Jump to content

Think I have a rootkit... Help?


Recommended Posts

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

FRST:

Scan result of Farbar Recovery Scan Tool Version: 31-08-2012 01

Ran by SYSTEM at 31-08-2012 20:06:04

Running from G:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2012-06-27] ()

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9913376 2009-12-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)

HKU\Guest\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-05] (Valve Corporation)

HKU\S2161\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-05] (Valve Corporation)

HKU\S2161\...\Run: [Google Update] "C:\Users\S2161\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-31] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.6.0.2

Startup: C:\Users\S2161\Start Menu\Programs\Startup\Trillian.lnk

ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Services (Whitelisted) ======

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-29] ()

==================== Drivers (Whitelisted) ===================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-08-31 20:05 - 2012-08-31 20:06 - 00000000 ____D C:\FRST

2012-08-31 15:53 - 2012-08-31 15:53 - 01450731 ____A (Farbar) C:\Users\S2161\Desktop\FRST64.exe

2012-08-31 15:20 - 2012-08-31 15:20 - 00001903 ____A C:\Users\S2161\Desktop\RKreport[1].txt

2012-08-31 15:19 - 2012-08-31 15:20 - 00000000 ____D C:\Users\S2161\Desktop\RK_Quarantine

2012-08-31 15:18 - 2012-08-31 15:18 - 01376768 ____A C:\Users\S2161\Desktop\RogueKiller.exe

2012-08-31 14:52 - 2012-08-31 14:52 - 00016801 ____A C:\Users\S2161\Desktop\DDS.txt

2012-08-31 14:52 - 2012-08-31 14:52 - 00008791 ____A C:\Users\S2161\Desktop\Attach.txt

2012-08-31 14:51 - 2012-08-31 14:51 - 00607260 ____R (Swearware) C:\Users\S2161\Desktop\dds.scr

2012-08-31 14:39 - 2012-08-31 14:39 - 00000000 ____D C:\Windows\erdnt

2012-08-31 14:39 - 2012-08-31 14:39 - 00000000 ____D C:\Qoobox

2012-08-31 14:39 - 2012-08-31 14:39 - 00000000 ____D C:\ComboFix

2012-08-31 13:17 - 2012-08-31 13:17 - 00140363 ____A C:\Users\S2161\AppData\Local\census.cache

2012-08-31 13:16 - 2012-08-31 13:16 - 00072859 ____A C:\Users\S2161\AppData\Local\ars.cache

2012-08-31 13:11 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys

2012-08-31 13:10 - 2012-08-31 13:10 - 00000036 ____A C:\Users\S2161\AppData\Local\housecall.guid.cache

2012-08-31 13:01 - 2012-08-31 13:01 - 00822640 ____A C:\Windows\Minidump\083112-36114-01.dmp

2012-08-31 12:59 - 2012-08-31 12:59 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2012-08-31 12:58 - 2012-08-31 12:58 - 00000000 ____D C:\Program Files\ATI Technologies

2012-08-31 12:48 - 2012-08-31 12:48 - 00016738 ____A C:\Windows\SysWOW64\CCCInstall_201208311648584959.log

2012-08-31 12:44 - 2012-08-31 12:44 - 00822848 ____A C:\Windows\Minidump\083112-38641-01.dmp

2012-08-31 12:36 - 2012-08-31 12:36 - 00007655 ____A C:\Users\S2161\AppData\Local\Resmon.ResmonCfg

2012-08-31 12:34 - 2012-08-31 12:57 - 00000000 ____D C:\AMD

2012-08-31 06:02 - 2012-08-31 06:02 - 00002368 ____A C:\Users\S2161\Desktop\Google Chrome.lnk

2012-08-31 06:01 - 2012-08-31 15:06 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034583557-2001096619-60903949-1000UA.job

2012-08-31 06:01 - 2012-08-31 06:06 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034583557-2001096619-60903949-1000Core.job

2012-08-31 06:01 - 2012-08-31 06:01 - 00000000 ____D C:\Users\S2161\AppData\Local\Deployment

2012-08-31 06:01 - 2012-08-31 06:01 - 00000000 ____D C:\Users\S2161\AppData\Local\Apps\2.0

2012-08-31 04:15 - 2012-08-31 04:15 - 00000000 ____D C:\Windows\Sun

2012-08-30 18:13 - 2012-08-30 18:13 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Intel Corporation

2012-08-30 18:04 - 2012-08-30 18:04 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2012-08-30 18:04 - 2012-08-30 18:04 - 00000000 ____D C:\Program Files\Realtek

2012-08-30 18:04 - 2009-12-29 14:52 - 01694240 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll

2012-08-30 18:04 - 2009-12-29 14:52 - 00612384 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl

2012-08-30 18:04 - 2009-12-29 14:52 - 00332320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll

2012-08-30 18:04 - 2009-12-29 14:51 - 01638944 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll

2012-08-30 18:04 - 2009-12-29 14:51 - 01201184 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll

2012-08-30 18:04 - 2009-12-29 14:51 - 00477216 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll

2012-08-30 18:04 - 2009-12-29 14:51 - 00149536 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll

2012-08-30 18:04 - 2009-12-29 14:51 - 00068640 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInst64.dll

2012-08-30 18:04 - 2009-12-29 14:37 - 02231584 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys

2012-08-30 18:04 - 2009-12-23 19:26 - 00000520 ____A C:\Windows\System32\Drivers\RTEQEX0.dat

2012-08-30 18:04 - 2009-12-23 09:32 - 01312016 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:32 - 01164560 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:32 - 00463632 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:32 - 00303888 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:32 - 00257296 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:32 - 00123664 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll

2012-08-30 18:04 - 2009-12-23 09:31 - 01098512 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:31 - 00491792 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:31 - 00256784 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll

2012-08-30 18:04 - 2009-12-23 09:31 - 00121104 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll

2012-08-30 18:04 - 2009-12-21 07:25 - 00328096 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll

2012-08-30 18:04 - 2009-12-15 14:26 - 00372936 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll

2012-08-30 18:04 - 2009-12-15 14:26 - 00201928 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll

2012-08-30 18:04 - 2009-12-15 14:26 - 00099016 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll

2012-08-30 18:04 - 2009-12-15 14:26 - 00076488 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll

2012-08-30 18:04 - 2009-12-11 05:55 - 00307920 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll

2012-08-30 18:04 - 2009-12-11 05:55 - 00307920 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll

2012-08-30 18:04 - 2009-12-02 11:01 - 01691680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RHDMEx64.dll

2012-08-30 18:04 - 2009-12-02 11:01 - 01638432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkHDM64.dll

2012-08-30 18:04 - 2009-12-02 11:01 - 00213280 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtHDMIVX.sys

2012-08-30 18:04 - 2009-12-02 11:01 - 00064032 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RHCoInst64.dll

2012-08-30 18:04 - 2009-11-24 05:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll

2012-08-30 18:04 - 2009-11-24 05:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll

2012-08-30 18:04 - 2009-11-24 05:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll

2012-08-30 18:04 - 2009-11-24 05:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll

2012-08-30 18:04 - 2009-11-19 09:45 - 00001352 ____A C:\Windows\System32\Drivers\RtHdatEx.dat

2012-08-30 18:04 - 2009-11-19 09:44 - 00231056 ____A C:\Windows\System32\Drivers\RTConvEQ.dat

2012-08-30 18:04 - 2009-11-18 14:42 - 02719504 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll

2012-08-30 18:04 - 2009-11-18 14:42 - 02197264 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll

2012-08-30 18:04 - 2009-11-18 14:42 - 00325904 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll

2012-08-30 18:04 - 2009-11-17 14:12 - 00108960 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll

2012-08-30 18:04 - 2009-11-17 14:09 - 00168864 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll

2012-08-30 18:04 - 2009-03-09 01:32 - 00304640 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DAA64.dll

2012-08-30 18:04 - 2009-03-09 01:31 - 00304640 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DHT64.dll

2012-08-30 18:04 - 2008-08-21 09:43 - 00000520 ____A C:\Windows\System32\Drivers\RTEQEX2.dat

2012-08-30 18:04 - 2007-07-13 10:11 - 00000008 ____A C:\Windows\System32\Drivers\rtkhdaud.dat

2012-08-30 18:04 - 2005-06-27 01:29 - 00000520 ____A C:\Windows\System32\Drivers\RTEQEX1.dat

2012-08-30 18:03 - 2009-11-24 13:40 - 00838176 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll

2012-08-30 17:57 - 2009-12-17 06:42 - 00538136 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys

2012-08-30 11:00 - 2012-08-30 11:00 - 00002129 ____A C:\Users\Public\Desktop\Allegiance.lnk

2012-08-30 10:56 - 2012-08-30 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games

2012-08-30 06:29 - 2012-08-30 06:29 - 00000000 ____D C:\Users\All Users\EA Core

2012-08-30 06:28 - 2012-08-30 06:28 - 00000000 ____D C:\Users\S2161\Documents\BioWare

2012-08-30 06:00 - 2012-08-30 06:00 - 00001453 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk

2012-08-30 06:00 - 2012-08-30 06:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2012-08-29 18:56 - 2012-08-29 19:08 - 117652419 ____A C:\Users\S2161\Desktop\allegsetup262.exe

2012-08-29 18:26 - 2012-08-30 06:28 - 00000000 ____D C:\Users\S2161\AppData\Local\Origin

2012-08-29 18:26 - 2012-08-29 18:35 - 00000000 ____D C:\Program Files (x86)\Origin Games

2012-08-29 18:26 - 2012-08-29 18:26 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Origin

2012-08-29 18:23 - 2012-08-30 06:29 - 00000000 ____D C:\Users\All Users\Electronic Arts

2012-08-29 18:23 - 2012-08-29 18:27 - 00000000 ____D C:\Users\All Users\Origin

2012-08-29 18:23 - 2012-08-29 18:26 - 00000000 ____D C:\Program Files (x86)\Origin

2012-08-29 18:23 - 2012-08-29 18:23 - 00000533 ____A C:\Windows\KB893803v2.log

2012-08-29 15:49 - 2012-08-31 11:22 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-08-29 15:49 - 2012-08-29 15:49 - 00000000 ____D C:\Users\S2161\AppData\Local\PunkBuster

2012-08-29 15:23 - 2012-08-31 11:22 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-08-29 15:23 - 2012-08-29 15:49 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-08-29 15:23 - 2012-08-29 15:49 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-08-29 15:23 - 2012-08-29 14:29 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-08-29 14:17 - 2012-08-29 14:17 - 00000222 ____A C:\Users\S2161\Desktop\Blacklight Retribution.url

2012-08-29 12:37 - 2012-08-29 12:39 - 00000000 ____D C:\Users\S2161\Desktop\PowerDefragmenter

2012-08-29 12:37 - 2012-08-29 12:37 - 00419372 ____A C:\Users\S2161\Desktop\PowerDefragmenter.zip

2012-08-28 09:47 - 2012-08-28 09:47 - 00001841 ____A C:\Users\S2161\Desktop\Spark.lnk

2012-08-28 09:47 - 2012-08-28 09:47 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Spark

2012-08-28 09:46 - 2012-08-28 09:47 - 00000000 ____D C:\Program Files (x86)\Spark

2012-08-28 08:43 - 2012-08-28 08:43 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Foxit Software

2012-08-28 08:42 - 2012-08-28 08:42 - 00001126 ____A C:\Users\Public\Desktop\Foxit Reader.lnk

2012-08-28 08:42 - 2012-08-28 08:42 - 00000000 ____D C:\Program Files (x86)\Foxit Software

2012-08-28 08:10 - 2012-08-28 08:17 - 00000000 ____D C:\Users\S2161\AppData\Roaming\ts3overlay

2012-08-28 08:09 - 2012-08-28 08:32 - 00000000 ____D C:\Users\S2161\AppData\Roaming\TS3Client

2012-08-28 08:05 - 2012-08-28 08:05 - 00001211 ____A C:\Users\S2161\Desktop\TeamSpeak 3 Client.lnk

2012-08-28 08:05 - 2012-08-28 08:05 - 00000000 ____D C:\Users\S2161\AppData\Local\TeamSpeak 3 Client

2012-08-28 07:57 - 2012-08-28 07:59 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\S2161\Desktop\TeamSpeak3-Client-win64-3.0.8.1.exe

2012-08-27 16:49 - 2012-08-27 16:49 - 00002377 ____A C:\Users\S2161\Documents\MumbleAutomaticCertificateBackup.p12

2012-08-27 16:41 - 2012-08-31 13:04 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Mumble

2012-08-27 16:40 - 2012-08-27 16:40 - 00001014 ____A C:\Users\Public\Desktop\Mumble.lnk

2012-08-27 16:40 - 2012-08-27 16:40 - 00000000 ____D C:\Program Files (x86)\Mumble

2012-08-27 09:56 - 2012-08-27 09:57 - 00000000 ____D C:\Users\S2161\AppData\Local\TERA

2012-08-27 09:56 - 2012-08-27 09:56 - 00001876 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk

2012-08-27 09:07 - 2012-08-27 09:10 - 91575080 ____A (En Masse Entertainment) C:\Users\S2161\Desktop\TERA-Setup.exe

2012-08-27 09:05 - 2012-08-27 09:57 - 00000000 ____D C:\Program Files (x86)\TERA

2012-08-26 14:10 - 2012-08-26 14:10 - 00000000 ____D C:\Program Files\ATI

2012-08-26 14:03 - 2012-08-26 14:03 - 00016738 ____A C:\Windows\SysWOW64\CCCInstall_201208261803249786.log

2012-08-26 13:50 - 2012-08-31 13:01 - 00000000 ____D C:\Windows\Minidump

2012-08-26 13:50 - 2012-08-26 13:50 - 00823024 ____A C:\Windows\Minidump\082612-31293-01.dmp

2012-08-26 13:49 - 2012-08-31 13:01 - 380673302 ____A C:\Windows\MEMORY.DMP

2012-08-26 13:41 - 2012-08-26 13:41 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll

2012-08-26 13:40 - 2012-08-26 13:40 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll

2012-08-26 13:40 - 2012-08-26 13:40 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00204952 ____A C:\Windows\System32\ativvsvl.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00157144 ____A C:\Windows\System32\ativvsva.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00003917 ____A C:\Windows\SysWOW64\atipblag.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00003917 ____A C:\Windows\System32\atipblag.dat

2012-08-26 11:46 - 2012-08-26 11:46 - 00000000 ____D C:\Program Files\7-Zip

2012-08-15 12:25 - 2012-08-16 05:07 - 00000000 ____D C:\Users\S2161\Desktop\desmume-0.9.8-win64

2012-08-15 12:25 - 2012-08-15 12:26 - 52927754 ____A C:\Users\S2161\Desktop\DGEmu - 1549 - MegaMan ZX Advent (U)(Xenophobia).zip

2012-08-15 12:25 - 2012-08-15 12:26 - 43684351 ____A C:\Users\S2161\Desktop\DGEmu - 4986 - Megaman Zero Collection (U)(VENOM).zip

2012-08-15 12:25 - 2012-08-15 12:25 - 01549882 ____A C:\Users\S2161\Desktop\desmume-0.9.8-win64.zip

2012-08-12 17:13 - 2012-08-12 17:13 - 00000000 ____D C:\Users\S2161\Documents\Endless Space

2012-08-12 17:10 - 2010-06-02 00:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2012-08-12 17:10 - 2010-06-02 00:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll

2012-08-12 17:10 - 2010-06-02 00:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2012-08-12 17:10 - 2010-06-02 00:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll

2012-08-12 17:10 - 2010-06-02 00:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll

2012-08-12 17:10 - 2010-06-02 00:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2012-08-12 17:10 - 2010-05-26 07:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll

2012-08-12 17:10 - 2010-02-04 06:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2012-08-12 17:10 - 2009-09-04 13:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll

2012-08-12 17:10 - 2009-09-04 13:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2012-08-12 17:10 - 2009-09-04 13:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2012-08-12 17:10 - 2009-09-04 13:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll

2012-08-12 17:10 - 2009-09-04 13:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll

2012-08-12 17:10 - 2009-09-04 13:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll

2012-08-12 17:10 - 2009-09-04 13:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2012-08-12 17:10 - 2009-03-16 10:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll

2012-08-12 17:10 - 2009-03-16 10:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2012-08-12 17:10 - 2009-03-16 10:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2012-08-12 17:10 - 2009-03-16 10:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll

2012-08-12 17:10 - 2009-03-16 10:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll

2012-08-12 17:10 - 2009-03-16 10:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2012-08-12 17:10 - 2009-03-09 11:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll

2012-08-12 17:10 - 2009-03-09 11:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2012-08-12 17:10 - 2009-03-09 11:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll

2012-08-12 17:10 - 2009-03-09 11:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2012-08-12 17:10 - 2009-03-09 11:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll

2012-08-12 17:10 - 2009-03-09 11:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll

2012-08-12 17:10 - 2008-10-27 06:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2012-08-12 17:10 - 2008-10-15 02:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll

2012-08-12 17:10 - 2008-10-15 02:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2012-08-12 17:10 - 2008-10-15 02:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll

2012-08-12 17:10 - 2008-10-15 02:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2012-08-12 17:10 - 2008-10-15 02:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll

2012-08-12 17:10 - 2008-10-15 02:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2012-08-12 17:10 - 2008-07-31 06:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2012-08-12 17:10 - 2008-07-31 06:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll

2012-08-12 17:10 - 2008-07-31 06:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll

2012-08-12 17:10 - 2008-07-31 06:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2012-08-12 17:10 - 2008-07-31 06:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll

2012-08-12 17:10 - 2008-07-31 06:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2012-08-12 17:10 - 2008-07-10 07:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2012-08-12 17:10 - 2008-07-10 07:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll

2012-08-12 17:10 - 2008-07-10 07:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2012-08-12 17:10 - 2008-07-10 07:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll

2012-08-12 17:10 - 2008-07-10 07:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2012-08-12 17:10 - 2008-07-10 07:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll

2012-08-12 17:10 - 2008-05-30 10:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll

2012-08-12 17:10 - 2008-05-30 10:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2012-08-12 17:10 - 2008-05-30 10:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2012-08-12 17:10 - 2008-05-30 10:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll

2012-08-12 17:10 - 2008-05-30 10:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll

2012-08-12 17:10 - 2008-05-30 10:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2012-08-12 17:10 - 2008-05-30 10:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2012-08-12 17:10 - 2008-05-30 10:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll

2012-08-12 17:10 - 2008-05-30 10:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll

2012-08-12 17:10 - 2008-05-30 10:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2012-08-12 17:10 - 2008-05-30 10:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll

2012-08-12 17:10 - 2008-05-30 10:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2012-08-12 17:10 - 2008-05-30 10:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll

2012-08-12 17:10 - 2008-05-30 10:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2012-08-12 17:10 - 2008-03-05 12:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll

2012-08-12 17:10 - 2008-03-05 12:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2012-08-12 17:10 - 2008-03-05 12:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2012-08-12 17:10 - 2008-03-05 12:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll

2012-08-12 17:10 - 2008-03-05 12:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll

2012-08-12 17:10 - 2008-03-05 12:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2012-08-12 17:10 - 2008-03-05 11:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll

2012-08-12 17:10 - 2008-03-05 11:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2012-08-12 17:10 - 2008-03-05 11:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll

2012-08-12 17:10 - 2008-03-05 11:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2012-08-12 17:10 - 2008-02-05 19:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll

2012-08-12 17:10 - 2008-02-05 19:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2012-08-12 17:10 - 2007-10-21 23:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll

2012-08-12 17:10 - 2007-10-21 23:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2012-08-12 17:10 - 2007-10-21 23:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll

2012-08-12 17:10 - 2007-10-21 23:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2012-08-12 17:10 - 2007-10-12 11:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll

2012-08-12 17:10 - 2007-10-12 11:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2012-08-12 17:10 - 2007-10-12 11:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll

2012-08-12 17:10 - 2007-10-12 11:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2012-08-12 17:10 - 2007-10-02 05:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll

2012-08-12 17:10 - 2007-10-02 05:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2012-08-12 17:10 - 2007-07-19 20:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll

2012-08-12 17:10 - 2007-07-19 20:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2012-08-12 17:10 - 2007-07-19 14:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll

2012-08-12 17:10 - 2007-07-19 14:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2012-08-12 17:10 - 2007-07-19 14:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll

2012-08-12 17:10 - 2007-07-19 14:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2012-08-12 17:10 - 2007-07-19 14:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll

2012-08-12 17:10 - 2007-07-19 14:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2012-08-12 17:10 - 2007-06-20 16:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll

2012-08-12 17:10 - 2007-06-20 16:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2012-08-12 17:10 - 2007-05-16 12:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll

2012-08-12 17:10 - 2007-05-16 12:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2012-08-12 17:10 - 2007-05-16 12:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll

2012-08-12 17:10 - 2007-05-16 12:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2012-08-12 17:10 - 2007-05-16 12:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll

2012-08-12 17:10 - 2007-05-16 12:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2012-08-12 17:10 - 2007-04-04 14:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll

2012-08-12 17:10 - 2007-04-04 14:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2012-08-12 17:10 - 2007-04-04 14:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll

2012-08-12 17:10 - 2007-03-15 12:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll

2012-08-12 17:10 - 2007-03-15 12:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2012-08-12 17:10 - 2007-03-12 12:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll

2012-08-12 17:10 - 2007-03-12 12:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2012-08-12 17:10 - 2007-03-12 12:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll

2012-08-12 17:10 - 2007-03-12 12:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2012-08-12 17:10 - 2007-03-05 08:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll

2012-08-12 17:10 - 2007-03-05 08:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2012-08-12 17:10 - 2007-01-24 11:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll

2012-08-12 17:10 - 2007-01-24 11:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2012-08-12 17:10 - 2006-12-08 08:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2012-08-12 17:10 - 2006-12-08 08:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll

2012-08-12 17:10 - 2006-11-29 09:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll

2012-08-12 17:10 - 2006-11-29 09:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2012-08-12 17:10 - 2006-11-29 09:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll

2012-08-12 17:10 - 2006-11-29 09:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2012-08-12 17:10 - 2006-09-28 12:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll

2012-08-12 17:10 - 2006-09-28 12:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2012-08-12 17:10 - 2006-09-28 12:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll

2012-08-12 17:10 - 2006-07-28 05:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll

2012-08-12 17:10 - 2006-07-28 05:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll

2012-08-12 17:10 - 2006-07-28 05:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2012-08-12 17:10 - 2006-07-28 05:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2012-08-12 17:10 - 2006-05-31 03:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2012-08-12 17:10 - 2006-05-31 03:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll

2012-08-12 17:10 - 2006-03-31 08:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll

2012-08-12 17:10 - 2006-03-31 08:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2012-08-12 17:09 - 2012-08-30 05:59 - 00171034 ____A C:\Windows\DirectX.log

2012-08-12 17:09 - 2006-03-31 08:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll

2012-08-12 17:09 - 2006-03-31 08:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2012-08-12 17:09 - 2006-03-31 08:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll

2012-08-12 17:09 - 2006-03-31 08:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2012-08-12 17:09 - 2006-02-03 04:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll

2012-08-12 17:09 - 2006-02-03 04:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2012-08-12 17:09 - 2006-02-03 04:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll

2012-08-12 17:09 - 2006-02-03 04:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2012-08-12 17:09 - 2006-02-03 04:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll

2012-08-12 17:09 - 2006-02-03 04:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2012-08-12 17:09 - 2005-12-05 14:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll

2012-08-12 17:09 - 2005-12-05 14:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2012-08-12 17:09 - 2005-07-22 15:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll

2012-08-12 17:09 - 2005-07-22 15:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2012-08-12 17:09 - 2005-05-26 11:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll

2012-08-12 17:09 - 2005-05-26 11:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2012-08-12 17:09 - 2005-03-18 13:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll

2012-08-12 17:09 - 2005-03-18 13:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2012-08-12 17:09 - 2005-02-05 15:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll

2012-08-12 17:09 - 2005-02-05 15:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2012-08-12 16:23 - 2012-08-12 16:38 - 00000000 ____D C:\Users\S2161\Desktop\SmashLand-Final-1-0

2012-08-12 16:14 - 2012-08-12 16:17 - 18879992 ____A C:\Users\S2161\Desktop\SmashLand-Final-1-0.zip

2012-08-12 14:04 - 2012-08-31 08:26 - 00129024 __ASH C:\Users\S2161\Desktop\Thumbs.db

2012-08-12 07:43 - 2012-08-12 07:43 - 00000000 ____D C:\Users\S2161\AppData\Local\CrashRpt

2012-08-12 07:38 - 2012-08-12 07:38 - 00000000 ____D C:\Users\S2161\Documents\Square Enix

2012-08-12 07:38 - 2009-09-04 13:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2012-08-12 07:38 - 2007-04-04 14:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2012-08-12 07:36 - 2012-08-12 07:43 - 00000000 ____D C:\Users\S2161\Desktop\new_new_client

2012-08-11 18:11 - 2012-08-11 18:38 - 00000000 ____D C:\Users\All Users\Adobe

2012-08-11 18:06 - 2012-08-11 18:06 - 01018074 ____A C:\Users\S2161\Desktop\new_new_client.zip

2012-08-10 10:14 - 2012-08-10 10:14 - 00000000 ____D C:\Users\S2161\Documents\EVE

2012-08-10 10:14 - 2012-08-10 10:14 - 00000000 ____D C:\Users\All Users\CCP

2012-08-10 09:51 - 2012-08-10 09:51 - 00002027 ____A C:\Users\S2161\Desktop\EVE Online Launcher.lnk

2012-08-10 09:51 - 2012-08-10 09:51 - 00000000 ____D C:\Users\S2161\AppData\Local\CCP

2012-08-09 05:28 - 2012-08-09 05:28 - 00000222 ____A C:\Users\S2161\Desktop\Endless Space.url

2012-08-09 05:28 - 2010-05-26 07:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2012-08-09 05:28 - 2010-05-26 07:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2012-08-09 05:25 - 2012-08-09 05:25 - 00000222 ____A C:\Users\S2161\Desktop\Terraria.url

2012-08-09 05:25 - 2012-08-09 05:25 - 00000193 ____A C:\Users\S2161\Desktop\Cave Story+.url

2012-08-09 05:24 - 2012-08-09 05:24 - 00000222 ____A C:\Users\S2161\Desktop\Ys The Oath in Felghana.url

2012-08-09 05:22 - 2012-08-09 05:22 - 00000222 ____A C:\Users\S2161\Desktop\Ys Origin.url

2012-08-09 05:21 - 2012-08-09 05:21 - 00000221 ____A C:\Users\S2161\Desktop\Beat Hazard.url

2012-08-08 19:42 - 2012-08-29 16:47 - 00000000 ____D C:\Users\S2161\AppData\Roaming\vlc

2012-08-08 19:28 - 2012-08-08 20:02 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Skype

2012-08-08 19:27 - 2012-08-08 19:28 - 00000000 ____D C:\Users\All Users\Skype

2012-08-08 19:27 - 2012-08-08 19:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2012-08-08 19:27 - 2012-08-08 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype

2012-08-07 16:17 - 2012-08-31 08:25 - 00012912 ____A C:\Windows\PFRO.log

2012-08-06 23:50 - 2012-08-06 23:50 - 00000000 ____D C:\Users\S2161\AppData\Roaming\LibreOffice

2012-08-06 23:39 - 2012-08-06 23:39 - 00001096 ____A C:\Users\Public\Desktop\LibreOffice 3.5.lnk

2012-08-06 23:38 - 2012-08-06 23:39 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.5

2012-08-06 19:42 - 2012-08-06 19:42 - 00000000 ____D C:\Program Files (x86)\CCP

2012-08-05 18:51 - 2012-08-05 19:45 - 211628032 ____A C:\Users\S2161\Desktop\LibO_3.5.5_Win_x86_install_multi.msi

2012-08-05 18:07 - 2012-08-05 18:07 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk

2012-08-05 18:07 - 2009-09-04 13:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2012-08-05 18:07 - 2006-09-28 12:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2012-08-05 18:06 - 2012-08-05 18:06 - 00000000 ____D C:\Program Files (x86)\Winamp Detect

2012-08-05 18:06 - 2012-08-05 18:06 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2012-08-05 18:05 - 2012-08-31 06:14 - 00000000 ____D C:\Program Files (x86)\Funmoods

2012-08-05 18:05 - 2012-08-31 06:01 - 00000000 ____D C:\Users\S2161\AppData\Local\Google

2012-08-05 18:05 - 2012-08-27 13:11 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Winamp

2012-08-05 18:05 - 2012-08-05 18:07 - 00000000 ____D C:\Program Files (x86)\Winamp

2012-08-05 18:05 - 2012-08-05 18:05 - 00384844 ____A C:\Users\S2161\AppData\Local\funmoods-speeddial.crx

2012-08-05 18:02 - 2012-08-31 14:37 - 00000000 ____D C:\Program Files (x86)\Steam

2012-08-05 18:02 - 2012-08-05 18:02 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk

2012-08-05 17:02 - 2012-08-29 16:47 - 00000000 ____D C:\Users\S2161\Desktop\Drop In

2012-08-05 17:01 - 2012-08-05 17:01 - 00000000 ___AH C:\Users\S2161\Documents\Default.rdp

2012-08-04 20:40 - 2012-08-04 20:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2012-08-04 20:38 - 2009-12-11 12:25 - 07367200 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll

2012-08-04 20:38 - 2009-12-11 12:25 - 07367200 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSUSTORicon.dll

2012-08-04 20:38 - 2009-12-11 12:25 - 00232992 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys

2012-08-04 20:38 - 2009-12-11 12:24 - 00422432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStor.dll

2012-08-04 13:53 - 2012-08-04 13:53 - 00000000 ____D C:\Users\S2161\AppData\Roaming\Malwarebytes

2012-08-04 13:52 - 2012-08-04 13:52 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-04 13:52 - 2012-08-04 13:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-04 13:52 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-04 13:31 - 2012-08-04 13:31 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

==================== 3 Months Modified Files ================================

2012-08-31 15:56 - 2009-07-13 21:13 - 00777976 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-31 15:53 - 2012-08-31 15:53 - 01450731 ____A (Farbar) C:\Users\S2161\Desktop\FRST64.exe

2012-08-31 15:20 - 2012-08-31 15:20 - 00001903 ____A C:\Users\S2161\Desktop\RKreport[1].txt

2012-08-31 15:18 - 2012-08-31 15:18 - 01376768 ____A C:\Users\S2161\Desktop\RogueKiller.exe

2012-08-31 15:06 - 2012-08-31 06:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034583557-2001096619-60903949-1000UA.job

2012-08-31 14:52 - 2012-08-31 14:52 - 00016801 ____A C:\Users\S2161\Desktop\DDS.txt

2012-08-31 14:52 - 2012-08-31 14:52 - 00008791 ____A C:\Users\S2161\Desktop\Attach.txt

2012-08-31 14:51 - 2012-08-31 14:51 - 00607260 ____R (Swearware) C:\Users\S2161\Desktop\dds.scr

2012-08-31 14:44 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-31 14:44 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-31 14:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-31 14:36 - 2009-07-13 20:51 - 00020960 ____A C:\Windows\setupact.log

2012-08-31 13:17 - 2012-08-31 13:17 - 00140363 ____A C:\Users\S2161\AppData\Local\census.cache

2012-08-31 13:16 - 2012-08-31 13:16 - 00072859 ____A C:\Users\S2161\AppData\Local\ars.cache

2012-08-31 13:10 - 2012-08-31 13:10 - 00000036 ____A C:\Users\S2161\AppData\Local\housecall.guid.cache

2012-08-31 13:03 - 2012-06-27 20:11 - 00142333 ____A C:\Windows\WindowsUpdate.log

2012-08-31 13:01 - 2012-08-31 13:01 - 00822640 ____A C:\Windows\Minidump\083112-36114-01.dmp

2012-08-31 13:01 - 2012-08-26 13:49 - 380673302 ____A C:\Windows\MEMORY.DMP

2012-08-31 12:48 - 2012-08-31 12:48 - 00016738 ____A C:\Windows\SysWOW64\CCCInstall_201208311648584959.log

2012-08-31 12:44 - 2012-08-31 12:44 - 00822848 ____A C:\Windows\Minidump\083112-38641-01.dmp

2012-08-31 12:36 - 2012-08-31 12:36 - 00007655 ____A C:\Users\S2161\AppData\Local\Resmon.ResmonCfg

2012-08-31 11:22 - 2012-08-29 15:49 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-08-31 11:22 - 2012-08-29 15:23 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-08-31 08:26 - 2012-08-12 14:04 - 00129024 __ASH C:\Users\S2161\Desktop\Thumbs.db

2012-08-31 08:25 - 2012-08-07 16:17 - 00012912 ____A C:\Windows\PFRO.log

2012-08-31 06:06 - 2012-08-31 06:01 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034583557-2001096619-60903949-1000Core.job

2012-08-31 06:02 - 2012-08-31 06:02 - 00002368 ____A C:\Users\S2161\Desktop\Google Chrome.lnk

2012-08-30 11:00 - 2012-08-30 11:00 - 00002129 ____A C:\Users\Public\Desktop\Allegiance.lnk

2012-08-30 06:00 - 2012-08-30 06:00 - 00001453 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk

2012-08-30 05:59 - 2012-08-12 17:09 - 00171034 ____A C:\Windows\DirectX.log

2012-08-29 19:08 - 2012-08-29 18:56 - 117652419 ____A C:\Users\S2161\Desktop\allegsetup262.exe

2012-08-29 18:23 - 2012-08-29 18:23 - 00000533 ____A C:\Windows\KB893803v2.log

2012-08-29 15:49 - 2012-08-29 15:23 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-08-29 15:49 - 2012-08-29 15:23 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-08-29 14:29 - 2012-08-29 15:23 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-08-29 14:17 - 2012-08-29 14:17 - 00000222 ____A C:\Users\S2161\Desktop\Blacklight Retribution.url

2012-08-29 12:37 - 2012-08-29 12:37 - 00419372 ____A C:\Users\S2161\Desktop\PowerDefragmenter.zip

2012-08-28 09:47 - 2012-08-28 09:47 - 00001841 ____A C:\Users\S2161\Desktop\Spark.lnk

2012-08-28 08:42 - 2012-08-28 08:42 - 00001126 ____A C:\Users\Public\Desktop\Foxit Reader.lnk

2012-08-28 08:05 - 2012-08-28 08:05 - 00001211 ____A C:\Users\S2161\Desktop\TeamSpeak 3 Client.lnk

2012-08-28 07:59 - 2012-08-28 07:57 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\S2161\Desktop\TeamSpeak3-Client-win64-3.0.8.1.exe

2012-08-27 16:49 - 2012-08-27 16:49 - 00002377 ____A C:\Users\S2161\Documents\MumbleAutomaticCertificateBackup.p12

2012-08-27 16:40 - 2012-08-27 16:40 - 00001014 ____A C:\Users\Public\Desktop\Mumble.lnk

2012-08-27 09:56 - 2012-08-27 09:56 - 00001876 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk

2012-08-27 09:10 - 2012-08-27 09:07 - 91575080 ____A (En Masse Entertainment) C:\Users\S2161\Desktop\TERA-Setup.exe

2012-08-26 14:03 - 2012-08-26 14:03 - 00016738 ____A C:\Windows\SysWOW64\CCCInstall_201208261803249786.log

2012-08-26 13:50 - 2012-08-26 13:50 - 00823024 ____A C:\Windows\Minidump\082612-31293-01.dmp

2012-08-26 13:41 - 2012-08-26 13:41 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll

2012-08-26 13:40 - 2012-08-26 13:40 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll

2012-08-26 13:40 - 2012-08-26 13:40 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00204952 ____A C:\Windows\System32\ativvsvl.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00157144 ____A C:\Windows\System32\ativvsva.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00003917 ____A C:\Windows\SysWOW64\atipblag.dat

2012-08-26 13:40 - 2012-08-26 13:40 - 00003917 ____A C:\Windows\System32\atipblag.dat

2012-08-15 12:26 - 2012-08-15 12:25 - 52927754 ____A C:\Users\S2161\Desktop\DGEmu - 1549 - MegaMan ZX Advent (U)(Xenophobia).zip

2012-08-15 12:26 - 2012-08-15 12:25 - 43684351 ____A C:\Users\S2161\Desktop\DGEmu - 4986 - Megaman Zero Collection (U)(VENOM).zip

2012-08-15 12:25 - 2012-08-15 12:25 - 01549882 ____A C:\Users\S2161\Desktop\desmume-0.9.8-win64.zip

2012-08-12 16:17 - 2012-08-12 16:14 - 18879992 ____A C:\Users\S2161\Desktop\SmashLand-Final-1-0.zip

2012-08-11 18:13 - 2012-06-28 20:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-11 18:13 - 2012-06-28 20:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-11 18:06 - 2012-08-11 18:06 - 01018074 ____A C:\Users\S2161\Desktop\new_new_client.zip

2012-08-10 09:51 - 2012-08-10 09:51 - 00002027 ____A C:\Users\S2161\Desktop\EVE Online Launcher.lnk

2012-08-09 05:28 - 2012-08-09 05:28 - 00000222 ____A C:\Users\S2161\Desktop\Endless Space.url

2012-08-09 05:25 - 2012-08-09 05:25 - 00000222 ____A C:\Users\S2161\Desktop\Terraria.url

2012-08-09 05:25 - 2012-08-09 05:25 - 00000193 ____A C:\Users\S2161\Desktop\Cave Story+.url

2012-08-09 05:24 - 2012-08-09 05:24 - 00000222 ____A C:\Users\S2161\Desktop\Ys The Oath in Felghana.url

2012-08-09 05:22 - 2012-08-09 05:22 - 00000222 ____A C:\Users\S2161\Desktop\Ys Origin.url

2012-08-09 05:21 - 2012-08-09 05:21 - 00000221 ____A C:\Users\S2161\Desktop\Beat Hazard.url

2012-08-08 19:27 - 2012-08-08 19:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2012-08-07 16:32 - 2012-06-27 19:05 - 00067392 ____A C:\Users\S2161\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-07 16:17 - 2009-07-13 20:45 - 00310912 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-06 23:39 - 2012-08-06 23:39 - 00001096 ____A C:\Users\Public\Desktop\LibreOffice 3.5.lnk

2012-08-05 19:45 - 2012-08-05 18:51 - 211628032 ____A C:\Users\S2161\Desktop\LibO_3.5.5_Win_x86_install_multi.msi

2012-08-05 18:07 - 2012-08-05 18:07 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk

2012-08-05 18:05 - 2012-08-05 18:05 - 00384844 ____A C:\Users\S2161\AppData\Local\funmoods-speeddial.crx

2012-08-05 18:02 - 2012-08-05 18:02 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk

2012-08-05 17:01 - 2012-08-05 17:01 - 00000000 ___AH C:\Users\S2161\Documents\Default.rdp

2012-08-04 20:40 - 2012-08-04 20:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2012-08-04 13:41 - 2012-07-10 04:21 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job

2012-07-27 20:09 - 2012-07-27 20:09 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

2012-07-27 20:07 - 2012-07-27 20:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys

2012-07-27 19:43 - 2012-07-27 19:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll

2012-07-27 19:19 - 2012-07-27 19:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll

2012-07-27 18:50 - 2012-07-27 18:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb

2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb

2012-07-27 18:15 - 2012-07-27 18:15 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2012-07-27 18:15 - 2012-07-27 18:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe

2012-07-27 18:13 - 2012-07-27 18:13 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll

2012-07-27 18:10 - 2012-07-27 18:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe

2012-07-27 18:10 - 2012-07-27 18:10 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll

2012-07-27 18:09 - 2012-07-27 18:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe

2012-07-27 18:08 - 2012-07-27 18:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll

2012-07-27 18:08 - 2012-07-27 18:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll

2012-07-27 18:07 - 2012-07-27 18:07 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2012-07-27 18:07 - 2012-07-27 18:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll

2012-07-27 18:07 - 2012-07-27 18:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll

2012-07-27 17:51 - 2012-07-27 17:51 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll

2012-07-27 17:41 - 2012-07-27 17:41 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll

2012-07-27 17:39 - 2012-07-27 17:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap

2012-07-27 17:35 - 2012-07-27 17:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll

2012-07-27 17:35 - 2012-07-27 17:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll

2012-07-27 17:35 - 2012-07-27 17:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll

2012-07-27 17:35 - 2012-07-27 17:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll

2012-07-27 17:34 - 2012-07-27 17:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll

2012-07-27 17:32 - 2012-07-27 17:32 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

2012-07-27 17:30 - 2012-07-27 17:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

2012-07-27 17:30 - 2012-07-27 17:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap

2012-07-27 17:25 - 2012-07-27 17:25 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll

2012-07-27 17:15 - 2012-07-27 17:15 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll

2012-07-27 17:15 - 2012-07-27 17:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2012-07-27 17:15 - 2012-07-27 17:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll

2012-07-27 17:15 - 2012-07-27 17:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll

2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll

2012-07-27 17:14 - 2012-07-27 17:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys

2012-07-27 17:14 - 2012-07-27 17:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2012-07-27 17:13 - 2012-07-27 17:13 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll

2012-07-27 17:13 - 2012-07-27 17:13 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2012-07-27 17:13 - 2012-07-27 17:13 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll

2012-07-27 17:13 - 2012-07-27 17:13 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

2012-07-27 17:12 - 2012-07-27 17:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll

2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll

2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll

2012-07-16 01:33 - 2012-07-16 01:33 - 00038557 ____A C:\Windows\atiogl.xml

2012-07-03 09:46 - 2012-08-04 13:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-30 16:02 - 2012-06-30 16:02 - 00057968 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-28 19:49 - 2012-06-28 19:49 - 00000020 __ASH C:\Users\Guest\ntuser.ini

2012-06-27 21:07 - 2012-06-27 21:07 - 00008192 _RASH C:\BOOTSECT.BAK

2012-06-27 21:07 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG

2012-06-27 21:07 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template

2012-06-27 20:10 - 2012-06-27 20:10 - 00001313 ____A C:\Windows\TSSysprep.log

2012-06-27 20:10 - 2009-07-13 20:46 - 00001774 ____A C:\Windows\DtcInstall.log

2012-06-27 19:08 - 2012-06-27 19:08 - 00003584 ____A C:\Users\S2161\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-27 19:04 - 2012-06-27 19:04 - 00000000 ____A C:\Windows\ativpsrm.bin

2012-06-27 18:59 - 2012-06-27 18:58 - 00005786 ____A C:\Windows\DPINST.LOG

2012-06-27 18:58 - 2012-06-27 18:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf

2012-06-27 18:54 - 2012-06-27 18:55 - 00206208 ____A () C:\Windows\PLFSetI.exe

2012-06-27 18:54 - 2012-06-27 18:55 - 00000302 ____A C:\Windows\PidList_C.ini

2012-06-27 18:23 - 2012-06-27 18:21 - 00007369 ____A C:\Users\S2161\AppData\Local\HWVendorDetection.log

2012-06-27 18:21 - 2012-06-27 18:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-06-27 18:09 - 2012-06-27 18:09 - 00000020 ___SH C:\Users\S2161\ntuser.ini

2012-06-27 18:08 - 2012-06-27 18:08 - 00772430 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-06-27 17:59 - 2012-06-27 17:59 - 00411368 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-06-27 17:59 - 2012-06-27 17:59 - 00153376 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-06-27 17:59 - 2012-06-27 17:59 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-06-27 17:59 - 2012-06-27 17:59 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-06-04 23:37 - 2012-08-31 13:11 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-29 15:23:04

Restore point made on: 2012-08-30 05:58:24

Restore point made on: 2012-08-31 12:40:49

==================== Memory info ===========================

Percentage of memory in use: 13%

Total physical RAM: 3958.71 MB

Available physical RAM: 3408.3 MB

Total Pagefile: 3956.86 MB

Available Pagefile: 3402.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:283.99 GB) (Free:155.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:1.79 GB) NTFS

5 Drive g: () (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 3863 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 14 GB 31 KB

Partition 2 Primary 101 MB 14 GB

Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E PQSERVICE NTFS Partition 14 GB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RAW Partition 101 MB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3863 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT32 Removable 3863 MB Healthy

==================================================================================

Last Boot: 2012-08-26 20:37

==================== End Of Log =============================

Search:

Farbar Recovery Scan Tool Version: 31-08-2012 01

Ran by SYSTEM at 2012-08-31 20:08:21

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Link to post
Share on other sites

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

I wanted to run ComboFix but there seems to be a problem when run on a system that's on a network, so we'll skip that for now.

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Reboot and scan the system with RogueKiller again and post the new log.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Nothing came up in the MBAM scan. However on startup it said it detected the rootkit starting up and stopped it. I selected the quarantine option and went ahead with the scan. Log from Rouge Killer attached.

If needed I can disconnect the infected machine from any network and remove any homegroup associated (It has one that I used at home but I have no use for it anymore).

RKreport2.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~~~~~~

What anti-virus program are you using??

MrC

Link to post
Share on other sites

Malwarebytes is great but not a substitute for an anti-virus program.

It's designed to work along side your anti-virus program.

I suggest you install Avast (free), update it and run a scan. (it may find items already quarantined by some of the other programs we have run)

http://www.avast.com/en-us/index

Let me know

Link to post
Share on other sites

Did another quickscan with avast after quarentining the files found from the first scan (one file was unaffected but in another programs quarentine), no threats found. No popups about rootkits from either avast or MBAM, no more redirects. I will be back tommorow for any further instruction, until then I'll just leave it turned off and disconnected from any network. Thank you very much for your help so far!

(Sorry about yet another double post).

Link to post
Share on other sites

If it's OK.............

Lets check your computers security before you go:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.49

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 20

Java version out of Date!

Adobe Flash Player 11.3.300.268 Flash Player out of Date!

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 10%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Windows 7 x64 (UAC is enabled)

Out of date service pack!! <-----need to update windows

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java™ 6 Update 20 <---uninstall from add/remove programs <> install the latest version

Java version out of Date!

Adobe Flash Player 11.3.300.268 Flash Player out of Date! <---update

Google Chrome 21.0.1180.89

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance below.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.