3556 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    10:50:28.0943 3556 udfs - ok
    10:50:28.0959 3556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    10:50:28.0974 3556 uliagpkx - ok
    10:50:29.0005 3556 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    10:50:29.0005 3556 umbus - ok
    10:50:29.0021 3556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    10:50:29.0021 3556 UmPass - ok
    10:50:29.0037 3556 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
    10:50:29.0052 3556 usbccgp - ok
    10:50:29.0068 3556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    10:50:29.0068 3556 usbcir - ok
    10:50:29.0084 3556 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
    10:50:29.0084 3556 usbehci - ok
    10:50:29.0115 3556 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
    10:50:29.0115 3556 usbhub - ok
    10:50:29.0146 3556 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    10:50:29.0146 3556 usbohci - ok
    10:50:29.0193 3556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    10:50:29.0193 3556 usbprint - ok
    10:50:29.0209 3556 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:50:29.0209 3556 USBSTOR - ok
    10:50:29.0224 3556 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
    10:50:29.0224 3556 usbuhci - ok
    10:50:29.0271 3556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    10:50:29.0271 3556 vdrvroot - ok
    10:50:29.0318 3556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    10:50:29.0318 3556 vga - ok
    10:50:29.0334 3556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    10:50:29.0334 3556 VgaSave - ok
    10:50:29.0334 3556 VGPU - ok
    10:50:29.0365 3556 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    10:50:29.0365 3556 vhdmp - ok
    10:50:29.0443 3556 VIAHdAudAddService (906a7c6b6659a650648cf21998270945) C:\Windows\system32\drivers\viahduaa.sys
    10:50:29.0443 3556 VIAHdAudAddService - ok
    10:50:29.0490 3556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    10:50:29.0490 3556 viaide - ok
    10:50:29.0537 3556 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    10:50:29.0537 3556 vmbus - ok
    10:50:29.0552 3556 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    10:50:29.0552 3556 VMBusHID - ok
    10:50:29.0568 3556 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    10:50:29.0568 3556 volmgr - ok
    10:50:29.0584 3556 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    10:50:29.0584 3556 volmgrx - ok
    10:50:29.0599 3556 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    10:50:29.0599 3556 volsnap - ok
    10:50:29.0615 3556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    10:50:29.0615 3556 vsmraid - ok
    10:50:29.0646 3556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    10:50:29.0646 3556 vwifibus - ok
    10:50:29.0662 3556 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    10:50:29.0662 3556 vwififlt - ok
    10:50:29.0677 3556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    10:50:29.0677 3556 WacomPen - ok
    10:50:29.0709 3556 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    10:50:29.0709 3556 WANARP - ok
    10:50:29.0709 3556 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    10:50:29.0709 3556 Wanarpv6 - ok
    10:50:29.0740 3556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    10:50:29.0740 3556 Wd - ok
    10:50:29.0771 3556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    10:50:29.0771 3556 Wdf01000 - ok
    10:50:29.0834 3556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    10:50:29.0834 3556 WfpLwf - ok
    10:50:29.0849 3556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    10:50:29.0849 3556 WIMMount - ok
    10:50:29.0880 3556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    10:50:29.0880 3556 WmiAcpi - ok
    10:50:29.0912 3556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    10:50:29.0912 3556 ws2ifsl - ok
    10:50:29.0943 3556 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    10:50:29.0943 3556 WudfPf - ok
    10:50:29.0990 3556 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:50:29.0990 3556 WUDFRd - ok
    10:50:30.0068 3556 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
    10:50:30.0068 3556 xnacc - ok
    10:50:30.0115 3556 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    10:50:30.0115 3556 \Device\Harddisk0\DR0 - ok
    10:50:30.0115 3556 Boot (0x1200) (7a9b9c1ec6a3aacdd59c44beae061d30) \Device\Harddisk0\DR0\Partition0
    10:50:30.0115 3556 \Device\Harddisk0\DR0\Partition0 - ok
    10:50:30.0130 3556 Boot (0x1200) (0dad84adaeffc8707149c9c025a4b27e) \Device\Harddisk0\DR0\Partition1
    10:50:30.0130 3556 \Device\Harddisk0\DR0\Partition1 - ok
    10:50:30.0130 3556 ============================================================
    10:50:30.0130 3556 Scan finished
    10:50:30.0130 3556 ============================================================
    10:50:30.0146 4708 Detected object count: 0
    10:50:30.0146 4708 Actual detected object count: 0
  7. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    TDSS didnt detect any suspicious files but its still there
  8. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    -posted a new one
  10. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    -pasted the new one
  11. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    -posted the new one-
  12. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    THE LATEST ONE


    OTL Extras logfile created on: 11/6/2011 11:32:37 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jaime\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.27% Memory free
    8.00 Gb Paging File | 6.03 Gb Available in Paging File | 75.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 19.98 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
    Drive D: | 149.04 Gb Total Space | 8.45 Gb Free Space | 5.67% Space Free | Partition Type: NTFS
    Drive E: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JAIME-PC | User Name: Jaime | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{7FA24ACE-BF20-5570-F94A-3AE540223771}" = AMD Catalyst Install Manager
    "{B305CEFC-93A1-EF99-BFEF-CF7985E88D03}" = ccc-utility64
    "{D0D59644-6282-D7C8-0EE3-4DDD7245C84C}" = AMD Media Foundation Decoders
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DDB6F0B2-7EF7-8FD3-0B37-9C42DC9E1C74}" = AMD Drag and Drop Transcoding
    "{F5C71398-0779-7AF2-4C7A-B7E1E0A622A2}" = AMD Fuel
    "AntiFreeze_is1" = AntiFreeze 1.01
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0DF70CB6-553A-4C57-8E6D-876322ECFB78}" = REALTEK Wireless LAN Driver and Utility
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22764EFF-300F-8F3D-564D-7A4C4662D120}" = CCC Help Polish
    "{2894AAC3-9A08-FF3A-6737-41A6178D0A09}" = CCC Help Chinese Standard
    "{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
    "{3536AD21-940C-D198-DD10-078011A5C13B}" = CCC Help Thai
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{49D87A8F-D04F-7749-DD32-BDBF9B24B232}" = CCC Help Finnish
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{660C748F-A503-B771-7BD6-2D7C5AA1DBB4}" = CCC Help Dutch
    "{6E03FAB5-6253-58B8-B939-AA83F64C3278}" = CCC Help Swedish
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{7A75AFE3-A0C3-951D-4804-54721360FF90}" = CCC Help Hungarian
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}" = Nero 8 Essentials
    "{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9F218882-4CF1-F411-111A-B9B68770C0CE}" = CCC Help Czech
    "{A1EF8DA8-E0CB-C805-4ACA-B7C028CF36F2}" = CCC Help Italian
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F27D99-8478-C124-8978-09595FA9D805}" = CCC Help Portuguese
    "{AAB0D88E-85D7-22CC-6935-0D2247152700}" = CCC Help French
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{C104E9E6-F21E-2762-FBF0-6FE820B2D739}" = CCC Help Korean
    "{C5632631-95E3-4DAF-2EB1-487EBE04DE19}" = AMD VISION Engine Control Center
    "{C95E964C-FCF4-13DB-1445-4FA8062271F8}" = CCC Help Spanish
    "{D7A8C334-7974-54A4-6533-EB84D19D7133}" = CCC Help English
    "{D89F00EB-7868-A817-D618-AA446C0D56B3}" = CCC Help Chinese Traditional
    "{D9AB20FE-5267-7A1A-2064-8F18969DF88D}" = CCC Help German
    "{DA45F8EC-4226-EA6A-4DA9-F1148F801BDA}" = CCC Help Russian
    "{DA7747E1-1F8D-BBC5-BE66-00B21BE5B81B}" = CCC Help Turkish
    "{DADEC9BB-66FC-A3E4-8BC9-83E73BA1B5B2}" = CCC Help Greek
    "{DD0FDF02-6AA4-8C7D-AAB0-4C8C7207C0C1}" = CCC Help Japanese
    "{E0D5CB1C-7D35-709E-7F58-6CF6FFC3D6B7}" = Catalyst Control Center Graphics Previews Common
    "{EB20F561-2AF5-0368-E353-AF093FBBADC2}" = CCC Help Norwegian
    "{ECDE16E7-E3FC-F094-F14D-0326D03B9D96}" = Catalyst Control Center InstallProxy
    "{F38AF6F6-059C-C683-826F-00539526D86D}" = CCC Help Danish
    "{FCD58710-F023-E26C-6373-79C72FED0B90}" = Catalyst Control Center Localization All
    "ACDSee Trial Version" = ACDSee Trial Version
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AnVir Task Manager Free" = AnVir Task Manager Free
    "avast" = avast! Free Antivirus
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "ESN Sonar-0.70.4" = ESN Sonar
    "Google Chrome" = Google Chrome
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "Internet Download Manager" = Internet Download Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
    "ObjectDock Free" = ObjectDock Free
    "Origin" = Origin
    "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 24200" = DC Universe Online
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.11
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/5/2011 6:22:26 AM | Computer Name = Jaime-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "D:\OCT 25 BACKUP\My Documents\Downloads\Programs\SoftonicDownloader_for_hjsplit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 11/5/2011 6:25:05 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/5/2011 6:30:38 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/5/2011 7:03:49 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/5/2011 6:38:35 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/5/2011 7:57:48 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/5/2011 9:39:49 PM | Computer Name = Jaime-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4ea790c9 Exception code: 0xc0000005 Fault offset: 0x6c9cf1e9 Faulting
    process id: 0x1494 Faulting application start time: 0x01cc9c218ffc6eea Faulting application
    path: c:\program files (x86)\steam\steamapps\jadariin2\team fortress 2\hl2.exe Faulting
    module path: filesystem_steam.dll Report Id: 36b45df7-0818-11e1-9fe7-002522183aa8

    Error - 11/5/2011 10:04:49 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/5/2011 10:22:36 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/5/2011 11:21:57 PM | Computer Name = Jaime-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Origin.exe, version: 8.3.1.9, time stamp:
    0x4ea09629 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting process id:
    0xb90 Faulting application start time: 0x01cc9c2af3a82306 Faulting application path:
    C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 7b4eb06b-0826-11e1-9767-002522183aa8

    [ System Events ]
    Error - 11/5/2011 10:22:52 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001
    Description =

    Error - 11/5/2011 10:23:30 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 11/5/2011 10:23:35 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 30013
    Description =

    Error - 11/5/2011 10:23:47 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 30013
    Description =

    Error - 11/5/2011 10:26:46 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001
    Description =

    Error - 11/5/2011 11:20:40 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 11/5/2011 11:21:11 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001
    Description =

    Error - 11/5/2011 11:21:41 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 11/5/2011 11:23:34 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001
    Description =

    Error - 11/5/2011 11:25:48 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001
    Description =


    < End of report >
  13. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    OTL logfile created on: 11/6/2011 11:55:56 AM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jaime\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.42% Memory free
    8.00 Gb Paging File | 5.77 Gb Available in Paging File | 72.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 19.08 Gb Free Space | 12.80% Space Free | Partition Type: NTFS
    Drive D: | 149.04 Gb Total Space | 8.45 Gb Free Space | 5.67% Space Free | Partition Type: NTFS
    Drive E: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JAIME-PC | User Name: Jaime | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/06 11:29:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jaime\Downloads\OTL.exe
    PRC - [2011/11/05 15:44:32 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2011/11/03 22:08:56 | 001,149,288 | ---- | M] (ESN Social Software AB) -- C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
    PRC - [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2011/10/26 09:37:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/10/25 21:58:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/10/25 21:28:10 | 003,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    PRC - [2011/09/07 04:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/09/07 04:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/01/13 18:26:26 | 001,196,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtWLan.exe
    PRC - [2010/10/07 04:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    PRC - [2010/09/06 19:42:10 | 000,221,184 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RTLDHCP.exe
    PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtlService.exe
    PRC - [2009/10/15 17:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    PRC - [2009/09/29 01:37:54 | 001,581,280 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/05 15:44:31 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2011/11/05 15:44:26 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
    MOD - [2011/11/05 15:44:26 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2011/11/05 15:44:26 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
    MOD - [2011/11/05 15:44:26 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
    MOD - [2011/10/26 16:10:46 | 000,420,920 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
    MOD - [2011/10/26 16:10:45 | 003,702,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
    MOD - [2011/10/26 16:09:09 | 000,122,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\avutil-51.dll
    MOD - [2011/10/26 16:09:07 | 000,222,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\avformat-53.dll
    MOD - [2011/10/26 16:09:06 | 001,745,992 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
    MOD - [2011/10/26 13:14:43 | 008,587,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
    MOD - [2011/02/19 13:47:14 | 000,129,192 | ---- | M] () -- C:\Program Files (x86)\Mumble\mumble_ol.dll
    MOD - [2010/10/05 01:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll
    MOD - [2010/10/05 01:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll
    MOD - [2010/10/05 01:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll
    MOD - [2010/10/05 01:54:22 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\Docklets\Clock\Clock.dll
    MOD - [2009/03/17 11:09:56 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/03/17 11:09:56 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/03/17 11:09:42 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/10/07 11:28:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/10/06 23:27:18 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/09/07 04:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
    SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2011/11/05 15:44:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/10/26 09:37:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
    SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/10/07 13:21:40 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/10/07 10:46:02 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/09/07 04:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/09/07 04:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/09/07 04:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/09/07 04:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/09/07 04:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/09/07 04:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2011/06/07 06:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/11/21 11:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/01/07 11:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
    DRV:64bit: - [2009/09/17 19:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 08:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/11 04:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/30 13:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-605152205-987019497-2644730799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
    IE - HKU\S-1-5-21-605152205-987019497-2644730799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 4B 14 89 19 93 CC 01 [binary data]
    IE - HKU\S-1-5-21-605152205-987019497-2644730799-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/26 06:20:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/25 21:27:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/25 21:27:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Jaime\AppData\Roaming\IDM\idmmzcc3 [2011/11/06 10:22:47 | 000,000,000 | ---D | M]

    [2011/10/25 21:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaime\AppData\Roaming\Mozilla\Extensions
    [2011/10/25 21:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaime\AppData\Roaming\Mozilla\Firefox\Profiles\g4am3xke.default\extensions
    [2011/10/25 21:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/10/26 06:20:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/11/06 10:22:47 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\JAIME\APPDATA\ROAMING\IDM\IDMMZCC3

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: avast! WebRep = C:\Users\Jaime\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
    CHR - Extension: Coderah Battlelog Mods = C:\Users\Jaime\AppData\Local\Google\Chrome\User Data\Default\Extensions\joebeijolffnafcbmphbeoingofelicj\2.2_0\

    O1 HOSTS File: ([2011/11/06 10:05:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-605152205-987019497-2644730799-1000..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe (Resplendence Software Projects Sp.)
    O4 - HKU\S-1-5-21-605152205-987019497-2644730799-1000..\Run: [AnVir Task Manager Free] C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe (AnVir Software)
    O4 - HKU\S-1-5-21-605152205-987019497-2644730799-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    O4 - HKU\S-1-5-21-605152205-987019497-2644730799-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKU\S-1-5-21-605152205-987019497-2644730799-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-605152205-987019497-2644730799-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-605152205-987019497-2644730799-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-605152205-987019497-2644730799-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A25C20DD-909D-442E-8477-39459A156D11}: NameServer = 210.4.2.61 202.78.97.41
    O18:64bit: - Protocol\Handler\cdo - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/21 10:17:02 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/06 10:46:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2011/11/06 10:09:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/06 10:05:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/06 09:56:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/06 09:56:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/06 09:56:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/06 09:56:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/06 09:55:44 | 004,284,686 | R--- | C] (Swearware) -- C:\Users\Jaime\Desktop\ComboFix.exe
    [2011/11/06 09:54:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/06 09:45:13 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\Steps anti virus_files
    [2011/11/06 07:31:57 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\SHOW THESE
    [2011/11/05 20:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/11/05 20:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/11/05 20:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2011/11/05 19:07:51 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\topic58138_files
    [2011/11/05 18:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2011/11/05 18:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2011/11/05 18:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2011/11/05 18:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2011/11/05 18:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2011/11/05 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2011/11/05 17:09:43 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Malwarebytes
    [2011/11/05 17:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/05 17:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/05 17:07:11 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/11/05 17:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/05 16:29:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/11/05 16:09:11 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Virus Remover
    [2011/11/05 16:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Virus Remover
    [2011/11/05 08:50:57 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/11/05 08:26:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2011/11/05 08:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/11/04 23:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ragnarok Online
    [2011/11/04 07:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2011/11/03 00:11:51 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2011/10/31 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\PCSX2
    [2011/10/31 14:55:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2011/10/31 14:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
    [2011/10/31 14:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSX2 0.9.8
    [2011/10/30 07:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2011/10/30 07:18:17 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\uTorrent
    [2011/10/30 07:18:17 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\uTorrent
    [2011/10/28 18:32:29 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\ESN Sonar
    [2011/10/28 06:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiFreeze
    [2011/10/28 06:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\AntiFreeze
    [2011/10/28 05:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnVir Task Manager Free
    [2011/10/28 05:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnVir Task Manager Free
    [2011/10/28 05:52:52 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\AnVir
    [2011/10/27 21:53:26 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\ODUI
    [2011/10/27 21:53:16 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Stardock
    [2011/10/27 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\Stardock
    [2011/10/27 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\Stardock
    [2011/10/27 21:53:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
    [2011/10/27 21:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
    [2011/10/27 21:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
    [2011/10/27 21:52:55 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\PackageAware
    [2011/10/27 12:48:54 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Mumble
    [2011/10/27 12:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
    [2011/10/27 12:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
    [2011/10/27 11:23:23 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
    [2011/10/27 11:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2011/10/27 11:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2011/10/26 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\SKIDROW
    [2011/10/26 21:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
    [2011/10/26 20:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black_Box
    [2011/10/26 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\Wizards of the Coast
    [2011/10/26 12:38:10 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\vlc
    [2011/10/26 12:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    [2011/10/26 12:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
    [2011/10/26 12:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
    [2011/10/26 12:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2011/10/26 12:26:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
    [2011/10/26 12:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
    [2011/10/26 12:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
    [2011/10/26 12:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2011/10/26 12:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
    [2011/10/26 12:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
    [2011/10/26 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2011/10/26 12:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2011/10/26 11:51:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2011/10/26 11:06:44 | 000,000,000 | ---D | C] -- C:\Windows.old
    [2011/10/26 10:57:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2011/10/26 10:54:15 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2011/10/26 08:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
    [2011/10/26 08:02:22 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\PunkBuster
    [2011/10/26 08:02:17 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\Battlefield 3
    [2011/10/26 08:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
    [2011/10/26 08:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK Wireless LAN Utility
    [2011/10/26 08:00:10 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
    [2011/10/26 08:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK
    [2011/10/26 07:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
    [2011/10/26 07:10:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
    [2011/10/26 06:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Origin
    [2011/10/26 06:26:10 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\Origin
    [2011/10/26 06:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    [2011/10/26 06:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
    [2011/10/26 06:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
    [2011/10/26 06:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
    [2011/10/26 06:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
    [2011/10/26 06:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/10/26 06:21:01 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/10/26 06:21:01 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/10/26 06:20:59 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/10/26 06:20:59 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/10/26 06:20:59 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/10/26 06:20:59 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/10/26 06:20:54 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/10/26 06:20:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/10/25 22:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/10/25 22:35:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2011/10/25 22:20:32 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\WinRAR
    [2011/10/25 22:00:23 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\Google
    [2011/10/25 22:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2011/10/25 22:00:07 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/10/25 21:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/10/25 21:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/10/25 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2011/10/25 21:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2011/10/25 21:56:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2011/10/25 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/10/25 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/10/25 21:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2011/10/25 21:45:56 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Macromedia
    [2011/10/25 21:45:56 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Adobe
    [2011/10/25 21:29:39 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACD Systems
    [2011/10/25 21:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
    [2011/10/25 21:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems
    [2011/10/25 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\IDM
    [2011/10/25 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\Downloads
    [2011/10/25 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\DMCache
    [2011/10/25 21:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2011/10/25 21:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2011/10/25 21:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
    [2011/10/25 21:27:07 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Mozilla
    [2011/10/25 21:27:07 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\Mozilla
    [2011/10/25 21:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
    [2011/10/25 21:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2011/10/25 21:22:25 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
    [2011/10/25 21:22:25 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
    [2011/10/25 21:22:25 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
    [2011/10/25 21:22:25 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
    [2011/10/25 21:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
    [2011/10/25 21:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2011/10/25 21:21:04 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\AMD
    [2011/10/25 21:20:24 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\ATI
    [2011/10/25 21:20:24 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\ATI
    [2011/10/25 21:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
    [2011/10/25 20:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2011/10/25 20:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2011/10/25 20:52:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2011/10/25 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2011/10/25 20:51:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2011/10/25 20:48:04 | 000,000,000 | R--D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/10/25 20:48:04 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Searches
    [2011/10/25 20:48:04 | 000,000,000 | R--D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/10/25 20:48:03 | 000,000,000 | -H-D | C] -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/10/25 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Identities
    [2011/10/25 20:47:31 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Contacts
    [2011/10/25 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\VirtualStore
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\AppData\Local\Temporary Internet Files
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Templates
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Start Menu
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\SendTo
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Recent
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\PrintHood
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\NetHood
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Documents\My Videos
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Documents\My Pictures
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Documents\My Music
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\My Documents
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Local Settings
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\AppData\Local\History
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Cookies
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\Application Data
    [2011/10/25 20:44:23 | 000,000,000 | -HSD | C] -- C:\Users\Jaime\AppData\Local\Application Data
    [2011/10/25 20:44:22 | 000,000,000 | --SD | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Videos
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Saved Games
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Pictures
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Music
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Links
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Favorites
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Downloads
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Documents
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\Desktop
    [2011/10/25 20:44:22 | 000,000,000 | R--D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/10/25 20:44:22 | 000,000,000 | -H-D | C] -- C:\Users\Jaime\AppData
    [2011/10/25 20:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\Temp
    [2011/10/25 20:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\Microsoft
    [2011/10/25 20:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Media Center Programs
    [2011/10/25 20:43:13 | 000,000,000 | ---D | C] -- C:\Recovery
    [2011/10/25 19:04:23 | 000,000,000 | ---D | C] -- C:\Boot
    [2011/10/25 18:09:49 | 000,000,000 | ---D | C] -- C:\Users\Jaime\Documents\Ding
    [2011/10/22 08:18:52 | 000,000,000 | ---D | C] -- C:\AMD
    [2011/10/19 10:33:15 | 000,000,000 | ---D | C] -- C:\ATI
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  14. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    ========== Files - Modified Within 30 Days ==========

    [2011/11/06 11:52:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/06 11:16:13 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2011/11/06 11:16:13 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/11/06 11:14:18 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2011/11/06 10:29:52 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/06 10:29:52 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/06 10:28:35 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/06 10:28:35 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/06 10:28:35 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/06 10:23:47 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2011/11/06 10:22:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/06 10:22:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/06 10:22:23 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/06 10:05:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/06 09:55:45 | 004,284,686 | R--- | M] (Swearware) -- C:\Users\Jaime\Desktop\ComboFix.exe
    [2011/11/06 09:45:15 | 000,094,660 | ---- | M] () -- C:\Users\Jaime\Documents\Steps anti virus.htm
    [2011/11/05 20:08:17 | 000,001,282 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/05 20:08:17 | 000,001,258 | ---- | M] () -- C:\Users\Jaime\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/05 19:38:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2011/11/05 19:38:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2011/11/05 19:08:16 | 000,092,338 | ---- | M] () -- C:\Users\Jaime\Documents\topic58138.html
    [2011/11/05 17:07:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/05 08:50:56 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/11/03 08:58:03 | 000,000,221 | ---- | M] () -- C:\Users\Jaime\Desktop\DC Universe Online.url
    [2011/11/03 01:29:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/10/30 07:18:41 | 000,000,967 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2011/10/28 05:53:00 | 000,001,023 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\AnVir Task Manager Free.lnk
    [2011/10/27 21:53:13 | 000,002,084 | ---- | M] () -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    [2011/10/27 12:51:54 | 000,002,377 | ---- | M] () -- C:\Users\Jaime\Documents\MumbleAutomaticCertificateBackup.p12
    [2011/10/26 12:46:31 | 000,284,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/10/26 12:31:49 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
    [2011/10/26 12:31:26 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2011/10/26 11:50:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/10/26 11:50:46 | 000,000,368 | RHS- | M] () -- C:\Boot.ini.saved
    [2011/10/26 11:02:03 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2011/10/26 11:02:03 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2011/10/26 09:37:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/10/26 06:20:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/10/25 22:40:22 | 000,002,239 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/10/25 22:22:48 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
    [2011/10/25 21:27:04 | 000,001,963 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/10/25 21:25:12 | 000,001,437 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/25 21:18:39 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2011/10/25 20:44:07 | 000,000,020 | RHS- | M] () -- C:\win7.ld
    [2011/10/25 20:44:06 | 000,412,497 | RHS- | M] () -- C:\OQZCY
    [2011/10/19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/06 09:56:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/06 09:56:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/06 09:56:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/06 09:56:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/06 09:56:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/06 09:45:13 | 000,094,660 | ---- | C] () -- C:\Users\Jaime\Documents\Steps anti virus.htm
    [2011/11/06 07:56:42 | 000,002,084 | ---- | C] () -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    [2011/11/06 07:56:42 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2011/11/05 20:08:17 | 000,001,282 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/05 20:08:17 | 000,001,258 | ---- | C] () -- C:\Users\Jaime\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/05 19:27:23 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2011/11/05 19:27:23 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2011/11/05 19:08:16 | 000,092,338 | ---- | C] () -- C:\Users\Jaime\Documents\topic58138.html
    [2011/11/05 17:07:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/03 08:58:03 | 000,000,221 | ---- | C] () -- C:\Users\Jaime\Desktop\DC Universe Online.url
    [2011/11/03 01:29:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/10/30 07:18:41 | 000,000,967 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2011/10/28 05:53:00 | 000,001,023 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\AnVir Task Manager Free.lnk
    [2011/10/27 12:51:54 | 000,002,377 | ---- | C] () -- C:\Users\Jaime\Documents\MumbleAutomaticCertificateBackup.p12
    [2011/10/26 12:31:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/10/26 12:31:26 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
    [2011/10/26 12:31:26 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
    [2011/10/26 12:31:26 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
    [2011/10/26 12:31:26 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
    [2011/10/26 12:31:26 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
    [2011/10/26 12:31:26 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
    [2011/10/26 11:00:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2011/10/26 10:59:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2011/10/26 10:52:14 | 3220,676,608 | -HS- | C] () -- C:\hiberfil.sys
    [2011/10/26 08:02:26 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2011/10/26 08:00:09 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2011/10/26 07:10:34 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/10/26 07:10:34 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2011/10/26 07:10:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/10/25 22:40:22 | 000,002,239 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/10/25 22:32:31 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/25 22:32:27 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/25 22:00:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/10/25 21:27:04 | 000,001,963 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/10/25 21:25:12 | 000,001,437 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/25 21:22:55 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
    [2011/10/25 21:22:55 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
    [2011/10/25 21:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/10/25 20:50:32 | 000,702,976 | R--- | C] () -- C:\Windows\SysNative\cohelper.dll
    [2011/10/25 20:50:32 | 000,005,940 | R--- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
    [2011/10/25 20:48:24 | 000,001,409 | ---- | C] () -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2011/10/25 20:48:12 | 000,001,443 | ---- | C] () -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/10/25 20:44:23 | 000,000,290 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/10/25 20:44:23 | 000,000,272 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/10/25 20:44:07 | 000,000,020 | RHS- | C] () -- C:\win7.ld
    [2011/10/25 20:44:06 | 000,412,497 | RHS- | C] () -- C:\OQZCY
    [2011/10/25 19:04:28 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
    [2011/10/25 19:04:23 | 000,383,786 | RHS- | C] () -- C:\bootmgr
    [2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/10/06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
    [2011/03/18 01:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/11/06 10:22:38 | 000,000,000 | ---D | M] -- C:\Users\Jaime\AppData\Roaming\DMCache
    [2011/11/06 10:22:47 | 000,000,000 | ---D | M] -- C:\Users\Jaime\AppData\Roaming\IDM
    [2011/11/06 11:32:04 | 000,000,000 | ---D | M] -- C:\Users\Jaime\AppData\Roaming\Mumble
    [2011/10/26 06:40:54 | 000,000,000 | ---D | M] -- C:\Users\Jaime\AppData\Roaming\Origin
    [2011/10/27 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Jaime\AppData\Roaming\Stardock
    [2011/11/06 11:32:17 | 000,000,000 | ---D | M] -- C:\Users\Jaime\AppData\Roaming\uTorrent
    [2009/07/14 13:08:49 | 000,013,432 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < OTL Extras logfile created on: 11/6/2011 11:32:37 AM - Run 1 >
    Invalid Switch: 2011 11:32:37 AM - Run 1


    < OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jaime\Downloads >

    < 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation >

    < Internet Explorer (Version = 8.0.7601.17514) >

    < Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy >
    Invalid Switch: yyyy


    < >

    < 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.27% Memory free >

    < 8.00 Gb Paging File | 6.03 Gb Available in Paging File | 75.44% Paging File free >

    < Paging file location(s): ?:\pagefile.sys [binary data] >

    < >

    < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) >

    < Drive C: | 149.04 Gb Total Space | 19.98 Gb Free Space | 13.40% Space Free | Partition Type: NTFS >

    < Drive D: | 149.04 Gb Total Space | 8.45 Gb Free Space | 5.67% Space Free | Partition Type: NTFS >

    < Drive E: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF >

    < >

    < Computer Name: JAIME-PC | User Name: Jaime | Logged in as Administrator. >

    < Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans >

    < Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days >

    < >

    < ========== Extra Registry (SafeList) ========== >
    Invalid Switch: color]


    < >

    < >

    < ========== File Associations ========== >
    Invalid Switch: color]


    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]


    < .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) >

    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >

    < .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) >

    < >

    < [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >

    < .html [@ = ChromeHTML] -- Reg Error: Key error. File not found >

    < >

    < ========== Shell Spawning ========== >
    Invalid Switch: color]


    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]


    < batfile [open] -- "%1" %* >

    < cmdfile [open] -- "%1" %* >

    < comfile [open] -- "%1" %* >

    < exefile [open] -- "%1" %* >

    < helpfile [open] -- Reg Error: Key error. >

    < htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) >

    < inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) >

    < InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) >

    < InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) >

    < piffile [open] -- "%1" %* >

    < regfile [merge] -- Reg Error: Key error. >

    < scrfile [config] -- "%1" >

    < scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >

    < scrfile [open] -- "%1" /S >

    < txtfile [edit] -- Reg Error: Key error. >

    < Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >

    < Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () >

    < Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >

    < Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >

    < Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () >

    < Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >

    < Folder [explore] -- Reg Error: Value error. >

    < Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >

    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >

    < batfile [open] -- "%1" %* >

    < cmdfile [open] -- "%1" %* >

    < comfile [open] -- "%1" %* >

    < cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >

    < exefile [open] -- "%1" %* >

    < helpfile [open] -- Reg Error: Key error. >

    < piffile [open] -- "%1" %* >

    < regfile [merge] -- Reg Error: Key error. >

    < scrfile [config] -- "%1" >

    < scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >

    < scrfile [open] -- "%1" /S >

    < txtfile [edit] -- Reg Error: Key error. >

    < Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >

    < Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () >

    < Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >

    < Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >

    < Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () >

    < Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >

    < Folder [explore] -- Reg Error: Value error. >

    < Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >

    < >

    < ========== Security Center Settings ========== >
    Invalid Switch: color]


    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]


    < "cval" = 1 >

    < "FirewallDisableNotify" = 0 >

    < "AntiVirusDisableNotify" = 0 >

    < "UpdatesDisableNotify" = 0 >

    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]


    < "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] >

    < "AntiVirusOverride" = 0 >

    < "AntiSpywareOverride" = 0 >

    < "FirewallOverride" = 0 >

    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]


    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >

    < "FirewallDisableNotify" = 0 >

    < "AntiVirusDisableNotify" = 0 >

    < "UpdatesDisableNotify" = 0 >

    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >

    < >

    < ========== System Restore Settings ========== >
    Invalid Switch: color]


    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] >

    < "DisableSR" = 0 >

    < >

    < ========== Firewall Settings ========== >
    Invalid Switch: color]


    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
  15. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] >
    Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] >

    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] >

    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] >

    < >

    < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >

    < "EnableFirewall" = 1 >

    < "DisableNotifications" = 0 >

    < >

    < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >

    < "EnableFirewall" = 1 >

    < "DisableNotifications" = 0 >

    < >

    < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] >

    < >

    < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >

    < "EnableFirewall" = 1 >

    < "DisableNotifications" = 0 >

    < >

    < ========== Authorized Applications List ========== >
    Invalid Switch: color]


    < >

    < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] >

    < >

    < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] >

    < >

    < >

    < ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
    Invalid Switch: color]


    < >

    < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >

    < "{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs >

    < "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime >

    < "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager >

    < "{7FA24ACE-BF20-5570-F94A-3AE540223771}" = AMD Catalyst Install Manager >

    < "{B305CEFC-93A1-EF99-BFEF-CF7985E88D03}" = ccc-utility64 >

    < "{D0D59644-6282-D7C8-0EE3-4DDD7245C84C}" = AMD Media Foundation Decoders >

    < "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 >

    < "{DDB6F0B2-7EF7-8FD3-0B37-9C42DC9E1C74}" = AMD Drag and Drop Transcoding >

    < "{F5C71398-0779-7AF2-4C7A-B7E1E0A622A2}" = AMD Fuel >

    < "AntiFreeze_is1" = AntiFreeze 1.01 >

    < "CPUID HWMonitor_is1" = CPUID HWMonitor 1.18 >

    < "NVIDIA Drivers" = NVIDIA Drivers >

    < >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >

    < "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam >

    < "{0DF70CB6-553A-4C57-8E6D-876322ECFB78}" = REALTEK Wireless LAN Driver and Utility >

    < "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 >

    < "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding >

    < "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >

    < "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform >

    < "{22764EFF-300F-8F3D-564D-7A4C4662D120}" = CCC Help Polish >

    < "{2894AAC3-9A08-FF3A-6737-41A6178D0A09}" = CCC Help Chinese Standard >

    < "{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free >

    < "{3536AD21-940C-D198-DD10-078011A5C13B}" = CCC Help Thai >

    < "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup >

    < "{49D87A8F-D04F-7749-DD32-BDBF9B24B232}" = CCC Help Finnish >

    < "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml >

    < "{660C748F-A503-B771-7BD6-2D7C5AA1DBB4}" = CCC Help Dutch >

    < "{6E03FAB5-6253-58B8-B939-AA83F64C3278}" = CCC Help Swedish >

    < "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ >

    < "{7A75AFE3-A0C3-951D-4804-54721360FF90}" = CCC Help Hungarian >

    < "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software >

    < "{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}" = Nero 8 Essentials >

    < "{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision >

    < "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage >

    < "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 >

    < "{9F218882-4CF1-F411-111A-B9B68770C0CE}" = CCC Help Czech >

    < "{A1EF8DA8-E0CB-C805-4ACA-B7C028CF36F2}" = CCC Help Italian >

    < "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >

    < "{A9F27D99-8478-C124-8978-09595FA9D805}" = CCC Help Portuguese >

    < "{AAB0D88E-85D7-22CC-6935-0D2247152700}" = CCC Help French >

    < "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy >

    < "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 >

    < "{C104E9E6-F21E-2762-FBF0-6FE820B2D739}" = CCC Help Korean >

    < "{C5632631-95E3-4DAF-2EB1-487EBE04DE19}" = AMD VISION Engine Control Center >

    < "{C95E964C-FCF4-13DB-1445-4FA8062271F8}" = CCC Help Spanish >

    < "{D7A8C334-7974-54A4-6533-EB84D19D7133}" = CCC Help English >

    < "{D89F00EB-7868-A817-D618-AA446C0D56B3}" = CCC Help Chinese Traditional >

    < "{D9AB20FE-5267-7A1A-2064-8F18969DF88D}" = CCC Help German >

    < "{DA45F8EC-4226-EA6A-4DA9-F1148F801BDA}" = CCC Help Russian >

    < "{DA7747E1-1F8D-BBC5-BE66-00B21BE5B81B}" = CCC Help Turkish >

    < "{DADEC9BB-66FC-A3E4-8BC9-83E73BA1B5B2}" = CCC Help Greek >

    < "{DD0FDF02-6AA4-8C7D-AAB0-4C8C7207C0C1}" = CCC Help Japanese >

    < "{E0D5CB1C-7D35-709E-7F58-6CF6FFC3D6B7}" = Catalyst Control Center Graphics Previews Common >

    < "{EB20F561-2AF5-0368-E353-AF093FBBADC2}" = CCC Help Norwegian >

    < "{ECDE16E7-E3FC-F094-F14D-0326D03B9D96}" = Catalyst Control Center InstallProxy >

    < "{F38AF6F6-059C-C683-826F-00539526D86D}" = CCC Help Danish >

    < "{FCD58710-F023-E26C-6373-79C72FED0B90}" = Catalyst Control Center Localization All >

    < "ACDSee Trial Version" = ACDSee Trial Version >

    < "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin >

    < "AnVir Task Manager Free" = AnVir Task Manager Free >

    < "avast" = avast! Free Antivirus >

    < "Battlelog Web Plugins" = Battlelog Web Plugins >

    < "ESN Sonar-0.70.4" = ESN Sonar >

    < "Google Chrome" = Google Chrome >

    < "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager >

    < "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager >

    < "Internet Download Manager" = Internet Download Manager >

    < "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 >

    < "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) >

    < "ObjectDock Free" = ObjectDock Free >

    < "Origin" = Origin >

    < "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator >

    < "PunkBusterSvc" = PunkBuster Services >

    < "Steam App 24200" = DC Universe Online >

    < "uTorrent" = µTorrent >

    < "VLC media player" = VLC media player 1.1.11 >

    < "WinRAR archiver" = WinRAR archiver >

    < >

    < ========== Last 10 Event Log Errors ========== >
    Invalid Switch: color]


    < >

    < [ Application Events ] >

    < Error - 11/5/2011 6:22:26 AM | Computer Name = Jaime-PC | Source = SideBySide | ID = 16842832 >
    Invalid Switch: 2011 6:22:26 AM | Computer Name = Jaime-PC | Source = SideBySide | ID = 16842832


    < Description = Activation context generation failed for "D:\OCT 25 BACKUP\My Documents\Downloads\Programs\SoftonicDownloader_for_hjsplit.exe".Error >

    < in manifest or policy file "" on line . A component version required by the application >

    < conflicts with another component version already active. Conflicting components >

    < are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. >

    < Component >

    < 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. >

    < >

    < Error - 11/5/2011 6:25:05 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10 >
    Invalid Switch: 2011 6:25:05 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10


    < Description = >

    < >

    < Error - 11/5/2011 6:30:38 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10 >
    Invalid Switch: 2011 6:30:38 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10


    < Description = >

    < >

    < Error - 11/5/2011 7:03:49 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10 >
    Invalid Switch: 2011 7:03:49 AM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10


    < Description = >

    < >

    < Error - 11/5/2011 6:38:35 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10 >
    Invalid Switch: 2011 6:38:35 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10


    < Description = >

    < >

    < Error - 11/5/2011 7:57:48 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10 >
    Invalid Switch: 2011 7:57:48 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10


    < Description = >

    < >

    < Error - 11/5/2011 9:39:49 PM | Computer Name = Jaime-PC | Source = Application Error | ID = 1000 >
    Invalid Switch: 2011 9:39:49 PM | Computer Name = Jaime-PC | Source = Application Error | ID = 1000


    < Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: >

    < 0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, >

    < time stamp: 0x4ea790c9 Exception code: 0xc0000005 Fault offset: 0x6c9cf1e9 Faulting >

    < process id: 0x1494 Faulting application start time: 0x01cc9c218ffc6eea Faulting application >

    < path: c:\program files (x86)\steam\steamapps\jadariin2\team fortress 2\hl2.exe Faulting >

    < module path: filesystem_steam.dll Report Id: 36b45df7-0818-11e1-9fe7-002522183aa8 >

    < >

    < Error - 11/5/2011 10:04:49 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10 >
    Invalid Switch: 2011 10:04:49 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10


    < Description = >

    < >

    < Error - 11/5/2011 10:22:36 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10 >
    Invalid Switch: 2011 10:22:36 PM | Computer Name = Jaime-PC | Source = WinMgmt | ID = 10


    < Description = >

    < >

    < Error - 11/5/2011 11:21:57 PM | Computer Name = Jaime-PC | Source = Application Error | ID = 1000 >
    Invalid Switch: 2011 11:21:57 PM | Computer Name = Jaime-PC | Source = Application Error | ID = 1000


    < Description = Faulting application name: Origin.exe, version: 8.3.1.9, time stamp: >

    < 0x4ea09629 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: >

    < 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting process id: >

    < 0xb90 Faulting application start time: 0x01cc9c2af3a82306 Faulting application path: >

    < C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll >

    < Report >

    < Id: 7b4eb06b-0826-11e1-9767-002522183aa8 >

    < >

    < [ System Events ] >

    < Error - 11/5/2011 10:22:52 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001 >
    Invalid Switch: 2011 10:22:52 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001


    < Description = >

    < >

    < Error - 11/5/2011 10:23:30 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004 >
    Invalid Switch: 2011 10:23:30 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004


    < Description = >

    < >

    < Error - 11/5/2011 10:23:35 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 30013 >
    Invalid Switch: 2011 10:23:35 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 30013


    < Description = >

    < >

    < Error - 11/5/2011 10:23:47 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 30013 >
    Invalid Switch: 2011 10:23:47 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 30013


    < Description = >

    < >

    < Error - 11/5/2011 10:26:46 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001 >
    Invalid Switch: 2011 10:26:46 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001


    < Description = >

    < >

    < Error - 11/5/2011 11:20:40 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004 >
    Invalid Switch: 2011 11:20:40 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004


    < Description = >

    < >

    < Error - 11/5/2011 11:21:11 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001 >
    Invalid Switch: 2011 11:21:11 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001


    < Description = >

    < >

    < Error - 11/5/2011 11:21:41 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004 >
    Invalid Switch: 2011 11:21:41 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 31004


    < Description = >

    < >

    < Error - 11/5/2011 11:23:34 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001 >
    Invalid Switch: 2011 11:23:34 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001


    < Description = >

    < >

    < Error - 11/5/2011 11:25:48 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001 >
    Invalid Switch: 2011 11:25:48 PM | Computer Name = Jaime-PC | Source = ipnathlp | ID = 34001


    < Description = >

    < >

    < >

    < < End of report > >

    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Looks clean.

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  17. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
    Mozilla Firefox (3.5.6) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Spybot Teatimer.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````


    I havent run ESET yet since the site wont load for me. Anyway Ive managed to take a screenie which shows my pc automatically copying some files. Its been like that since the problem started but it wasnt like that before maybe it can offer some clues?

    [​IMG]
  18. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Try different browser.

    Also...

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  19. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    Here they are. Its still there.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...


    C:\Windows.old\Documents and Settings\Jaime\Local Settings\Temp\ICReinstall\cnet_powerpoint_to_pdf_converter_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Windows.old\Documents and Settings\Jaime\Local Settings\Temp\ICReinstall\Facemoods.exe probably a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
    C:\Windows.old\Documents and Settings\Jaime\My Documents\Downloads\Programs\cnet_powerpoint_to_pdf_converter_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Windows.old\Documents and Settings\Jaime\My Documents\Downloads\Programs\SoftonicDownloader_for_hjsplit.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    D:\OCT 25 BACKUP\My Documents\Downloads\Programs\cnet_powerpoint_to_pdf_converter_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    D:\OCT 25 BACKUP\My Documents\Downloads\Programs\SoftonicDownloader_for_hjsplit.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
  20. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    At this point your computer is perfectly clean, so your issue can't be malware related.

    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Same problem?
  21. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    Im using win7. I did what you said but enabled some of the basic processes I need to use for this pc. Since the sound is random. going to update you if I hear it again. At least I know my PC is clean *phew* :) I cant seem to enable avast now though. All shields are down.
  22. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    I think you misunderstood me.
    What I posted in my previous reply is for testing purposes only.
    Obviously some programs (for the period of testing time) will be disabled.

    All I want you to do is to strictly follow my previous reply and let me know if the issue is present.
    We'll go from there.
  23. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    Done what you said and been running the machine for an hour and havent encountered the sound :)
  24. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    OK, surely not an infection but one of your legit startups.

    For now.....

    Go back to "msconfig" and reverse all changes you just made.
    As I said it was for testing purposes only.

    Then complete final cleaning steps and when you're done we'll go back to your issue.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  25. jadariin

    jadariin Newcomer, in training Topic Starter Posts: 17

    After a day of usage, I can say the problem is solved. Thanks so much broni :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.