dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5534
Majawba
join:2012-09-26
Brockton, MA

1 edit

Majawba

Member

[Virus] My browsers were Hijacked

Didn't matter which Browser I used - IE, Firefox, Chrome
I would google something, then when I tried to follow the link I was redirected to a spammy site.
I followed all the steps in the "before you post" FAQ. So I will now post those logs below.

So my question is did I get everything cleaned out?
Majawba

Majawba

Member

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steve :: MININT-219G9RR [administrator]

9/25/2012 10:53:14 PM
mbam-log-2012-09-25 (22-53-14).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426038
Time elapsed: 52 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-943956546-1219100726-2847664145-1002\$897557db40356dc477bcd07a7131fdbe\n (Trojan.0Access) -> Delete on reboot.
C:\Users\Steve\Downloads\7zip_installer_d154745.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Steve\Downloads\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Steve\Downloads\Softango_VideoConverter_Multi.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

(end)

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

otl

OTL logfile created on: 9/26/2012 6:29:20 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 77.39% Memory free
15.73 Gb Paging File | 13.76 Gb Available in Paging File | 87.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.84 Gb Total Space | 466.08 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.50 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
Drive E: | 139.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-219G9RR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/09/25 21:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2012/07/30 22:25:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/23 18:11:43 | 000,162,032 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/06/14 18:42:37 | 001,530,608 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/06/14 18:42:36 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2012/09/07 20:53:56 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/12/01 15:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [On_Demand | Stopped] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 12:44:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/30 22:25:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/01 10:06:44 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/24 16:09:00 | 004,164,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/07/23 18:11:43 | 000,162,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/06/14 18:42:37 | 001,530,608 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/06/14 18:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/27 12:13:28 | 000,061,440 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/11/18 11:30:18 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/12 15:07:19 | 000,038,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/03/02 22:34:09 | 000,141,304 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2010/03/02 22:34:09 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2009/11/21 17:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 07:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/26 16:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/24 19:28:52 | 000,036,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 19:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009/02/17 19:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\..\SearchScopes,DefaultScope = {7414309B-E4C4-41DF-909F-8D7581005AE7}
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\..\SearchScopes\{7414309B-E4C4-41DF-909F-8D7581005AE7}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20111003&iesrc={referrer:source}
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/25 01:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/25 01:44:05 | 000,000,000 | ---D | M]

[2012/09/21 21:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/09/25 01:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.msn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Fruity Annie = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf\1.0.4_0\
CHR - Extension: Gmail = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/25 22:06:59 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15262 more lines...
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-943956546-1219100726-2847664145-1002..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-943956546-1219100726-2847664145-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-943956546-1219100726-2847664145-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} http://192.168.1.107/UltraCamX.cab (UltraCamX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9EC0F7-1EFA-42EF-A7C9-013E4D01474C}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/17 08:50:21 | 000,000,000 | ---D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2010/03/17 08:50:06 | 003,108,864 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/03/17 08:50:07 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6aee6c4d-7786-11e0-9dbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6aee6c4d-7786-11e0-9dbe-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010/03/17 08:50:06 | 003,108,864 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Majawba
join:2012-09-26
Brockton, MA

Majawba

Member

Re: [Virus] My browsers were Hijacked

OTL Extras logfile created on: 9/26/2012 6:29:20 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 77.39% Memory free
15.73 Gb Paging File | 13.76 Gb Available in Paging File | 87.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.84 Gb Total Space | 466.08 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.50 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
Drive E: | 139.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-219G9RR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A2AA1000-7C41-4BBB-A4DE-C728BC104106}" = IPSetup
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A760067A-C07E-1033-0000-A764AC000003}" = Avery Template - U_0088_01_P
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CA328CDF-A284-445E-AAE7-B24A11E97201}" = MechWarrior Online
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATC_is1" = Advanced Tactical Center™ 1.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"Compare It!_is1" = Compare It!
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"HijackThis" = HijackThis 1.99.1
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"RealPlayer 15.0" = RealPlayer
"RegInOut System Utilities 3.0.0.2" = RegInOut System Utilities 3.0.0.2
"RER Video Converter_is1" = RER Video Converter
"Snood 4_is1" = Snood 4
"Steam App 13140" = America's Army 3
"Steam App 202610" = Risen 2 Demo
"Steam App 208030" = Moon Breakers
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"The Ur-Quan Masters" = The Ur-Quan Masters 0.7.0
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"xvid" = XviD MPEG-4 Video Codec
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-943956546-1219100726-2847664145-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f004f4a-1930-4b55-83e6-61660211787f}" = MechWarrior Online
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 9/25/2012 11:53:28 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12417

Error - 9/25/2012 11:53:29 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/25/2012 11:53:29 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13416

Error - 9/25/2012 11:53:29 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13416

Error - 9/25/2012 11:53:30 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/25/2012 11:53:30 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14414

Error - 9/25/2012 11:53:30 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14414

Error - 9/26/2012 6:27:30 AM | Computer Name = MININT-219G9RR | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 9/26/2012 6:28:01 AM | Computer Name = MININT-219G9RR | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 9/26/2012 6:36:09 AM | Computer Name = MININT-219G9RR | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

[ System Events ]
Error - 9/26/2012 6:22:07 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 9/26/2012 6:22:07 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 9/26/2012 6:25:52 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 9/26/2012 6:25:54 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 9/26/2012 6:25:55 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 9/26/2012 6:26:00 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 9/26/2012 6:26:00 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.

Error - 9/26/2012 6:26:37 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 9/26/2012 6:26:37 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 9/26/2012 6:27:26 AM | Computer Name = MININT-219G9RR | Source = DCOM | ID = 10016
Description =

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

Re: otl

[color=#E56717]========== Files/Folders - Created Within 360 Days ==========[/color]

[2012/09/25 22:51:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2012/09/25 22:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/25 22:50:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/25 22:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/25 22:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/25 21:33:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/09/25 21:32:11 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/25 21:31:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2012/09/25 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/25 21:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/25 21:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/09/25 18:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRENDnet
[2012/09/25 18:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TRENDnet
[2012/09/25 01:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/09/25 01:43:02 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/09/25 01:42:56 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/09/25 01:42:56 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/09/25 01:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/09/25 01:42:55 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/09/24 06:14:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Wizards of the Coast
[2012/09/23 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Risen2
[2012/09/23 21:38:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/09/23 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Shiner
[2012/09/23 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Secret Files 3
[2012/09/23 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Dynamite Jack
[2012/09/23 09:32:52 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Book of Unwritten Tales - Demo
[2012/09/23 09:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/09/23 09:01:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\uqm
[2012/09/23 09:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Ur-Quan Masters
[2012/09/22 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Windows Live
[2012/09/22 16:25:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/22 03:00:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 03:00:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 03:00:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 03:00:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 03:00:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 03:00:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 03:00:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 03:00:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 03:00:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 03:00:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 03:00:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 03:00:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 03:00:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 03:00:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 03:00:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/21 21:00:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Mozilla
[2012/09/21 21:00:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Mozilla
[2012/09/21 21:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/21 21:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/21 21:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/11 20:04:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/11 20:04:31 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/11 20:04:30 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/11 20:04:30 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/06 22:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3 Demo
[2012/09/05 03:00:32 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/05 03:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/05 03:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/30 00:16:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Subversion
[2012/08/29 23:58:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\fltk.org
[2012/08/29 23:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/08/29 23:56:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\flightgear.org
[2012/08/29 23:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org
[2012/08/29 23:56:05 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/29 23:56:04 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/29 23:56:04 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/08/29 23:56:04 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/08/29 23:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/08/29 23:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\FlightGear
[2012/08/29 23:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/29 23:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/08/29 15:46:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Games for Windows - LIVE Demos
[2012/08/29 04:02:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Chromium
[2012/08/29 03:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/08/29 03:24:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/08/29 03:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/08/29 03:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/08/29 02:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/08/29 02:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/08/29 02:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/08/14 13:19:12 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/14 13:19:07 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/14 13:19:06 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/14 13:19:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/14 13:19:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/14 13:19:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/14 13:19:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/14 13:18:57 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/08 04:13:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Package Cache
[2012/07/30 22:22:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\America's Army 3
[2012/07/30 11:27:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\My Games
[2012/07/30 11:27:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\My Games
[2012/07/30 10:38:29 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/30 10:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/30 10:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/30 10:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/11 08:15:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 08:15:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 08:14:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 08:14:55 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 08:14:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/09 17:36:57 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/07/09 17:36:57 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/07/09 17:36:57 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/07/09 17:36:57 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/07/09 17:36:51 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/07/09 17:36:51 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/07/09 17:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/08 16:58:32 | 000,295,936 | ---- | C] (Thrustmaster) -- C:\Windows\SysNative\tmffbcpl.dll
[2012/07/08 16:58:32 | 000,208,304 | ---- | C] (Macrovision Corporation) -- C:\Windows\SysNative\isrt.dll
[2012/07/08 16:58:32 | 000,102,832 | ---- | C] (Macrovision Corporation) -- C:\Windows\SysNative\_IsRes.dll
[2012/07/08 16:58:32 | 000,041,984 | ---- | C] (Thrustmaster) -- C:\Windows\SysNative\tmffbdrv.dll
[2012/07/08 16:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster
[2012/07/08 16:58:18 | 000,253,952 | ---- | C] (Thrustmaster) -- C:\Windows\SysWow64\tmffbcpl.dll
[2012/07/08 16:58:18 | 000,034,304 | ---- | C] (Thrustmaster) -- C:\Windows\SysWow64\tmffbdrv.dll
[2012/07/08 16:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thrustmaster
[2012/07/08 16:58:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\InstallShield
[2012/07/06 21:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/06 21:45:27 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/06 21:45:27 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/06 21:45:27 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/07/06 21:45:27 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/07/06 21:45:27 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/07/06 21:45:27 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/07/06 21:45:27 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/07/06 21:45:27 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/07/06 21:45:26 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/06 21:45:26 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/06 21:45:26 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/06 21:45:26 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/06 21:45:26 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/06 21:45:26 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/06 21:45:26 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/06 21:45:26 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/06 21:45:26 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/06/26 17:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/06/25 20:04:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/25 20:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/25 20:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/25 20:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/23 22:01:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\RealNetworks
[2012/06/23 21:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/06/23 21:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/06/23 21:55:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Real
[2012/06/21 07:45:49 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 07:45:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 07:45:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 07:45:45 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 07:45:45 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 07:45:45 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 07:45:41 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 07:45:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/12 21:57:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 21:57:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 21:57:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 21:56:57 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 21:56:56 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 21:56:56 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 21:56:49 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 21:56:45 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 21:56:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/10 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\CyberLink
[2012/06/10 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\CyberLink
[2012/06/10 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Cyberlink
[2012/06/10 22:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/05/24 21:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/17 18:10:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Diablo III
[2012/05/17 05:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/17 05:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/14 09:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 09:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 09:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/09 00:05:27 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/30 23:04:00 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Phantasmat_bf_se1
[2012/04/30 22:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012/04/26 05:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/26 05:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/04/14 10:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compare It!
[2012/04/14 10:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Compare It!
[2012/04/14 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\registry
[2012/04/12 03:00:25 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 03:00:25 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 03:00:25 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/01 10:06:44 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 20:01:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\BioWare
[2012/03/31 18:34:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Apple Computer
[2012/03/31 18:34:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apple Computer
[2012/03/31 18:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/31 18:34:43 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/03/31 18:34:43 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/03/31 18:34:43 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/03/31 18:34:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/03/31 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/31 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/31 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/31 18:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/03/31 18:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/31 18:34:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apple
[2012/03/31 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/03/31 18:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/31 18:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/03/31 18:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/03/31 18:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/03/31 18:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/03/17 12:00:55 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/03/17 12:00:55 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/03/17 12:00:55 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/03/17 12:00:55 | 000,188,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/03/17 12:00:55 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/03/17 11:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/17 11:57:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/17 11:57:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/17 11:57:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/17 11:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/14 06:27:46 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 06:27:46 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/07 22:22:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2012/03/07 22:22:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\.thumbnails
[2012/03/07 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\gegl-0.0
[2012/03/07 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\.gimp-2.6
[2012/03/07 22:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012/03/07 22:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2012/02/28 00:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/02/27 23:52:01 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\.minecraft
[2012/02/15 20:24:41 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 20:24:40 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 20:24:40 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 20:24:34 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 11:01:50 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/02/15 11:01:50 | 000,052,736 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2012/01/15 11:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/01/15 11:29:29 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012/01/15 11:29:01 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2012/01/15 10:54:47 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/15 10:54:47 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/15 10:54:47 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/15 10:54:47 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/15 10:54:47 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/15 10:54:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/15 10:29:54 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/01/15 10:29:54 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/01/15 10:29:54 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/01/15 10:29:54 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/01/15 10:29:54 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/01/11 14:07:34 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 14:07:34 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 14:07:34 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 14:07:34 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 14:07:32 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 14:07:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 14:07:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011/12/20 22:49:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\SWTOR
[2011/12/20 22:49:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\HeroBlade Logs
[2011/12/20 20:35:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Unity
[2011/12/20 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/20 19:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/12/14 19:45:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 19:45:30 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 19:45:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/09 10:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/12/09 10:34:19 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/12/09 10:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011/11/22 07:29:34 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/11/22 07:29:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/11/21 17:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011/11/21 09:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011/11/21 09:09:43 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/11/21 09:09:43 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/11/21 09:09:43 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/11/21 09:09:43 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/11/21 09:09:43 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/11/21 09:09:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/11/21 09:09:42 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/11/21 09:09:42 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/11/21 09:09:42 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/11/21 09:09:42 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/11/21 09:09:42 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/11/21 09:09:42 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/11/21 09:09:42 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/11/21 09:09:41 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/11/21 09:09:41 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/11/21 09:09:41 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/11/21 09:09:41 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/11/21 09:09:41 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/11/21 09:09:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/11/21 09:09:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/11/21 09:09:41 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/11/21 09:09:41 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/11/21 09:09:41 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/11/21 09:09:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/11/21 09:09:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/11/21 09:09:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/11/21 09:09:40 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/11/21 09:09:40 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/11/21 09:09:40 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/11/21 09:09:40 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/11/21 09:09:39 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/11/21 09:09:39 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/11/21 09:09:39 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/11/21 09:09:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/11/21 09:09:39 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/11/21 09:09:39 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/11/21 09:09:38 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/11/21 09:09:38 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/11/21 09:09:38 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/11/21 09:09:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/11/21 09:09:37 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/11/21 09:09:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/11/21 09:09:37 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/11/21 09:09:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/11/21 09:09:37 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/11/21 09:09:37 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/11/21 09:09:37 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/11/21 09:09:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/11/21 09:09:37 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/11/21 09:09:37 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/11/21 09:09:36 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/11/21 09:09:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/11/21 09:09:36 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/11/21 09:09:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/11/21 09:09:35 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/11/21 09:09:35 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/11/21 09:09:35 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/11/21 09:09:35 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/11/21 09:09:35 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/11/21 09:09:35 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/11/21 09:09:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/11/21 09:09:35 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/11/21 09:09:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/11/21 09:09:35 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/11/21 09:09:35 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/11/21 09:09:35 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/11/21 09:09:35 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/11/21 09:09:35 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/11/21 09:09:35 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/11/21 09:09:35 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/11/21 09:09:34 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/11/21 09:09:34 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/11/21 09:09:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/11/21 09:09:33 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/11/21 09:09:33 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/11/21 09:09:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/11/21 09:09:33 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/11/21 09:09:33 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/11/21 09:09:33 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/11/21 09:09:33 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/11/21 09:09:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/11/21 09:09:32 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/11/21 09:09:32 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/11/21 09:09:32 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/11/21 09:09:32 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/11/21 09:09:32 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/11/21 09:09:32 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/11/21 09:09:32 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/11/21 09:09:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/11/21 09:09:32 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/11/21 09:09:32 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/11/21 09:09:32 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/11/21 09:09:32 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/11/21 09:09:31 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/11/21 09:09:31 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/11/21 09:09:31 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/11/21 09:09:31 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/11/21 09:09:30 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/11/21 09:09:30 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/11/21 09:09:30 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/11/21 09:09:30 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/11/21 09:09:30 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/11/21 09:09:30 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/11/21 09:09:30 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/11/21 09:09:30 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/11/21 09:09:29 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/11/21 09:09:29 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/11/21 09:09:29 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/11/21 09:09:29 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/11/21 09:09:28 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/11/21 09:09:28 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/11/21 09:09:28 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/11/21 09:09:28 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/11/21 09:09:27 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/11/21 09:09:27 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/11/21 09:09:27 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/11/21 09:09:27 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/11/21 09:09:27 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/11/21 09:09:27 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/11/21 09:09:26 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/11/21 09:09:26 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/11/21 09:09:26 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/11/21 09:09:26 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/11/21 09:09:26 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/11/21 09:09:26 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/11/21 09:09:26 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/11/21 09:09:26 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/11/21 09:09:26 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/11/21 09:09:26 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/11/21 09:09:25 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/11/21 09:09:25 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/11/21 09:09:25 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/11/21 09:09:25 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/11/21 09:09:25 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/11/21 09:09:25 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/11/21 09:09:25 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/11/21 09:09:25 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/11/21 09:09:24 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/11/21 09:09:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/11/21 09:09:24 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/11/21 09:09:24 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/11/21 09:09:24 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/11/21 09:09:24 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/11/21 09:09:24 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/11/21 09:09:24 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/11/21 09:09:23 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/11/21 09:09:23 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/11/21 09:09:23 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/11/21 09:09:23 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/11/21 09:09:23 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/11/21 09:09:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/11/21 09:09:23 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/11/21 09:09:23 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/11/21 09:09:23 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/11/21 09:09:23 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/11/21 09:09:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/11/21 09:09:23 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/11/21 09:09:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/11/21 09:09:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/11/21 09:09:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/11/21 09:09:18 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/11/21 09:09:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/11/21 09:09:18 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/11/21 09:09:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/11/21 09:09:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/11/21 09:09:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/11/21 09:09:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/11/21 09:09:17 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/11/21 09:09:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/11/21 09:09:16 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/11/21 09:09:16 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/11/21 09:09:16 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/11/21 09:09:16 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/11/21 09:09:15 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/11/21 09:09:15 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/11/21 07:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/11/18 12:53:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\ASUS
[2011/11/18 12:51:54 | 005,473,280 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOSDX64.dll
[2011/11/18 12:51:54 | 005,463,552 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOSDX32.dll
[2011/11/18 12:51:54 | 002,212,864 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKDispCPL.dll
[2011/11/18 12:51:54 | 001,354,240 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atklumdispx.dll
[2011/11/18 12:51:54 | 000,151,040 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atkdx11dispx.dll
[2011/11/18 12:51:54 | 000,150,528 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atkdx10dispx.dll
[2011/11/18 12:51:54 | 000,102,400 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\NetVideo_SBS.ax
[2011/11/18 12:51:54 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devcon.exe
[2011/11/18 12:51:54 | 000,063,488 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKFUSService.exe
[2011/11/18 12:51:54 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys
[2011/11/18 12:51:54 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\ATKDispLowFilter.sys
[2011/11/18 12:51:54 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\asusgsb.sys
[2011/11/18 12:51:54 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\asusgsb.sys
[2011/11/18 12:51:54 | 000,016,896 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOGL64.dll
[2011/11/18 12:51:54 | 000,015,360 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOGL32.dll
[2011/11/18 12:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2011/11/18 12:51:53 | 001,336,320 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\ATKLUMDISP.dll
[2011/11/18 12:51:53 | 000,135,168 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\atkdx11disp.dll
[2011/11/18 12:51:53 | 000,135,168 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\atkdx10disp.dll
[2011/11/18 12:51:53 | 000,102,400 | ---- | C] (ASMedia Techonology) -- C:\Windows\ASMT_CE.dll
[2011/11/18 12:51:53 | 000,071,680 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c.dll
[2011/11/18 12:51:53 | 000,069,632 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c_i.dll
[2011/11/18 12:51:53 | 000,068,608 | ---- | C] (ASMedia Technology) -- C:\Windows\nVGA_i2c.dll
[2011/11/18 11:51:01 | 000,023,680 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2011/11/18 11:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011/11/18 11:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011/11/18 11:30:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
[2011/11/18 11:30:18 | 000,016,384 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys
[2011/11/11 14:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/10 19:49:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/10 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
[2011/11/04 21:13:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/02 00:29:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\ESN Sonar
[2011/10/28 19:03:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\PunkBuster
[2011/10/28 19:03:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Battlefield 3
[2011/10/28 19:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/10/26 00:51:38 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011/10/25 19:50:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Origin
[2011/10/25 19:49:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Origin
[2011/10/25 19:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/10/25 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/10/25 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/10/25 19:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/10/25 19:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/10/25 19:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2011/10/16 08:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup
[2011/10/16 08:57:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegInOut
[2011/10/16 08:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegInOut
[2011/10/16 08:51:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\.swt
[2011/10/16 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Conduit
[2011/10/16 08:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2011/10/16 08:43:17 | 000,000,000 | ---D | C] -- C:\Windows\RegInOut System Utilities
[2011/10/12 14:51:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 14:51:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 14:51:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 14:51:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 14:51:48 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/12 14:51:47 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/02 22:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snood 4
[2011/10/02 22:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snood 4
[2011/10/02 15:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
lilhurricane

lilhurricane

Numquam oblita

[color=#E56717]========== Files - Modified Within 360 Days ==========[/color]

[2012/09/26 06:33:19 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/26 06:33:19 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/26 06:30:15 | 000,194,466 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/26 06:30:15 | 000,151,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/26 06:30:15 | 000,049,634 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/26 06:26:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/26 06:25:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/26 06:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/26 06:25:34 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/26 06:22:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-943956546-1219100726-2847664145-1002UA.job
[2012/09/26 06:22:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/25 22:06:59 | 000,444,411 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/25 21:34:24 | 000,881,724 | ---- | M] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/09/25 21:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/09/25 21:32:19 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/25 21:31:33 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2012/09/25 21:12:45 | 000,001,288 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/25 21:06:09 | 000,002,277 | ---- | M] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2012/09/25 17:42:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-943956546-1219100726-2847664145-1002Core.job
[2012/09/25 01:43:02 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/09/25 01:42:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/09/25 01:42:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/09/25 01:42:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/09/23 09:40:17 | 000,001,059 | ---- | M] () -- C:\Users\Steve\Desktop\The Ur-Quan Masters.lnk
[2012/09/15 12:58:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/15 12:58:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/15 12:58:35 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/06 22:33:54 | 000,001,514 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3 Demo.lnk
[2012/09/03 15:54:53 | 000,000,015 | ---- | M] () -- C:\Users\Steve\AppData\Local\X-Plane_drm.prf
[2012/08/30 10:16:33 | 000,000,080 | ---- | M] () -- C:\Users\Steve\AppData\Local\X-Plane Installer.prf
[2012/08/29 23:56:05 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/29 23:56:04 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/29 23:56:04 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/08/29 23:56:04 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/08/29 16:05:46 | 000,001,752 | ---- | M] () -- C:\Users\Steve\Desktop\Flight.exe - Shortcut.lnk
[2012/08/29 04:00:59 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/29 02:37:21 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/08/29 02:37:21 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/08/24 06:31:32 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/24 06:20:11 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/24 06:18:46 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/24 06:14:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/24 06:14:34 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/24 06:13:29 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/24 06:11:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/24 06:10:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/24 06:04:06 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/24 02:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/24 02:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/24 02:47:36 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/24 02:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/24 02:44:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/24 02:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/22 14:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 14:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/15 03:21:54 | 000,275,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/08 04:13:06 | 000,001,903 | ---- | M] () -- C:\Users\Steve\Desktop\MechWarrior Online.lnk
[2012/08/02 13:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/07/30 22:25:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/30 11:56:32 | 003,360,624 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/07/30 11:06:09 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012/07/30 10:39:09 | 000,000,220 | ---- | M] () -- C:\Users\Steve\Desktop\Sid Meier's Civilization V.url
[2012/07/30 10:38:29 | 000,000,221 | ---- | M] () -- C:\Users\Steve\Desktop\America's Army 3.url
[2012/07/30 10:33:39 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/04 18:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/07/04 18:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/07/04 17:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/07/04 16:26:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/06/25 20:04:19 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/06 02:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/06/06 01:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 01:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/05/17 05:26:03 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/15 06:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/05/15 06:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/05/15 06:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/05/15 06:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/05/15 06:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/05/15 06:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/05/15 06:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/05/15 06:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/05/15 06:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/05/15 06:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/05/15 06:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/05/15 06:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/05/15 06:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/05/15 06:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/05/15 06:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/05/15 06:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/05/15 06:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/05/15 06:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/05/15 06:48:00 | 000,949,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/05/15 06:48:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/05/15 06:48:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/05/15 06:48:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/05/15 06:48:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/05/15 06:48:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/05/15 06:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/15 06:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/15 06:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/15 05:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/05/15 05:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/05/15 05:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/05/15 05:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/05/15 05:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/14 01:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/05/09 23:15:17 | 000,007,605 | ---- | M] () -- C:\Users\Steve\AppData\Local\resmon.resmoncfg
[2012/05/05 04:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/05/04 07:06:22 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/04 06:03:53 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/04 06:03:50 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/26 01:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/26 01:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/26 01:34:27 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/24 01:37:37 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/04/24 01:37:36 | 001,462,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/04/07 08:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/04/01 10:06:44 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/17 11:57:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/17 11:57:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/17 11:57:54 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/17 11:57:54 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/07 23:09:39 | 000,261,582 | ---- | M] () -- C:\Users\Steve\Documents\cuteFM_Pet-Care-Contract2.pdf
[2012/03/07 22:54:58 | 000,001,504 | ---- | M] () -- C:\Users\Steve\.recently-used.xbel
[2012/03/07 22:35:16 | 000,261,189 | ---- | M] () -- C:\Users\Steve\Documents\cuteFM_Pet-Care-Contract.pdf
[2012/03/07 22:21:58 | 001,428,745 | ---- | M] () -- C:\Users\Steve\Documents\FM_Pet-Care-Contract.pdf
[2012/03/03 02:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/03/01 02:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/03/01 02:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/29 04:04:32 | 000,188,364 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/17 02:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/17 01:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/15 11:01:50 | 004,547,944 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2012/02/11 02:43:47 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/02/11 02:36:01 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/02/11 01:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/01/17 08:46:01 | 000,031,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/01/17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/01/17 08:45:55 | 001,451,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/01/04 06:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2011/12/30 02:26:08 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2011/12/30 01:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2011/12/27 11:39:01 | 492,519,764 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/16 04:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2011/12/06 19:22:44 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/19 10:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2011/11/19 10:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011/11/18 11:30:18 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys
[2011/11/17 02:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/11/17 02:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/11/17 02:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011/11/17 02:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2011/11/17 02:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2011/11/17 02:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011/11/17 01:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/11/11 20:55:10 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/26 01:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2011/10/26 01:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011/10/26 01:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/10/26 00:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2011/10/26 00:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2011/10/20 18:50:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/10/16 09:18:12 | 000,000,240 | ---- | M] () -- C:\Users\Steve\Desktop\Age of Conan.lnk
[2011/10/16 08:50:36 | 000,001,854 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/10/15 02:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/10/15 01:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/10/02 22:11:28 | 000,000,043 | ---- | M] () -- C:\END
[2011/10/02 20:12:09 | 000,000,336 | ---- | M] () -- C:\Windows\game.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/09/25 21:34:24 | 000,881,724 | ---- | C] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/09/25 21:12:45 | 000,001,288 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/23 09:40:17 | 000,001,059 | ---- | C] () -- C:\Users\Steve\Desktop\The Ur-Quan Masters.lnk
[2012/09/21 21:00:15 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/06 22:33:54 | 000,001,514 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3 Demo.lnk
[2012/08/30 10:17:00 | 000,000,015 | ---- | C] () -- C:\Users\Steve\AppData\Local\X-Plane_drm.prf
[2012/08/30 10:16:33 | 000,000,080 | ---- | C] () -- C:\Users\Steve\AppData\Local\X-Plane Installer.prf
[2012/08/29 16:05:46 | 000,001,752 | ---- | C] () -- C:\Users\Steve\Desktop\Flight.exe - Shortcut.lnk
[2012/08/29 03:24:25 | 000,001,344 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/08/29 02:37:21 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/08/29 02:37:21 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/08/08 04:13:06 | 000,001,903 | ---- | C] () -- C:\Users\Steve\Desktop\MechWarrior Online.lnk
[2012/07/30 10:39:09 | 000,000,220 | ---- | C] () -- C:\Users\Steve\Desktop\Sid Meier's Civilization V.url
[2012/07/30 10:38:29 | 000,000,221 | ---- | C] () -- C:\Users\Steve\Desktop\America's Army 3.url
[2012/07/30 10:33:39 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/09 17:36:57 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/06/25 20:04:19 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/17 05:25:50 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/30 22:47:13 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012/04/30 22:47:13 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012/04/01 10:06:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 18:34:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/07 23:09:50 | 000,261,582 | ---- | C] () -- C:\Users\Steve\Documents\cuteFM_Pet-Care-Contract2.pdf
[2012/03/07 22:54:58 | 000,001,504 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2012/03/07 22:35:33 | 000,261,189 | ---- | C] () -- C:\Users\Steve\Documents\cuteFM_Pet-Care-Contract.pdf
[2012/03/07 22:22:06 | 001,428,745 | ---- | C] () -- C:\Users\Steve\Documents\FM_Pet-Care-Contract.pdf
[2012/01/15 10:29:54 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/11/21 09:10:06 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/18 12:51:54 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011/11/18 12:51:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011/11/18 12:51:54 | 000,010,766 | ---- | C] () -- C:\Windows\SysNative\asusgsb.cat
[2011/11/18 12:51:54 | 000,010,733 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.cat
[2011/11/18 12:51:54 | 000,002,109 | ---- | C] () -- C:\Windows\SysNative\asusgsb.inf
[2011/11/18 12:51:54 | 000,001,849 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.inf
[2011/11/18 12:51:53 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/18 12:51:53 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/11/18 12:51:53 | 000,002,963 | ---- | C] () -- C:\Windows\SysWow64\xvid.inf
[2011/11/18 11:28:49 | 000,013,416 | ---- | C] () -- C:\Windows\SysNative\drivers\nvflash.sys
[2011/10/29 11:35:23 | 000,007,605 | ---- | C] () -- C:\Users\Steve\AppData\Local\resmon.resmoncfg
[2011/10/28 19:03:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/10/26 06:22:05 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/25 19:47:10 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/25 19:20:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/16 09:18:12 | 000,000,240 | ---- | C] () -- C:\Users\Steve\Desktop\Age of Conan.lnk
[2011/10/16 09:08:11 | 000,002,277 | ---- | C] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/10/16 08:50:36 | 000,001,854 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/10/02 22:10:15 | 000,000,043 | ---- | C] () -- C:\END
[2011/10/02 20:12:09 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/04 18:46:54 | 000,000,131 | ---- | C] () -- C:\Users\Steve\DeletePrintJobs.cmd
[2011/08/26 18:22:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/21 20:30:13 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe
[2011/08/21 19:03:12 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/21 19:03:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/12 16:38:20 | 000,188,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/05 23:02:07 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/05/05 23:02:07 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/05/05 23:02:07 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/05/05 23:02:07 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/05 23:02:06 | 006,060,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/05 23:02:06 | 004,069,888 | ---- | C] () -- C:\Windows\SysWow64\ig4dev32.dll
[2011/05/05 23:02:06 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/05/05 22:15:46 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/05/05 22:15:46 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/05/05 20:19:25 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012/09/22 16:19:57 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\@
[2012/09/22 16:46:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\L
[2012/09/26 06:24:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\U
[2012/09/25 22:48:46 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\L\00000004.@
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/09/25 22:48:46 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/09/25 22:48:45 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-943956546-1219100726-2847664145-1002\$897557db40356dc477bcd07a7131fdbe\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$897557db40356dc477bcd07a7131fdbe\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012/02/27 23:52:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.minecraft
[2012/04/05 20:11:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
[2012/09/23 17:35:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dynamite Jack
[2011/09/19 22:29:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EleFun Games
[2011/09/18 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Enki Games
[2012/08/30 00:20:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\flightgear.org
[2012/08/29 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\fltk.org
[2012/03/07 22:54:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2011/08/30 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LolClient
[2011/07/24 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mumble
[2011/09/19 22:52:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NevoSoft
[2011/09/18 10:59:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Oberon Media
[2012/07/19 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Origin
[2012/04/30 23:06:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Phantasmat_bf_se1
[2011/10/04 20:11:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Raptr
[2012/03/31 22:42:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\RIFT
[2012/05/21 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SoftGrid Client
[2012/08/30 00:16:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Subversion
[2011/08/04 20:56:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TP
[2012/09/23 13:06:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uqm
[2011/05/12 14:26:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\wargaming.net

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:F06079A3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:06C34166
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ADE91125
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F21CB906
lilhurricane

lilhurricane

Numquam oblita

extras

OTL Extras logfile created on: 9/26/2012 6:29:20 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 77.39% Memory free
15.73 Gb Paging File | 13.76 Gb Available in Paging File | 87.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.84 Gb Total Space | 466.08 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.50 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
Drive E: | 139.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-219G9RR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A2AA1000-7C41-4BBB-A4DE-C728BC104106}" = IPSetup
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A760067A-C07E-1033-0000-A764AC000003}" = Avery Template - U_0088_01_P
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CA328CDF-A284-445E-AAE7-B24A11E97201}" = MechWarrior Online
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATC_is1" = Advanced Tactical Center™ 1.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"Compare It!_is1" = Compare It!
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"HijackThis" = HijackThis 1.99.1
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"RealPlayer 15.0" = RealPlayer
"RegInOut System Utilities 3.0.0.2" = RegInOut System Utilities 3.0.0.2
"RER Video Converter_is1" = RER Video Converter
"Snood 4_is1" = Snood 4
"Steam App 13140" = America's Army 3
"Steam App 202610" = Risen 2 Demo
"Steam App 208030" = Moon Breakers
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"The Ur-Quan Masters" = The Ur-Quan Masters 0.7.0
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"xvid" = XviD MPEG-4 Video Codec
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-943956546-1219100726-2847664145-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f004f4a-1930-4b55-83e6-61660211787f}" = MechWarrior Online
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 9/25/2012 11:53:28 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12417

Error - 9/25/2012 11:53:29 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/25/2012 11:53:29 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13416

Error - 9/25/2012 11:53:29 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13416

Error - 9/25/2012 11:53:30 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/25/2012 11:53:30 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14414

Error - 9/25/2012 11:53:30 PM | Computer Name = MININT-219G9RR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14414

Error - 9/26/2012 6:27:30 AM | Computer Name = MININT-219G9RR | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 9/26/2012 6:28:01 AM | Computer Name = MININT-219G9RR | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 9/26/2012 6:36:09 AM | Computer Name = MININT-219G9RR | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

[ System Events ]
Error - 9/26/2012 6:22:07 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 9/26/2012 6:22:07 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 9/26/2012 6:25:52 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 9/26/2012 6:25:54 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 9/26/2012 6:25:55 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 9/26/2012 6:26:00 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 9/26/2012 6:26:00 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.

Error - 9/26/2012 6:26:37 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 9/26/2012 6:26:37 AM | Computer Name = MININT-219G9RR | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 9/26/2012 6:27:26 AM | Computer Name = MININT-219G9RR | Source = DCOM | ID = 10016
Description =
Majawba
join:2012-09-26
Brockton, MA

Majawba

Member

Re: [Virus] My browsers were Hijacked

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
[color=red]Out of date HijackThis installed![/color]
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 1.99.1
Java(TM) 6 Update 31
[color=red]Java version out of Date![/color]
Adobe Flash Player 10 [color=red]Flash Player out of Date![/color]
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 [color=red]Firefox out of Date![/color]
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
[u]````````````````````End of Log``````````````````````[/u]

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

sec chk

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
[color=red]Out of date HijackThis installed![/color]
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 1.99.1
Java(TM) 6 Update 31
[color=red]Java version out of Date![/color]
Adobe Flash Player 10 [color=red]Flash Player out of Date![/color]
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 [color=red]Firefox out of Date![/color]
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
[u]````````````````````End of Log``````````````````````[/u]
Majawba
join:2012-09-26
Brockton, MA

Majawba

Member

Re: [Virus] My browsers were Hijacked

C:\Program Files (x86)\RegInOut\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application cleaned by deleting - quarantined
C:\Program Files (x86)\RegInOut\RegInOut.exe a variant of Win32/Adware.PCFresher.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined
C:\Users\Steve\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Steve\Downloads\RegInOut_Setup_CNET.exe multiple threats cleaned by deleting - quarantined

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

eset

You're missing the entire ESET log (with headers)

Can you repost please?

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

---or for 64bit Windows: C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to your topic, along with a description of any remaining problems
lilhurricane

lilhurricane

Numquam oblita

.... if you could also download and run TDSS Killer (#4), posting the log in your next reply

We'll need the entire log, even if you 'think/see' nothing detected.

»Security Cleanup FAQ »Rootkit Detection Applications
Majawba
join:2012-09-26
Brockton, MA

Majawba

Member

That log does not exist for eset. I could run it again, but of course it will come up clean now.

I am off to run TDSS now

P.S.
Crunchin' for Cures as in Cancer?

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

said by Majawba:

That log does not exist for eset. I could run it again, but of course it will come up clean now.

I am off to run TDSS now

P.S.
Crunchin' for Cures as in Cancer?

The logs should still remain in the folder..no need to re-run

..and yes, crunchin' for cancer cures.

»Team Discovery
Majawba
join:2012-09-26
Brockton, MA

Majawba

Member

TDSS.txt
66,387 bytes
The TDSS report was too long so I will attach it.

My wife has stage 4 metastatic breast cancer. It is throughout her whole skeletal system. It is still progressing, though the treatments appear to be beginning to work.

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

Thanks for adding..and keep the faith..

Advancements are being made all the time. That's why Team Discovery does what it does...we want to win the battle

..we will one day too..I really believe that. If you have any questions, feel free to contact me by PM..or post to our TD forum..loads of folks there ready to assist

18:20:22.0031 3416 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:20:22.0273 3416 ============================================================
18:20:22.0273 3416 Current date / time: 2012/09/26 18:20:22.0273
18:20:22.0273 3416 SystemInfo:
18:20:22.0273 3416
18:20:22.0273 3416 OS Version: 6.1.7601 ServicePack: 1.0
18:20:22.0273 3416 Product type: Workstation
18:20:22.0273 3416 ComputerName: MININT-219G9RR
18:20:22.0274 3416 UserName: Steve
18:20:22.0274 3416 Windows directory: C:\Windows
18:20:22.0274 3416 System windows directory: C:\Windows
18:20:22.0274 3416 Running under WOW64
18:20:22.0274 3416 Processor architecture: Intel x64
18:20:22.0274 3416 Number of processors: 4
18:20:22.0274 3416 Page size: 0x1000
18:20:22.0274 3416 Boot type: Normal boot
18:20:22.0274 3416 ============================================================
18:20:23.0156 3416 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:20:23.0170 3416 ============================================================
18:20:23.0170 3416 \Device\Harddisk0\DR0:
18:20:23.0170 3416 MBR partitions:
18:20:23.0170 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x72BAD800
18:20:23.0170 3416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72BAE000, BlocksNum 0x1B58000
18:20:23.0170 3416 ============================================================
18:20:23.0189 3416 C: \Device\Harddisk0\DR0\Partition1
18:20:23.0229 3416 D: \Device\Harddisk0\DR0\Partition2
18:20:23.0229 3416 ============================================================
18:20:23.0229 3416 Initialize success
18:20:23.0229 3416 ============================================================
18:20:52.0866 4272 ============================================================
18:20:52.0866 4272 Scan started
18:20:52.0866 4272 Mode: Manual;
18:20:52.0866 4272 ============================================================
18:20:53.0286 4272 ================ Scan system memory ========================
18:20:53.0286 4272 System memory - ok
18:20:53.0286 4272 ================ Scan services =============================
18:20:53.0337 4272 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:20:53.0338 4272 !SASCORE - ok
18:20:53.0450 4272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:20:53.0460 4272 1394ohci - ok
18:20:53.0479 4272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:20:53.0480 4272 ACPI - ok
18:20:53.0491 4272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:20:53.0502 4272 AcpiPmi - ok
18:20:53.0589 4272 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:20:53.0590 4272 AdobeARMservice - ok
18:20:53.0646 4272 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:20:53.0647 4272 AdobeFlashPlayerUpdateSvc - ok
18:20:53.0675 4272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:20:53.0688 4272 adp94xx - ok
18:20:53.0700 4272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:20:53.0710 4272 adpahci - ok
18:20:53.0726 4272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:20:53.0735 4272 adpu320 - ok
18:20:53.0754 4272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:20:53.0760 4272 AeLookupSvc - ok
18:20:53.0810 4272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:20:53.0824 4272 AFD - ok
18:20:53.0840 4272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:20:53.0847 4272 agp440 - ok
18:20:53.0858 4272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:20:53.0873 4272 ALG - ok
18:20:53.0884 4272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:20:53.0895 4272 aliide - ok
18:20:53.0918 4272 [ B3E801135E0C81733542C14D9AA8120A ] Alpham1 C:\Windows\system32\DRIVERS\Alpham164.sys
18:20:53.0925 4272 Alpham1 - ok
18:20:53.0948 4272 [ 6493983FEDBC49D9112703ECE9B251FE ] Alpham2 C:\Windows\system32\DRIVERS\Alpham264.sys
18:20:53.0955 4272 Alpham2 - ok
18:20:53.0968 4272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:20:53.0978 4272 amdide - ok
18:20:53.0989 4272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:20:53.0997 4272 AmdK8 - ok
18:20:54.0009 4272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:20:54.0020 4272 AmdPPM - ok
18:20:54.0043 4272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:20:54.0050 4272 amdsata - ok
18:20:54.0078 4272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:20:54.0088 4272 amdsbs - ok
18:20:54.0105 4272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:20:54.0105 4272 amdxata - ok
18:20:54.0158 4272 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
18:20:54.0160 4272 AppHostSvc - ok
18:20:54.0191 4272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:20:54.0197 4272 AppID - ok
18:20:54.0210 4272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:20:54.0222 4272 AppIDSvc - ok
18:20:54.0244 4272 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:20:54.0246 4272 Appinfo - ok
18:20:54.0301 4272 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:54.0302 4272 Apple Mobile Device - ok
18:20:54.0314 4272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:20:54.0323 4272 arc - ok
18:20:54.0334 4272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:20:54.0342 4272 arcsas - ok
18:20:54.0363 4272 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
18:20:54.0363 4272 ASDR - ok
18:20:54.0435 4272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:20:54.0435 4272 aspnet_state - ok
18:20:54.0468 4272 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
18:20:54.0475 4272 asusgsb - ok
18:20:54.0491 4272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:54.0498 4272 AsyncMac - ok
18:20:54.0513 4272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:20:54.0513 4272 atapi - ok
18:20:54.0532 4272 [ FB4187C282CB467E5E606913A1FA79A3 ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys
18:20:54.0539 4272 atkdisplf - ok
18:20:54.0561 4272 [ 86D873FD396FA6708A99A1BDF104D120 ] ATKFUSService C:\Windows\system32\ATKFUSService.exe
18:20:54.0569 4272 ATKFUSService - ok
18:20:54.0597 4272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:54.0603 4272 AudioEndpointBuilder - ok
18:20:54.0611 4272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:20:54.0613 4272 AudioSrv - ok
18:20:54.0655 4272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:20:54.0663 4272 AxInstSV - ok
18:20:54.0681 4272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:20:54.0694 4272 b06bdrv - ok
18:20:54.0718 4272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:20:54.0728 4272 b57nd60a - ok
18:20:54.0767 4272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:20:54.0776 4272 BDESVC - ok
18:20:54.0788 4272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:20:54.0796 4272 Beep - ok
18:20:54.0805 4272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:20:54.0812 4272 blbdrive - ok
18:20:54.0844 4272 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:20:54.0846 4272 Bonjour Service - ok
18:20:54.0879 4272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:20:54.0880 4272 bowser - ok
18:20:54.0891 4272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:20:54.0898 4272 BrFiltLo - ok
18:20:54.0907 4272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:20:54.0915 4272 BrFiltUp - ok
18:20:54.0930 4272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:20:54.0932 4272 Browser - ok
18:20:54.0953 4272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:20:54.0964 4272 Brserid - ok
18:20:54.0981 4272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:20:54.0989 4272 BrSerWdm - ok
18:20:54.0992 4272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:20:54.0998 4272 BrUsbMdm - ok
18:20:55.0010 4272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:20:55.0017 4272 BrUsbSer - ok
18:20:55.0029 4272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:20:55.0037 4272 BTHMODEM - ok
18:20:55.0050 4272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:20:55.0063 4272 bthserv - ok
18:20:55.0073 4272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:20:55.0073 4272 cdfs - ok
18:20:55.0095 4272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:20:55.0106 4272 cdrom - ok
18:20:55.0138 4272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:20:55.0140 4272 CertPropSvc - ok
18:20:55.0150 4272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:20:55.0158 4272 circlass - ok
18:20:55.0176 4272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:20:55.0180 4272 CLFS - ok
18:20:55.0228 4272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:55.0229 4272 clr_optimization_v2.0.50727_32 - ok
18:20:55.0277 4272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:20:55.0278 4272 clr_optimization_v2.0.50727_64 - ok
18:20:55.0338 4272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:55.0340 4272 clr_optimization_v4.0.30319_32 - ok
18:20:55.0348 4272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:20:55.0349 4272 clr_optimization_v4.0.30319_64 - ok
18:20:55.0368 4272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:55.0375 4272 CmBatt - ok
18:20:55.0384 4272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:20:55.0394 4272 cmdide - ok
18:20:55.0423 4272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:20:55.0425 4272 CNG - ok
18:20:55.0440 4272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:20:55.0447 4272 Compbatt - ok
18:20:55.0465 4272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:20:55.0474 4272 CompositeBus - ok
18:20:55.0477 4272 COMSysApp - ok
18:20:55.0525 4272 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
18:20:55.0532 4272 cpuz135 - ok
18:20:55.0543 4272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:20:55.0550 4272 crcdisk - ok
18:20:55.0578 4272 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:20:55.0580 4272 CryptSvc - ok
18:20:55.0658 4272 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:20:55.0662 4272 cvhsvc - ok
18:20:55.0691 4272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:20:55.0696 4272 DcomLaunch - ok
18:20:55.0718 4272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:20:55.0719 4272 defragsvc - ok
18:20:55.0743 4272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:20:55.0744 4272 DfsC - ok
18:20:55.0777 4272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:20:55.0780 4272 Dhcp - ok
18:20:55.0792 4272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:20:55.0799 4272 discache - ok
18:20:55.0831 4272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:20:55.0831 4272 Disk - ok
18:20:55.0858 4272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:20:55.0860 4272 Dnscache - ok
18:20:55.0881 4272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:20:55.0933 4272 dot3svc - ok
18:20:55.0966 4272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:20:55.0969 4272 DPS - ok
18:20:56.0003 4272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:20:56.0010 4272 drmkaud - ok
18:20:56.0024 4272 dump_wmimmc - ok
18:20:56.0048 4272 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:20:56.0067 4272 DXGKrnl - ok
18:20:56.0090 4272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:20:56.0092 4272 EapHost - ok
18:20:56.0142 4272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:20:56.0207 4272 ebdrv - ok
18:20:56.0228 4272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:20:56.0232 4272 EFS - ok
18:20:56.0275 4272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:20:56.0278 4272 ehRecvr - ok
18:20:56.0299 4272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:20:56.0300 4272 ehSched - ok
18:20:56.0320 4272 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
18:20:56.0327 4272 EIO64 - ok
18:20:56.0343 4272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:20:56.0356 4272 elxstor - ok
18:20:56.0383 4272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:20:56.0391 4272 ErrDev - ok
18:20:56.0417 4272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:20:56.0421 4272 EventSystem - ok
18:20:56.0442 4272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:20:56.0452 4272 exfat - ok
18:20:56.0464 4272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:20:56.0473 4272 fastfat - ok
18:20:56.0493 4272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:20:56.0499 4272 Fax - ok
18:20:56.0509 4272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:20:56.0515 4272 fdc - ok
18:20:56.0526 4272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:20:56.0527 4272 fdPHost - ok
18:20:56.0537 4272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:20:56.0539 4272 FDResPub - ok
18:20:56.0549 4272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:20:56.0549 4272 FileInfo - ok
18:20:56.0554 4272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:20:56.0561 4272 Filetrace - ok
18:20:56.0571 4272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:56.0578 4272 flpydisk - ok
18:20:56.0599 4272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:20:56.0600 4272 FltMgr - ok
18:20:56.0635 4272 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:20:56.0652 4272 FontCache - ok
18:20:56.0701 4272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:20:56.0702 4272 FontCache3.0.0.0 - ok
18:20:56.0715 4272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:20:56.0723 4272 FsDepends - ok
18:20:56.0750 4272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:20:56.0758 4272 Fs_Rec - ok
18:20:56.0767 4272 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:20:56.0768 4272 fvevol - ok
18:20:56.0785 4272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:20:56.0792 4272 gagp30kx - ok
18:20:56.0808 4272 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:20:56.0815 4272 GEARAspiWDM - ok
18:20:56.0847 4272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:20:56.0854 4272 gpsvc - ok
18:20:56.0922 4272 GPU-Z - ok
18:20:56.0981 4272 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:56.0982 4272 gupdate - ok
18:20:56.0996 4272 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:56.0997 4272 gupdatem - ok
18:20:57.0005 4272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:20:57.0013 4272 hcw85cir - ok
18:20:57.0044 4272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:20:57.0055 4272 HdAudAddService - ok
18:20:57.0077 4272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:57.0088 4272 HDAudBus - ok
18:20:57.0112 4272 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:20:57.0120 4272 HECIx64 - ok
18:20:57.0135 4272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:20:57.0142 4272 HidBatt - ok
18:20:57.0151 4272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:20:57.0159 4272 HidBth - ok
18:20:57.0165 4272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:20:57.0172 4272 HidIr - ok
18:20:57.0192 4272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:20:57.0194 4272 hidserv - ok
18:20:57.0215 4272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:20:57.0221 4272 HidUsb - ok
18:20:57.0328 4272 [ 5350AEF38CA2D8885F47D4455E7EF4EE ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
18:20:57.0328 4272 HiPatchService - ok
18:20:57.0349 4272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:20:57.0352 4272 hkmsvc - ok
18:20:57.0375 4272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:20:57.0378 4272 HomeGroupListener - ok
18:20:57.0403 4272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:20:57.0406 4272 HomeGroupProvider - ok
18:20:57.0435 4272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:20:57.0442 4272 HpSAMD - ok
18:20:57.0465 4272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:20:57.0483 4272 HTTP - ok
18:20:57.0502 4272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:20:57.0502 4272 hwpolicy - ok
18:20:57.0521 4272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:20:57.0529 4272 i8042prt - ok
18:20:57.0569 4272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:20:57.0581 4272 iaStorV - ok
18:20:57.0625 4272 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:20:57.0625 4272 IDriverT - ok
18:20:57.0666 4272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:20:57.0669 4272 idsvc - ok
18:20:57.0795 4272 [ 31D1AFF484D8A0906CF8D44251EC390F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:20:57.0931 4272 igfx - ok
18:20:57.0956 4272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:20:57.0963 4272 iirsp - ok
18:20:58.0001 4272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:20:58.0009 4272 IKEEXT - ok
18:20:58.0036 4272 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:20:58.0045 4272 Impcd - ok
18:20:58.0108 4272 [ 26407A11D7E222AFB7CE32700ABBD9D1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:20:58.0166 4272 IntcAzAudAddService - ok
18:20:58.0190 4272 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:20:58.0200 4272 IntcDAud - ok
18:20:58.0215 4272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:20:58.0225 4272 intelide - ok
18:20:58.0246 4272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:20:58.0255 4272 intelppm - ok
18:20:58.0273 4272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:20:58.0307 4272 IPBusEnum - ok
18:20:58.0362 4272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:58.0402 4272 IpFilterDriver - ok
18:20:58.0443 4272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:20:58.0475 4272 IPMIDRV - ok
18:20:58.0493 4272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:20:58.0501 4272 IPNAT - ok
18:20:58.0528 4272 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:20:58.0532 4272 iPod Service - ok
18:20:58.0558 4272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM
lilhurricane

lilhurricane

Numquam oblita

C:\Windows\system32\drivers\irenum.sys
18:20:58.0565 4272 IRENUM - ok
18:20:58.0576 4272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:20:58.0583 4272 isapnp - ok
18:20:58.0601 4272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:20:58.0611 4272 iScsiPrt - ok
18:20:58.0635 4272 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:20:58.0646 4272 k57nd60a - ok
18:20:58.0663 4272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:58.0671 4272 kbdclass - ok
18:20:58.0680 4272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:20:58.0688 4272 kbdhid - ok
18:20:58.0700 4272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:20:58.0701 4272 KeyIso - ok
18:20:58.0720 4272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:20:58.0721 4272 KSecDD - ok
18:20:58.0747 4272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:20:58.0747 4272 KSecPkg - ok
18:20:58.0759 4272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:20:58.0766 4272 ksthunk - ok
18:20:58.0796 4272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:20:58.0809 4272 KtmRm - ok
18:20:58.0829 4272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:20:58.0832 4272 LanmanServer - ok
18:20:58.0851 4272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:58.0853 4272 LanmanWorkstation - ok
18:20:58.0883 4272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:20:58.0890 4272 lltdio - ok
18:20:58.0909 4272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:20:58.0928 4272 lltdsvc - ok
18:20:58.0940 4272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:20:58.0942 4272 lmhosts - ok
18:20:58.0967 4272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:20:58.0975 4272 LSI_FC - ok
18:20:58.0988 4272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:20:58.0995 4272 LSI_SAS - ok
18:20:59.0006 4272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:20:59.0013 4272 LSI_SAS2 - ok
18:20:59.0028 4272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:20:59.0036 4272 LSI_SCSI - ok
18:20:59.0052 4272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:20:59.0053 4272 luafv - ok
18:20:59.0072 4272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:20:59.0091 4272 Mcx2Svc - ok
18:20:59.0102 4272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:20:59.0110 4272 megasas - ok
18:20:59.0128 4272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:20:59.0139 4272 MegaSR - ok
18:20:59.0155 4272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:20:59.0157 4272 MMCSS - ok
18:20:59.0167 4272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:20:59.0174 4272 Modem - ok
18:20:59.0196 4272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:20:59.0203 4272 monitor - ok
18:20:59.0212 4272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:20:59.0219 4272 mouclass - ok
18:20:59.0240 4272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:20:59.0247 4272 mouhid - ok
18:20:59.0269 4272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:20:59.0270 4272 mountmgr - ok
18:20:59.0337 4272 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:20:59.0337 4272 MozillaMaintenance - ok
18:20:59.0357 4272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:20:59.0368 4272 mpio - ok
18:20:59.0383 4272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:20:59.0391 4272 mpsdrv - ok
18:20:59.0412 4272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:20:59.0420 4272 MRxDAV - ok
18:20:59.0443 4272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:59.0445 4272 mrxsmb - ok
18:20:59.0470 4272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:59.0473 4272 mrxsmb10 - ok
18:20:59.0485 4272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:59.0487 4272 mrxsmb20 - ok
18:20:59.0499 4272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:20:59.0506 4272 msahci - ok
18:20:59.0520 4272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:20:59.0528 4272 msdsm - ok
18:20:59.0540 4272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:20:59.0553 4272 MSDTC - ok
18:20:59.0577 4272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:20:59.0577 4272 Msfs - ok
18:20:59.0593 4272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:20:59.0604 4272 mshidkmdf - ok
18:20:59.0641 4272 [ 0BBE794E0C54621CFA8ED9B5850BAAAE ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
18:20:59.0648 4272 MSHUSBVideo - ok
18:20:59.0666 4272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:20:59.0666 4272 msisadrv - ok
18:20:59.0679 4272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:20:59.0708 4272 MSiSCSI - ok
18:20:59.0710 4272 msiserver - ok
18:20:59.0732 4272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:20:59.0738 4272 MSKSSRV - ok
18:20:59.0749 4272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:59.0755 4272 MSPCLOCK - ok
18:20:59.0764 4272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:20:59.0771 4272 MSPQM - ok
18:20:59.0795 4272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:20:59.0796 4272 MsRPC - ok
18:20:59.0806 4272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:20:59.0813 4272 mssmbios - ok
18:20:59.0826 4272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:20:59.0833 4272 MSTEE - ok
18:20:59.0844 4272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:20:59.0852 4272 MTConfig - ok
18:20:59.0863 4272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:20:59.0864 4272 Mup - ok
18:20:59.0890 4272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:20:59.0895 4272 napagent - ok
18:20:59.0917 4272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:20:59.0928 4272 NativeWifiP - ok
18:20:59.0969 4272 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:20:59.0977 4272 NDIS - ok
18:20:59.0994 4272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:21:00.0002 4272 NdisCap - ok
18:21:00.0025 4272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:00.0032 4272 NdisTapi - ok
18:21:00.0059 4272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:00.0066 4272 Ndisuio - ok
18:21:00.0080 4272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:00.0089 4272 NdisWan - ok
18:21:00.0119 4272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:21:00.0127 4272 NDProxy - ok
18:21:00.0159 4272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:21:00.0160 4272 NetBIOS - ok
18:21:00.0175 4272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:21:00.0185 4272 NetBT - ok
18:21:00.0198 4272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:21:00.0199 4272 Netlogon - ok
18:21:00.0224 4272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:21:00.0229 4272 Netman - ok
18:21:00.0256 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:21:00.0257 4272 NetMsmqActivator - ok
18:21:00.0261 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:21:00.0261 4272 NetPipeActivator - ok
18:21:00.0275 4272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:21:00.0279 4272 netprofm - ok
18:21:00.0283 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:21:00.0285 4272 NetTcpActivator - ok
18:21:00.0293 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:21:00.0294 4272 NetTcpPortSharing - ok
18:21:00.0313 4272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:21:00.0321 4272 nfrd960 - ok
18:21:00.0334 4272 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:21:00.0338 4272 NlaSvc - ok
18:21:00.0346 4272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:21:00.0347 4272 Npfs - ok
18:21:00.0370 4272 npggsvc - ok
18:21:00.0373 4272 NPPTNT2 - ok
18:21:00.0381 4272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:21:00.0382 4272 nsi - ok
18:21:00.0393 4272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:21:00.0400 4272 nsiproxy - ok
18:21:00.0446 4272 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:21:00.0472 4272 Ntfs - ok
18:21:00.0480 4272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:21:00.0490 4272 Null - ok
18:21:00.0515 4272 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:21:00.0524 4272 NVHDA - ok
18:21:00.0725 4272 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:21:00.0928 4272 nvlddmkm - ok
18:21:00.0959 4272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:21:00.0967 4272 nvraid - ok
18:21:00.0992 4272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:21:01.0001 4272 nvstor - ok
18:21:01.0046 4272 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:21:01.0055 4272 nvsvc - ok
18:21:01.0067 4272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:21:01.0075 4272 nv_agp - ok
18:21:01.0117 4272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:21:01.0124 4272 ohci1394 - ok
18:21:01.0141 4272 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:01.0142 4272 ose - ok
18:21:01.0229 4272 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:21:01.0248 4272 osppsvc - ok
18:21:01.0278 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:21:01.0281 4272 p2pimsvc - ok
18:21:01.0306 4272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:21:01.0311 4272 p2psvc - ok
18:21:01.0331 4272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:21:01.0338 4272 Parport - ok
18:21:01.0360 4272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:21:01.0361 4272 partmgr - ok
18:21:01.0375 4272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:21:01.0377 4272 PcaSvc - ok
18:21:01.0385 4272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:21:01.0386 4272 pci - ok
18:21:01.0392 4272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:21:01.0393 4272 pciide - ok
18:21:01.0411 4272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:21:01.0422 4272 pcmcia - ok
18:21:01.0439 4272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:21:01.0439 4272 pcw - ok
18:21:01.0458 4272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:21:01.0472 4272 PEAUTH - ok
18:21:01.0529 4272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:21:01.0530 4272 PerfHost - ok
18:21:01.0575 4272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:21:01.0609 4272 pla - ok
18:21:01.0635 4272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:21:01.0640 4272 PlugPlay - ok
18:21:01.0660 4272 [ 34BFC6ED31B4E8BE940C884B8AC7D9DF ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
18:21:01.0667 4272 pmxdrv - ok
18:21:01.0679 4272 PnkBstrA - ok
18:21:01.0682 4272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:21:01.0694 4272 PNRPAutoReg - ok
18:21:01.0700 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:21:01.0702 4272 PNRPsvc - ok
18:21:01.0719 4272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:21:01.0724 4272 PolicyAgent - ok
18:21:01.0750 4272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:21:01.0752 4272 Power - ok
18:21:01.0775 4272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:21:01.0783 4272 PptpMiniport - ok
18:21:01.0800 4272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:21:01.0809 4272 Processor - ok
18:21:01.0831 4272 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:21:01.0834 4272 ProfSvc - ok
18:21:01.0847 4272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:21:01.0847 4272 ProtectedStorage - ok
18:21:01.0883 4272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:21:01.0891 4272 Psched - ok
18:21:01.0908 4272 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:21:01.0909 4272 PxHlpa64 - ok
18:21:01.0941 4272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:21:01.0991 4272 ql2300 - ok
18:21:02.0003 4272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:21:02.0011 4272 ql40xx - ok
18:21:02.0030 4272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:21:02.0042 4272 QWAVE - ok
18:21:02.0053 4272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:21:02.0060 4272 QWAVEdrv - ok
18:21:02.0070 4272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:21:02.0078 4272 RasAcd - ok
18:21:02.0103 4272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:21:02.0110 4272 RasAgileVpn - ok
18:21:02.0119 4272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:21:02.0155 4272 RasAuto - ok
18:21:02.0188 4272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:21:02.0196 4272 Rasl2tp - ok
18:21:02.0214 4272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:21:02.0227 4272 RasMan - ok
18:21:02.0238 4272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:21:02.0245 4272 RasPppoe - ok
18:21:02.0258 4272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:21:02.0265 4272 RasSstp - ok
18:21:02.0274 4272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:21:02.0276 4272 rdbss - ok
18:21:02.0286 4272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:21:02.0294 4272 rdpbus - ok
18:21:02.0304 4272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:21:02.0314 4272 RDPCDD - ok
18:21:02.0338 4272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:21:02.0348 4272 RDPENCDD - ok
18:21:02.0362 4272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:21:02.0373 4272 RDPREFMP - ok
18:21:02.0391 4272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:21:02.0400 4272 RDPWD - ok
18:21:02.0427 4272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:21:02.0428 4272 rdyboost - ok
18:21:02.0465 4272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:21:02.0503 4272 RemoteAccess - ok
18:21:02.0513 4272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:21:02.0522 4272 RemoteRegistry - ok
18:21:02.0536 4272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:21:02.0538 4272 RpcEptMapper - ok
18:21:02.0551 4272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:21:02.0558 4272 RpcLocator - ok
18:21:02.0584 4272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:21:02.0587 4272 RpcSs - ok
18:21:02.0601 4272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:21:02.0608 4272 rspndr - ok
18:21:02.0613 4272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:21:02.0614 4272 SamSs - ok
18:21:02.0661 4272 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:21:02.0662 4272 SASDIFSV - ok
18:21:02.0702 4272 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:21:02.0702 4272 SASKUTIL - ok
18:21:02.0758 4272 [ C1BE4B13A9803AA9CFC768EC84501949 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
18:21:02.0759 4272 SAVAdminService - ok
18:21:02.0772 4272 [ 2BB45E1528EBB0F2A105ECDC0DD28333 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
18:21:02.0773 4272 SAVOnAccess - ok
18:21:02.0794 4272 [ 836AEC603665F6DB83965EE57B3DCF57 ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
18:21:02.0794 4272 SAVService - ok
18:21:02.0816 4272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:21:02.0824 4272 sbp2port - ok
18:21:02.0902 4272 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:21:02.0906 4272 SBSDWSCService - ok
18:21:02.0926 4272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:21:02.0937 4272 SCardSvr - ok
18:21:02.0962 4272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:21:02.0971 4272 scfilter - ok
18:21:02.0998 4272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:21:03.0015 4272 Schedule - ok
18:21:03.0039 4272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:21:03.0040 4272 SCPolicySvc - ok
18:21:03.0061 4272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:21:03.0072 4272 SDRSVC - ok
18:21:03.0092 4272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:21:03.0099 4272 secdrv - ok
18:21:03.0118 4272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:21:03.0120 4272 seclogon - ok
18:21:03.0129 4272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:21:03.0131 4272 SENS - ok
18:21:03.0139 4272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:21:03.0155 4272 SensrSvc - ok
18:21:03.0164 4272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:21:03.0172 4272 Serenum - ok
18:21:03.0199 4272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:21:03.0206 4272 Serial - ok
18:21:03.0235 4272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:21:03.0242 4272 sermouse - ok
18:21:03.0270 4272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:21:03.0273 4272 SessionEnv - ok
18:21:03.0296 4272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:21:03.0303 4272 sffdisk - ok
18:21:03.0315 4272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:21:03.0322 4272 sffp_mmc - ok
18:21:03.0325 4272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:21:03.0332 4272 sffp_sd - ok
18:21:03.0340 4272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:21:03.0347 4272 sfloppy - ok
18:21:03.0378 4272 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:21:03.0394 4272 Sftfs - ok
18:21:03.0435 4272 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:21:03.0437 4272 sftlist - ok
18:21:03.0446 4272 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:21:03.0457 4272 Sftplay - ok
18:21:03.0466 4272 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:21:03.0466 4272 Sftredir - ok
18:21:03.0476 4272 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:21:03.0493 4272 Sftvol - ok
18:21:03.0497 4272 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:21:03.0498 4272 sftvsa - ok
18:21:03.0517 4272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:21:03.0521 4272 ShellHWDetection - ok
18:21:03.0529 4272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:21:03.0536 4272 SiSRaid2 - ok
18:21:03.0552 4272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:21:03.0560 4272 SiSRaid4 - ok
18:21:03.0597 4272 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:21:03.0598 4272 SkypeUpdate - ok
18:21:03.0618 4272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:21:03.0626 4272 Smb - ok
18:21:03.0649 4272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:21:03.0651 4272 SNMPTRAP - ok
18:21:03.0671 4272 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
18:21:03.0678 4272 SophosBootDriver - ok
18:21:03.0695 4272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:21:03.0695 4272 spldr - ok
18:21:03.0718 4272 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:21:03.0724 4272 Spooler - ok
18:21:03.0786 4272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:21:03.0837 4272 sppsvc - ok
18:21:03.0850 4272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:21:03.0880 4272 sppuinotify - ok
18:21:03.0900 4272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:21:03.0904 4272 srv - ok
18:21:03.0918 4272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:21:03.0922 4272 srv2 - ok
18:21:03.0932 4272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:21:03.0934 4272 srvnet - ok
18:21:03.0955 4272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:21:03.0958 4272 SSDPSRV - ok
18:21:03.0968 4272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:21:03.0978 4272 SstpSvc - ok
18:21:04.0003 4272 Steam Client Service - ok
18:21:04.0016 4272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:21:04.0027 4272 stexstor - ok
18:21:04.0060 4272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:21:04.0066 4272 stisvc - ok
18:21:04.0091 4272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:21:04.0098 4272 swenum - ok
18:21:04.0158 4272 [ 9AD184004DEE07DF9A99F801E2C80EB0 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
18:21:04.0163 4272 swi_service - ok
18:21:04.0193 4272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:21:04.0196 4272 swprv - ok
18:21:04.0236 4272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:21:04.0262 4272 SysMain - ok
18:21:04.0287 4272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:21:04.0322 4272 TabletInputService - ok
18:21:04.0356 4272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:21:04.0369 4272 TapiSrv - ok
18:21:04.0377 4272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:21:04.0394 4272 TBS - ok
18:21:04.0433 4272 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:21:04.0459 4272 Tcpip - ok
18:21:04.0492 4272 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:21:04.0498 4272 TCPIP6 - ok
18:21:04.0516 4272 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:21:04.0523 4272 tcpipreg - ok
18:21:04.0540 4272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:21:04.0548 4272 TDPIPE - ok
18:21:04.0569 4272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:21:04.0576 4272 TDTCP - ok
18:21:04.0600 4272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:21:04.0608 4272 tdx - ok
18:21:04.0620 4272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:21:04.0628 4272 TermDD - ok
18:21:04.0645 4272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:21:04.0652 4272 TermService - ok
18:21:04.0661 4272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:21:04.0663 4272 Themes - ok
18:21:04.0683 4272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:21:04.0685 4272 THREADORDER - ok
18:21:04.0707 4272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:21:04.0710 4272 TrkWks - ok
18:21:04.0731 4272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:21:04.0732 4272 TrustedInstaller - ok
18:21:04.0743 4272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:21:04.0750 4272 tssecsrv - ok
18:21:04.0790 4272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:21:04.0799 4272 TsUsbFlt - ok
18:21:04.0824 4272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:21:04.0832 4272 tunnel - ok
18:21:04.0845 4272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:21:04.0853 4272 uagp35 - ok
18:21:04.0882 4272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:21:04.0894 4272 udfs - ok
18:21:04.0919 4272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:21:04.0921 4272 UI0Detect - ok
18:21:04.0937 4272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:21:04.0944 4272 uliagpkx - ok
18:21:04.0978 4272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:21:04.0986 4272 umbus - ok
18:21:05.0000 4272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:21:05.0008 4272 UmPass - ok
18:21:05.0022 4272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:21:05.0027 4272 upnphost - ok
18:21:05.0044 4272 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:21:05.0051 4272 USBAAPL64 - ok
18:21:05.0075 4272 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:21:05.0083 4272 usbaudio - ok
18:21:05.0110 4272 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:21:05.0118 4272 usbccgp - ok
18:21:05.0137 4272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:21:05.0145 4272 usbcir - ok
18:21:05.0161 4272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:21:05.0168 4272 usbehci - ok
18:21:05.0179 4272 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:21:05.0180 4272 usbhub - ok
18:21:05.0201 4272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:21:05.0208 4272 usbohci - ok
18:21:05.0216 4272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:21:05.0224 4272 usbprint - ok
18:21:05.0235 4272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:21:05.0243 4272 USBSTOR - ok
18:21:05.0258 4272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:21:05.0264 4272 usbuhci - ok
18:21:05.0295 4272 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:21:05.0305 4272 usbvideo - ok
18:21:05.0316 4272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:21:05.0318 4272 UxSms - ok
18:21:05.0327 4272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:21:05.0328 4272 VaultSvc - ok
18:21:05.0331 4272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:21:05.0331 4272 vdrvroot - ok
18:21:05.0355 4272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:21:05.0361 4272 vds - ok
18:21:05.0380 4272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:21:05.0387 4272 vga - ok
18:21:05.0404 4272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:21:05.0412 4272 VgaSave - ok
18:21:05.0432 4272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:21:05.0442 4272 vhdmp - ok
18:21:05.0455 4272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:21:05.0465 4272 viaide - ok
18:21:05.0483 4272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:21:05.0483 4272 volmgr - ok
18:21:05.0496 4272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:21:05.0498 4272 volmgrx - ok
18:21:05.0508 4272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:21:05.0509 4272 volsnap - ok
18:21:05.0534 4272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:21:05.0543 4272 vsmraid - ok
18:21:05.0588 4272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:21:05.0614 4272 VSS - ok
18:21:05.0621 4272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:21:05.0630 4272 vwifibus - ok
18:21:05.0654 4272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:21:05.0658 4272 W32Time - ok
18:21:05.0701 4272 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
18:21:05.0706 4272 W3SVC - ok
18:21:05.0719 4272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:21:05.0726 4272 WacomPen - ok
18:21:05.0740 4272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:21:05.0748 4272 WANARP - ok
18:21:05.0751 4272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:21:05.0751 4272 Wanarpv6 - ok
18:21:05.0774 4272 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
18:21:05.0776 4272 WAS - ok
18:21:05.0819 4272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:21:05.0922 4272 WatAdminSvc - ok
18:21:05.0973 4272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:21:06.0006 4272 wbengine - ok
18:21:06.0021 4272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:21:06.0032 4272 WbioSrvc - ok
18:21:06.0045 4272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:21:06.0098 4272 wcncsvc - ok
18:21:06.0110 4272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:21:06.0120 4272 WcsPlugInService - ok
18:21:06.0131 4272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:21:06.0138 4272 Wd - ok
18:21:06.0162 4272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:21:06.0167 4272 Wdf01000 - ok
18:21:06.0175 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:21:06.0178 4272 WdiServiceHost - ok
18:21:06.0181 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:21:06.0182 4272 WdiSystemHost - ok
18:21:06.0193 4272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:21:06.0205 4272 WebClient - ok
18:21:06.0210 4272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:21:06.0250 4272 Wecsvc - ok
18:21:06.0266 4272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:21:06.0268 4272 wercplsupport - ok
18:21:06.0283 4272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:21:06.0298 4272 WerSvc - ok
18:21:06.0310 4272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:21:06.0317 4272 WfpLwf - ok
18:21:06.0330 4272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:21:06.0337 4272 WIMMount - ok
18:21:06.0342 4272 WinHttpAutoProxySvc - ok
18:21:06.0378 4272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:21:06.0381 4272 Winmgmt - ok
18:21:06.0427 4272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:21:06.0466 4272 WinRM - ok
18:21:06.0504 4272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:21:06.0512 4272 WinUsb - ok
18:21:06.0543 4272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:21:06.0562 4272 Wlansvc - ok
18:21:06.0658 4272 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:21:06.0666 4272 wlidsvc - ok
18:21:06.0681 4272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:21:06.0689 4272 WmiAcpi - ok
18:21:06.0706 4272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:21:06.0708 4272 wmiApSrv - ok
18:21:06.0737 4272 WMPNetworkSvc - ok
18:21:06.0746 4272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:21:06.0755 4272 WPCSvc - ok
18:21:06.0777 4272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:21:06.0780 4272 WPDBusEnum - ok
18:21:06.0788 4272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:21:06.0796 4272 ws2ifsl - ok
18:21:06.0817 4272 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:21:06.0824 4272 WSDPrintDevice - ok
18:21:06.0826 4272 WSearch - ok
18:21:06.0846 4272 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:21:06.0854 4272 WudfPf - ok
18:21:06.0869 4272 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:21:06.0878 4272 WUDFRd - ok
18:21:06.0899 4272 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:21:06.0902 4272 wudfsvc - ok
18:21:06.0918 4272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:21:06.0953 4272 WwanSvc - ok
18:21:06.0956 4272 ================ Scan global ===============================
18:21:06.0973 4272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:21:06.0997 4272 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:21:07.0004 4272 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:21:07.0026 4272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:21:07.0036 4272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:21:07.0038 4272 [Global] - ok
18:21:07.0039 4272 ================ Scan MBR ==================================
18:21:07.0043 4272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:21:07.0189 4272 \Device\Harddisk0\DR0 - ok
18:21:07.0190 4272 ================ Scan VBR ==================================
18:21:07.0192 4272 [ 87C6AB0AB826D98A6E88EA5B41A80021 ] \Device\Harddisk0\DR0\Partition1
18:21:07.0193 4272 \Device\Harddisk0\DR0\Partition1 - ok
18:21:07.0230 4272 [ 1F8742E1184B3C3AC01B5F98232675A9 ] \Device\Harddisk0\DR0\Partition2
18:21:07.0231 4272 \Device\Harddisk0\DR0\Partition2 - ok
18:21:07.0233 4272 ============================================================
18:21:07.0233 4272 Scan finished
18:21:07.0233 4272 ============================================================
18:21:07.0238 2328 Detected object count: 0
18:21:07.0238 2328 Actual detected object count: 0
Majawba
join:2012-09-26
Brockton, MA

Majawba

Member

NEW eset log. I had the uninstall button checked and it stole my log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6acf8a5fe6f3a84e879cd9986598fd70
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-26 11:49:42
# local_time=2012-09-26 07:49:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 0 100242151 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16774141 50 96 42235284 80197070 0 0
# scanned=214301
# found=0
# cleaned=0
# scan_time=4681

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to Majawba

MVM

to Majawba

Re: [Virus] My browsers were Hijacked

Thanks for the TDSS and ESET logs. Nothing in TDSS but with a mention of ZeroAcess in MBAM, I want to check further.

Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.
Majawba
join:2012-09-26
Brockton, MA

Majawba

Member

ComboFix 12-09-27.03 - Steve 09/27/2012 18:16:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8055.6674 [GMT -4:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Steve\AppData\Roaming\log.txt
c:\users\Steve\AppData\Roaming\mIRC\logs\status.log
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 22:27 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3341AC26-AC2F-4A68-95F2-8793CE7A4CFA}\mpengine.dll
2012-09-27 11:32 . 2012-09-27 11:32 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia
2012-09-26 21:45 . 2012-09-26 21:45 -------- d-----w- c:\users\Steve\AppData\Roaming\QuickScan
2012-09-26 10:54 . 2012-09-26 10:54 -------- d-----w- c:\program files (x86)\ESET
2012-09-26 02:51 . 2012-09-26 02:51 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-09-26 02:50 . 2012-09-26 02:50 -------- d-----w- c:\programdata\Malwarebytes
2012-09-26 02:50 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 02:50 . 2012-09-26 02:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 01:12 . 2012-09-26 02:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-26 01:12 . 2012-09-26 01:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-25 22:46 . 2012-09-25 22:46 -------- d-----w- c:\program files (x86)\TRENDnet
2012-09-25 05:43 . 2012-09-25 05:43 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-09-25 05:42 . 2012-09-25 05:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-25 05:42 . 2012-09-25 05:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-24 01:38 . 2012-09-24 01:38 -------- d-----w- c:\users\Steve\AppData\Local\Risen2
2012-09-24 01:38 . 2012-09-24 01:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-23 21:22 . 2012-09-23 21:35 -------- d-----w- c:\users\Steve\AppData\Roaming\Dynamite Jack
2012-09-23 13:19 . 2012-09-23 13:19 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-09-23 13:01 . 2012-09-23 17:06 -------- d-----w- c:\users\Steve\AppData\Roaming\uqm
2012-09-23 13:01 . 2012-09-23 13:40 -------- d-----w- c:\program files (x86)\The Ur-Quan Masters
2012-09-22 22:31 . 2012-09-22 22:31 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcCE09.tmp
2012-09-22 22:28 . 2012-09-22 22:28 -------- d-----w- c:\users\Steve\AppData\Local\Windows Live
2012-09-22 20:25 . 2012-09-22 20:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-22 01:00 . 2012-09-22 01:00 -------- d-----w- c:\users\Steve\AppData\Local\Mozilla
2012-09-22 01:00 . 2012-09-25 22:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-12 00:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 00:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 00:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 00:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 00:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 00:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 00:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-05 07:00 . 2012-09-05 07:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-05 07:00 . 2012-09-05 07:00 -------- d-----r- c:\program files (x86)\Skype
2012-08-30 04:16 . 2012-08-30 04:16 -------- d-----w- c:\users\Steve\AppData\Roaming\Subversion
2012-08-30 03:58 . 2012-08-30 03:58 -------- d-----w- c:\users\Steve\AppData\Roaming\fltk.org
2012-08-30 03:58 . 2012-08-30 03:58 -------- d-----w- c:\programdata\fltk.org
2012-08-30 03:56 . 2012-08-30 04:20 -------- d-----w- c:\users\Steve\AppData\Roaming\flightgear.org
2012-08-30 03:56 . 2012-08-30 03:56 -------- d-----w- c:\programdata\flightgear.org
2012-08-30 03:56 . 2012-08-30 03:56 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-08-30 03:56 . 2012-08-30 03:56 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-08-30 03:56 . 2012-08-30 03:56 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-30 03:56 . 2012-08-30 03:56 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-08-30 03:56 . 2012-08-30 03:56 -------- d-----w- c:\program files (x86)\OpenAL
2012-08-30 03:54 . 2012-09-03 19:50 -------- d-----w- c:\program files\FlightGear
2012-08-30 03:32 . 2012-09-05 14:38 -------- d-----w- c:\programdata\Yahoo!
2012-08-30 03:32 . 2012-09-05 14:38 -------- d-----w- c:\program files (x86)\Yahoo!
2012-08-29 08:02 . 2012-08-29 08:02 -------- d-----w- c:\users\Steve\AppData\Local\Chromium
2012-08-29 07:25 . 2012-08-29 07:25 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-08-29 07:24 . 2012-08-29 07:24 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-29 07:24 . 2012-08-29 07:24 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-08-29 06:37 . 2012-08-29 08:01 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-08-29 06:37 . 2012-08-29 06:37 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 11:00 . 2012-04-01 14:06 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 11:00 . 2011-06-02 10:23 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 16:58 . 2011-10-28 23:03 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-15 16:58 . 2011-08-21 23:03 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-15 16:58 . 2011-08-21 23:03 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-12 02:11 . 2011-05-12 17:37 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-29 19:35 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-08-29 19:35 . 2009-08-18 15:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-31 02:25 . 2011-08-21 23:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-30 15:56 . 2011-10-26 10:22 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-07-18 18:15 . 2012-08-14 17:18 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-14 17:19 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 17:19 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 17:19 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 17:19 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-25 5664640]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-10 1353080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 250288]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Steve\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 36208]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-05-12 38536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-03-03 25608]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-11-18 16384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-03-03 141304]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-07-23 162032]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-14 97520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-06-14 1530608]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:00]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 23:30]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 23:30]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-943956546-1219100726-2847664145-1002Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-943956546-1219100726-2847664145-1002UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} - hxxp://192.168.1.107/UltraCamX.cab
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\1ykjuzrp.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-09-27 19:38:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-27 23:38
.
Pre-Run: 499,645,067,264 bytes free
Post-Run: 499,558,674,432 bytes free
.
- - End Of File - - 4E28F5181EFF16CB67B9952A1CB9E6DA

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to Majawba

MVM

to Majawba
Both the TDSS and Combofix logs show no sign of a Zero Access trojan. MBAM seems to have removed it.

Are you still being redirected?

Are there any other issues not resolved?
Majawba
join:2012-09-26
Brockton, MA

1 recommendation

Majawba

Member

Everything appears to be fine. Thank you so much everyone!

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to Majawba

MVM

to Majawba
Time for cleanup...

First:
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start, then Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

(Note: There is a SPACE between ComboFix and /uninstall)


Second:

Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.