Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Olmarik.tdl4 trojan, please help! [Solved]

Started by Broll , Jul 30 2012 12:38 AM

  • This topic is locked This topic is locked

#1
Broll
Posted 30 July 2012 - 12:38 AM

Broll

    Member

  • Member
  • PipPip
  • 11 posts
Hey, guys.
So today, I started to experience some nasty symptoms of a virus.
My computer rebooted randomly after running unusually sluggish all day.
Upon rebooting, ESET did it's normal startup scan and reported a Win32/Olmarik.tdl4 trojan was on my computer and ESET couldn't remove it.
In addition to the random rebooting, my computer is constantly flooding me with crash reports that say: winrscmde has stopped working as a result of an APPCRASH in svchost.exe. Upon viewing my system processses, a svchost.exe is constantly taking up a LARGE portion of my memory. I've never noticed this before. I've done some googling around on this virus, and it looks pretty nasty. I'd appreciate any help you guys could give, I'd like to avoid having to do a wipe and reload, but I understand if that is necessary.

I'm running Windows Vista SP2 all windows updates downloaded.


I downloaded OTL as instructed, ran the quick scan, and here is the log: [this scan took a long time!][/size]
OTL logfile created on: 7/30/2012 1:24:01 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Davis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.19% Memory free
8.19 Gb Paging File | 6.60 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 228.40 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 3.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 4.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 605.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1015.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.47 Gb Total Space | 3.29 Gb Free Space | 44.07% Space Free | Partition Type: FAT32

Computer Name: DAVIS-PC | User Name: Davis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 01:22:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
PRC - [2012/07/21 20:42:41 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/18 22:53:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/01 20:56:15 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Davis\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/07/08 18:53:24 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/13 08:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/01/18 12:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
PRC - [2010/01/18 12:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 01:03:02 | 001,169,408 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._core_.pyd
MOD - [2012/07/30 01:03:02 | 001,018,368 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\windows._cacheinvalidation.pyd
MOD - [2012/07/30 01:03:02 | 000,792,576 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._gdi_.pyd
MOD - [2012/07/30 01:03:02 | 000,731,136 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._misc_.pyd
MOD - [2012/07/30 01:03:02 | 000,645,120 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_ssl.pyd
MOD - [2012/07/30 01:03:02 | 000,571,392 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\pysqlite2._sqlite.pyd
MOD - [2012/07/30 01:03:02 | 000,354,304 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\pythoncom26.dll
MOD - [2012/07/30 01:03:02 | 000,263,168 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32com.shell.shell.pyd
MOD - [2012/07/30 01:03:02 | 000,153,088 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\pyexpat.pyd
MOD - [2012/07/30 01:03:02 | 000,110,592 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\PyWinTypes26.dll
MOD - [2012/07/30 01:03:02 | 000,096,256 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32api.pyd
MOD - [2012/07/30 01:03:02 | 000,086,016 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_elementtree.pyd
MOD - [2012/07/30 01:03:02 | 000,073,728 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_ctypes.pyd
MOD - [2012/07/30 01:03:02 | 000,070,656 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._html2.pyd
MOD - [2012/07/30 01:03:02 | 000,040,448 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_socket.pyd
MOD - [2012/07/30 01:03:02 | 000,036,352 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32process.pyd
MOD - [2012/07/30 01:03:02 | 000,022,528 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32pdh.pyd
MOD - [2012/07/30 01:03:02 | 000,011,776 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32crypt.pyd
MOD - [2012/07/30 01:03:01 | 000,311,808 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_hashlib.pyd
MOD - [2012/07/30 01:02:47 | 000,807,424 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._windows_.pyd
MOD - [2012/07/30 01:02:30 | 001,056,256 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._controls_.pyd
MOD - [2012/07/30 01:02:30 | 000,121,856 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._wizard.pyd
MOD - [2012/07/30 01:02:30 | 000,111,104 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32file.pyd
MOD - [2012/07/30 01:02:30 | 000,039,424 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32inet.pyd
MOD - [2012/07/30 01:02:29 | 000,585,728 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\unicodedata.pyd
MOD - [2012/07/30 01:02:29 | 000,017,920 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32event.pyd
MOD - [2012/07/30 01:02:28 | 000,011,776 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\select.pyd
MOD - [2012/07/18 22:53:19 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/18 21:20:29 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/01/18 12:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
MOD - [2010/01/18 12:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
MOD - [2009/12/16 12:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/12/16 12:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
MOD - [2009/11/26 03:49:41 | 000,086,180 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/06/22 08:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 08:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 08:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 08:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 08:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 08:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 08:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 08:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 12:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
MOD - [2009/02/20 03:50:18 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsmr.dll
MOD - [2009/02/20 03:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/07 16:09:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device)
SRV:64bit: - [2010/01/07 16:09:33 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/18 22:53:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/08 18:53:24 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/07 16:09:33 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2010/01/07 16:09:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dleacoms.exe -- (dlea_device)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/11 10:41:34 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/01/20 21:49:04 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008/01/20 21:47:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\irsir.sys -- (irsir)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/03/12 04:11:00 | 000,320,512 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys -- (netr7364)
DRV:64bit: - [2007/02/23 14:56:54 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV:64bit: - [2006/10/02 21:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Davis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/11/25 16:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 22:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 12:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/25 16:46:47 | 000,000,000 | ---D | M]

[2011/03/05 19:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davis\AppData\Roaming\Mozilla\Extensions
[2012/05/03 20:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions
[2011/03/08 19:45:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/12 15:02:31 | 000,000,000 | ---D | M] (Diccionario de EspaƱol/EspaƱa) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions\[email protected]
[2012/06/21 14:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/18 22:53:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/29 00:06:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/21 14:13:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/21 14:13:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Davis\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9827CD4C-F3B5-4EBE-8660-B764670D7EDD}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5C296B4-7A12-4D41-A4A9-C8EB44068A9E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B56CD4B2-F36F-46D7-8B86-F4F9121F4A94}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/27 08:57:55 | 000,221,184 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/11/08 16:14:07 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/12/25 17:37:16 | 000,005,022 | R--- | M] () - D:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2011/07/14 12:36:25 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/08/19 13:05:30 | 000,000,054 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003/02/04 15:14:13 | 000,000,183 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/04/10 04:44:31 | 000,000,077 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1c2db39c-479b-11e0-b8df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c2db39c-479b-11e0-b8df-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2006/11/27 08:57:55 | 000,221,184 | R--- | M] ()
O33 - MountPoints2\{355b33f5-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33f5-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/01/17 13:42:14 | 000,335,992 | R--- | M] (2K Sports)
O33 - MountPoints2\{355b33f9-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33f9-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011/09/02 19:29:01 | 000,217,256 | R--- | M] (2K Sports)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2003/02/04 15:22:15 | 002,392,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\directx\command - "" = G:\DIRECTX\DXSETUP.EXE -- [2003/02/04 15:14:37 | 000,461,824 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\setup\command - "" = G:\SETUP.EXE -- [2003/02/04 15:22:15 | 002,392,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fb-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33fb-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = H:\BvsC_Setup.exe -- [2011/04/10 04:27:11 | 955,210,224 | R--- | M] (Zuxxez Entertainment )
O33 - MountPoints2\{b3576a09-ea24-11e0-9d33-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{b3576a09-ea24-11e0-9d33-001fe25350c2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 01:23:33 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
[2012/07/27 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\tobewavd
[2012/07/26 16:06:42 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\m01acutscenes
[2012/07/26 14:47:12 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\fontconfig
[2012/07/26 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\gegl-0.2
[2012/07/26 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Davis\.gimp-2.8
[2012/07/26 14:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP 2
[2012/07/26 14:31:15 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\UtfEditor
[2012/07/26 14:10:29 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\Goblin's Inferno
[2012/07/21 20:39:10 | 000,000,000 | --SD | C] -- C:\Users\Davis\Google Drive
[2012/07/21 20:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/07/21 20:37:27 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\Google
[2012/07/21 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/20 01:18:05 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\FL Tools
[2012/07/19 00:26:19 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\saves
[2012/07/16 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2012/07/16 21:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2012/07/16 17:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/07/10 00:12:58 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Age of Empires III Napoleonic Era
[2012/07/10 00:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III Napoleonic Era
[2012/07/10 00:12:26 | 001,113,600 | ---- | C] (©citybuilders®) -- C:\Windows\SysWow64\Age3NEUnInst.exe
[2012/07/09 02:46:55 | 000,034,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/07/09 02:46:54 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/07/09 02:46:54 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2012/07/09 02:46:48 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/07/09 02:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/07/09 02:44:21 | 001,236,992 | ---- | C] (crea-doo) -- C:\Users\Davis\Desktop\aoe3loader.exe
[2005/01/13 15:47:42 | 000,061,440 | ---- | C] (none) -- C:\Program Files (x86)\mdMod1.dll
[2004/07/28 19:43:27 | 000,024,576 | ---- | C] (none) -- C:\Program Files (x86)\EnDeCrypt.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 01:22:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
[2012/07/30 01:16:38 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 01:16:38 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 01:16:38 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 01:10:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 01:02:52 | 000,000,857 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2012/07/30 01:01:56 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 01:01:56 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 01:01:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 00:46:59 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 15:23:08 | 000,002,213 | ---- | M] () -- C:\Users\Davis\AppData\Local\recently-used.xbel
[2012/07/26 14:46:20 | 000,000,922 | ---- | M] () -- C:\Users\Davis\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012/07/26 14:14:09 | 000,008,704 | ---- | M] () -- C:\Users\Davis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 15:55:53 | 518,337,599 | ---- | M] () -- C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
[2012/07/22 01:17:29 | 000,008,756 | ---- | M] () -- C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
[2012/07/21 20:39:11 | 000,001,504 | ---- | M] () -- C:\Users\Davis\Desktop\Google Drive.lnk
[2012/07/19 00:49:03 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/07/17 14:25:34 | 000,377,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 22:37:50 | 003,269,778 | ---- | M] () -- C:\Users\Davis\Desktop\EXE.rar
[2012/07/09 02:46:44 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/07/01 20:13:14 | 000,000,248 | ---- | M] () -- C:\Windows\w32demo8.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/26 15:23:08 | 000,002,213 | ---- | C] () -- C:\Users\Davis\AppData\Local\recently-used.xbel
[2012/07/26 14:46:20 | 000,000,922 | ---- | C] () -- C:\Users\Davis\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012/07/25 15:23:34 | 518,337,599 | ---- | C] () -- C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
[2012/07/22 01:17:29 | 000,008,756 | ---- | C] () -- C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
[2012/07/21 20:39:11 | 000,001,504 | ---- | C] () -- C:\Users\Davis\Desktop\Google Drive.lnk
[2012/07/21 20:37:32 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 20:37:31 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 00:49:03 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/07/12 22:33:48 | 003,269,778 | ---- | C] () -- C:\Users\Davis\Desktop\EXE.rar
[2012/07/09 02:46:42 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/01 20:12:47 | 000,000,248 | ---- | C] () -- C:\Windows\w32demo8.ini
[2012/06/26 00:15:59 | 005,309,465 | ---- | C] () -- C:\Users\Davis\DSCN1884.JPG
[2012/06/22 00:58:19 | 000,019,068 | ---- | C] () -- C:\Users\Davis\obviously.jpg
[2012/06/21 21:17:47 | 003,269,071 | ---- | C] () -- C:\Users\Davis\EXE.rar
[2012/06/12 17:56:03 | 000,004,246 | ---- | C] () -- C:\Users\Davis\account.jpg
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/22 16:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/11/25 00:58:35 | 000,001,164 | ---- | C] () -- C:\Windows\eReg.dat
[2011/09/27 22:25:22 | 000,008,704 | ---- | C] () -- C:\Users\Davis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 18:53:24 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2011/07/08 18:53:24 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2011/07/08 18:53:24 | 000,000,857 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2011/05/21 11:29:24 | 000,000,061 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/10 16:50:03 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/22 14:09:18 | 000,003,388 | ---- | C] () -- C:\Users\Davis\AppData\Roaming\glide_wrapper.zbag.ini
[2011/04/07 23:10:28 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2011/04/07 23:10:28 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2011/04/07 23:10:28 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2011/04/07 23:10:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2011/04/07 23:10:27 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2011/04/07 23:10:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2011/04/07 23:10:27 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2011/04/07 23:10:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2011/04/07 23:10:26 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2011/04/07 23:10:26 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2011/04/07 23:10:26 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2011/04/07 23:10:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2011/04/07 23:10:25 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2011/04/07 23:10:25 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2011/04/07 23:10:24 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2011/04/07 23:10:24 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2011/04/07 23:10:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2011/04/07 23:10:23 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2011/04/07 23:10:23 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2011/04/07 23:10:23 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2011/04/07 23:10:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2011/04/07 23:10:22 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2011/04/07 23:09:39 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2011/04/07 23:09:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2011/04/02 18:41:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/27 14:34:10 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2011/03/27 14:34:09 | 000,042,035 | ---- | C] () -- C:\Windows\unins000.dat
[2011/03/06 19:43:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/06 19:42:36 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/06 19:42:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/03/06 19:42:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/03/06 00:38:16 | 000,000,298 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/03/05 20:12:44 | 000,001,356 | ---- | C] () -- C:\Users\Davis\AppData\Local\d3d9caps.dat
[2011/03/05 19:48:52 | 000,000,732 | ---- | C] () -- C:\Users\Davis\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2012/04/04 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\2K Sports
[2012/07/30 01:14:09 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\BitTorrent
[2012/02/20 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/22 16:47:24 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Leadertech
[2011/07/16 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\LucasArts
[2011/07/02 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Out of the Park Developments
[2011/05/21 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\PopCapv1002
[2012/02/01 20:55:57 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\SanDisk
[2011/11/26 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\SystemRequirementsLab
[2012/04/13 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Vulture
[2012/07/30 01:10:46 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8776F88E

< End of report >

There was also another log file the program created that had more information [extras.txt], just let me know if I need to post that log as well.
Thanks in advance for your help, guys.
  • 0

Advertisements

#2
Essexboy
Posted 30 July 2012 - 07:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if this programme will run

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#3
Broll
Posted 30 July 2012 - 11:48 AM

Broll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you for replying so quickly!

I downloaded the program, and saved it to my desktop as requested.
Upon attempting to run the program, I got an instant APPCRASH. Crash log is as follows:

Problem signature:
Problem Event Name: APPCRASH
Application Name: tdsskiller.exe
Application Version: 2.7.48.0
Application Timestamp: 500e6800
Fault Module Name: StackHash_9d13
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 750ca57d
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 9d13
Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8
Additional Information 3: 9d13
Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8

ESET has also alerted me to an "Olmarik.axy" trojan.
It reports to me this morning that Olmarik.axy AND Olmarik.tdl4 are in both the operating memory and boot sector of my computer.
  • 0

#4
Essexboy
Posted 30 July 2012 - 11:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I had a feeling that would happen

First I need to confirm my suspicions

Please download the following tool

Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Posted Image


Once that has run could you reboot to safe mode :

Restart the computer and immediately press and hold F8
On the menu that appears is there an option called "Repair my Computer"
If not do you have the Windows CD
If no CD could you burn a CD if I give you the link... You will also need a USB drive

Then reboot to normal windows
  • 0

#5
Broll
Posted 30 July 2012 - 12:01 PM

Broll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ListParts by Farbar Version: 25-07-2012
Ran by Davis (administrator) on 30-07-2012 at 12:57:19
Windows Vista (X64)
Running From: C:\Users\Davis\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 53%
Total physical RAM: 4094.27 MB
Available physical RAM: 1905.93 MB
Total Pagefile: 8393.76 MB
Available Pagefile: 6289.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 4015.77 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:228.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive d: (MAELSTROM) (CDROM) (Total:3.5 GB) (Free:0 GB) CDFS
4 Drive e: (MLB_2K12) (CDROM) (Total:4.62 GB) (Free:0 GB) CDFS
5 Drive f: (NBA 2K12) (CDROM) (Total:7.1 GB) (Free:0 GB) UDF
6 Drive g: (FL_v1) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
7 Drive h: (BvsC) (CDROM) (Total:0.99 GB) (Free:0 GB) CDFS
8 Drive i: (DAVIS S) (Removable) (Total:7.47 GB) (Free:3.29 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 Online 7658 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 932 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7656 MB 22 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I DAVIS S FAT32 Removable 7656 MB Healthy

======================================================================================================

****** End Of Log ******

I am now going to restart in Safe Mode and attempt a "Repair my Computer" option. If that's not there, I don't have the windows disk on me [though I could get it within the week if that's necessary], however I do have a USB Drive and several blank CD-R's.
  • 0

#6
Essexboy
Posted 30 July 2012 - 12:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you have a 4GB USB we can work from that
  • 0

#7
Broll
Posted 30 July 2012 - 12:19 PM

Broll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
There was alot of 'system restore' options but no "repair" option anywhere.

I have an 8 gig [about 7.4 GB in reality]
I'm using quite a bit of it's space [only about 3.4 GB free] but I can copy things off for the time being as we fix this.
  • 0

#8
Essexboy
Posted 30 July 2012 - 12:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will need to empty the drive completely as I will use it all for the recovery console and FRST

Download the following three programmes to your desktop :

1. WiNTobootic
2. Windows Vista 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 4GB
Run Wintoboot

Posted Image

Drag and drop the Windows Vista ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#9
Broll
Posted 30 July 2012 - 01:27 PM

Broll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the resulting log as requested.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 14:16:40
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2010-01-18] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2010-01-18] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Davis\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\Davis\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [6379888 2012-05-19] (BitTorrent, Inc.)
HKU\Davis\...\Run: [SansaDispatch] C:\Users\Davis\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2012-02-01] (SanDisk Corporation)
HKU\Davis\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Test\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Startup: C:\Users\Davis\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Services (Whitelisted) ======

2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [33448 2010-01-07] ()
2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1052328 2010-01-07] ( )
2 dlea_device; C:\Windows\SysWow64\dleacoms.exe -service [598696 2010-01-07] ( )
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 Irmon; C:\Windows\System32\irmon.dll [22016 2006-11-02] (Microsoft Corporation)
2 LicCtrlService; C:\Windows\runservice.exe [2560 2011-07-08] ()
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
2 irda; C:\Windows\System32\Drivers\irda.sys [119296 2008-01-20] (Microsoft Corporation)
3 irsir; C:\Windows\System32\Drivers\irsir.sys [27648 2008-01-20] (Microsoft Corporation)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2012-04-02] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2012-04-02] (LogMeIn, Inc.)
3 netr7364; C:\Windows\System32\DRIVERS\WUSB54GCx64.sys [320512 2007-03-12] (Ralink Technology Inc.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 OlmarikFixer; C:\Windows\System32\Drivers\OlmarikFixer.sys [29000 2012-07-29] (ESET)
3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-02-23] (Generic)
3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
4 LMIRfsClientNP; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-30 14:16 - 2012-07-30 14:16 - 00000000 ____D C:\FRST
2012-07-30 11:03 - 2012-07-30 11:03 - 155750400 ____A C:\Users\Davis\Desktop\RepairDiscWindowsVista64-bit.iso
2012-07-30 11:02 - 2012-07-30 10:54 - 01438391 ____A (Farbar) C:\Users\Davis\Desktop\FRST64.exe
2012-07-30 10:53 - 2012-07-30 11:03 - 155750400 ____A C:\Users\Davis\Downloads\RepairDiscWindowsVista64-bit.iso
2012-07-30 10:53 - 2012-07-30 10:54 - 01438391 ____A (Farbar) C:\Users\Davis\Downloads\FRST64.exe
2012-07-30 10:53 - 2012-07-30 10:52 - 00621056 ____A C:\Users\Davis\Desktop\WiNToBootic.exe
2012-07-30 10:52 - 2012-07-30 10:52 - 00621056 ____A C:\Users\Davis\Downloads\WiNToBootic.exe
2012-07-30 10:44 - 2012-07-30 10:48 - 00000000 ____D C:\Users\Davis\Desktop\Flash Drive Backup
2012-07-30 09:57 - 2012-07-30 09:57 - 00002794 ____A C:\Users\Davis\Desktop\Result.txt
2012-07-30 09:57 - 2012-07-30 09:56 - 00306999 ____A (Farbar) C:\Users\Davis\Desktop\ListParts.exe
2012-07-30 09:56 - 2012-07-30 09:56 - 00306999 ____A (Farbar) C:\Users\Davis\Downloads\ListParts.exe
2012-07-30 09:45 - 2012-07-30 09:42 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Davis\Desktop\tdsskiller.exe
2012-07-30 09:42 - 2012-07-30 09:42 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Davis\Downloads\tdsskiller.exe
2012-07-29 22:57 - 2012-07-29 22:57 - 02704432 ____A (ESET) C:\Users\Davis\Downloads\ERARemover_x64.exe
2012-07-29 22:55 - 2012-07-29 22:55 - 00348704 ____A (ESET spol. s r.o.) C:\Users\Davis\Downloads\EOlmarikRemover.exe
2012-07-29 22:55 - 2012-07-29 22:55 - 00140768 ____A (ESET spol. s r.o.) C:\Users\Davis\Downloads\EOlmarikTdl4Cleaner(1).exe
2012-07-29 22:54 - 2012-07-29 22:54 - 00029000 ____A (ESET) C:\Windows\System32\Drivers\OlmarikFixer.sys
2012-07-29 22:52 - 2012-07-29 22:52 - 00140768 ____A (ESET spol. s r.o.) C:\Users\Davis\Downloads\EOlmarikTdl4Cleaner.exe
2012-07-29 22:30 - 2012-07-29 22:30 - 00094456 ____A C:\Users\Davis\Desktop\Extras.Txt
2012-07-29 22:29 - 2012-07-29 22:29 - 00079784 ____A C:\Users\Davis\Desktop\OTL.Txt
2012-07-29 22:23 - 2012-07-29 22:22 - 00597504 ____A (OldTimer Tools) C:\Users\Davis\Desktop\OTL.exe
2012-07-29 22:22 - 2012-07-29 22:22 - 00597504 ____A (OldTimer Tools) C:\Users\Davis\Downloads\OTL.exe
2012-07-29 22:02 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-27 13:40 - 2012-07-27 13:48 - 37306499 ____A C:\Users\Davis\Downloads\Goblin'sInfernoBDmod.rar
2012-07-27 12:03 - 2012-07-27 13:49 - 00000000 ____D C:\Users\Davis\Desktop\tobewavd
2012-07-26 13:06 - 2012-07-26 13:08 - 00000000 ____D C:\Users\Davis\Desktop\m01acutscenes
2012-07-26 12:23 - 2012-07-26 12:23 - 00002213 ____A C:\Users\Davis\AppData\Local\recently-used.xbel
2012-07-26 11:47 - 2012-07-26 12:23 - 00000000 ____D C:\Users\Davis\.gimp-2.8
2012-07-26 11:47 - 2012-07-26 11:47 - 00000000 ____D C:\Users\Davis\AppData\Local\gegl-0.2
2012-07-26 11:46 - 2012-07-26 11:46 - 00000898 ____A C:\Users\Public\Desktop\GIMP 2.lnk
2012-07-26 11:45 - 2012-07-26 11:46 - 00000000 ____D C:\Program Files (x86)\GIMP 2
2012-07-26 11:37 - 2012-07-26 11:42 - 76225536 ____A (The GIMP Team ) C:\Users\Davis\Downloads\gimp-2.8.0-setup(1).exe
2012-07-26 11:34 - 2012-07-26 11:36 - 27899511 ____A (The GIMP Team ) C:\Users\Davis\Downloads\gimp-2.8.0-setup.exe
2012-07-26 11:31 - 2012-07-26 11:31 - 00278142 ____A C:\Users\Davis\Downloads\utf_editorv1_0_0_4.zip
2012-07-26 11:31 - 2012-07-26 11:31 - 00000000 ____D C:\Users\Davis\Desktop\UtfEditor
2012-07-26 11:22 - 2012-07-26 11:22 - 00007659 ____A C:\Users\Davis\Downloads\FlColors.zip
2012-07-26 11:10 - 2012-07-26 12:34 - 00000000 ____D C:\Users\Davis\Desktop\Goblin's Inferno
2012-07-25 19:00 - 2012-07-25 19:00 - 03005956 ____A (Microsoft Corporation) C:\Users\Davis\Downloads\Freelancer(1)
2012-07-25 12:23 - 2012-07-25 12:55 - 518337599 ____A C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
2012-07-23 13:41 - 2012-07-23 16:08 - 00039322 ____A C:\Users\Davis\Desktop\article.txt
2012-07-21 22:17 - 2012-07-21 22:17 - 00008756 ____A C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
2012-07-21 17:39 - 2012-07-30 10:08 - 00000000 ___SD C:\Users\Davis\Google Drive
2012-07-21 17:39 - 2012-07-21 17:39 - 00001504 ____A C:\Users\Davis\Desktop\Google Drive.lnk
2012-07-21 17:38 - 2012-07-21 17:38 - 00000000 ____D C:\Users\Davis\AppData\LocalGoogle
2012-07-21 17:37 - 2012-07-30 10:47 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-21 17:37 - 2012-07-30 10:07 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-21 17:37 - 2012-07-21 17:38 - 00000000 ____D C:\Users\Davis\AppData\Local\Google
2012-07-21 17:37 - 2012-07-21 17:38 - 00000000 ____D C:\Program Files (x86)\Google
2012-07-21 17:36 - 2012-07-21 17:36 - 00740104 ____A (Google Inc.) C:\Users\Davis\Downloads\googledrivesync.exe
2012-07-20 22:31 - 2012-07-20 22:31 - 00016198 ____A C:\Users\Davis\Downloads\ku06.ini
2012-07-20 22:30 - 2012-07-20 22:30 - 00160517 ____A C:\Users\Davis\Downloads\goblins_inferno[loadouts-ships-weps-npcdiff].rar
2012-07-20 22:30 - 2012-07-20 22:30 - 00078760 ____A C:\Users\Davis\Downloads\ryuku.rar
2012-07-20 22:30 - 2012-07-20 22:30 - 00002307 ____A C:\Users\Davis\Downloads\mpnewcharacter.fl
2012-07-19 22:18 - 2012-07-19 22:19 - 00000000 ____D C:\Users\Davis\Desktop\FL Tools
2012-07-19 22:08 - 2012-07-19 22:17 - 156252543 ____A C:\Users\Davis\Downloads\FL_Tools.rar
2012-07-18 21:49 - 2012-07-18 21:49 - 00002058 ____A C:\Users\Public\Desktop\Freelancer.lnk
2012-07-18 21:26 - 2012-07-24 23:33 - 00000000 ____D C:\Users\Davis\Desktop\saves
2012-07-18 14:48 - 2012-07-18 14:48 - 00679434 ____A C:\Users\Davis\Downloads\flgls_workaround_v10(1).zip
2012-07-18 14:47 - 2012-07-18 14:47 - 01657440 ____A (Microsoft Corp.) C:\Users\Davis\Downloads\flpatch(1).exe
2012-07-16 15:38 - 2012-07-16 17:28 - 1961163987 ____A (SWAT-Portal) C:\Users\Davis\Downloads\Crossfire19.exe
2012-07-16 14:19 - 2012-07-16 14:19 - 00000000 ____D C:\Users\All Users\WindowsSearch
2012-07-16 13:40 - 2012-07-16 13:40 - 00060132 ____A C:\Users\Davis\Downloads\ProcyonUpdater.exe
2012-07-16 13:39 - 2012-07-16 13:40 - 03968337 ____A C:\Users\Davis\Downloads\ProcyonHook_1_45_Final(1).exe
2012-07-12 19:33 - 2012-07-12 19:37 - 03269778 ____A C:\Users\Davis\Desktop\EXE.rar
2012-07-12 16:42 - 2012-07-12 16:42 - 00038729 ____A C:\Users\Davis\Downloads\ku07.ini
2012-07-10 23:47 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 13:05 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 13:05 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 13:05 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 13:05 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 13:05 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 13:05 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 13:05 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 13:05 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 13:05 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 13:05 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 13:04 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 13:04 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 13:04 - 2012-04-23 08:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-10 13:04 - 2012-04-23 08:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-10 13:04 - 2012-04-23 08:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-10 13:04 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-10 13:04 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-10 13:04 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-09 21:12 - 2012-07-09 21:12 - 00001275 ____A C:\Users\UpdatusUser\Desktop\Age of Empires III Napoleonic Era.lnk
2012-07-09 21:12 - 2006-09-27 08:07 - 01113600 ____A (©citybuilders®) C:\Windows\SysWOW64\Age3NEUnInst.exe
2012-07-08 23:46 - 2012-07-09 00:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2012-07-08 23:46 - 2012-07-08 23:46 - 00001024 ____A C:\.rnd
2012-07-08 23:46 - 2012-05-11 07:41 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-08 23:46 - 2012-05-11 07:41 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-08 23:46 - 2012-05-11 07:41 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-08 23:46 - 2012-04-02 09:17 - 00072216 ____A (LogMeIn, Inc.) C:\Windows\System32\Drivers\LMIRfsDriver.sys
2012-07-08 23:44 - 2012-07-08 23:45 - 16151040 ____A C:\Users\Davis\Downloads\LogMeIn.msi
2012-07-08 23:44 - 2008-09-16 07:08 - 01236992 ____A (crea-doo) C:\Users\Davis\Desktop\aoe3loader.exe
2012-07-08 23:41 - 2012-07-08 23:41 - 00281336 ____A C:\Users\Davis\Downloads\aoe3loader.zip
2012-07-08 20:07 - 2012-07-08 20:09 - 20939707 ____A C:\Users\Davis\Downloads\strat obj turky russ normal_0001.zip
2012-07-08 20:07 - 2012-07-08 20:07 - 00661079 ____A C:\Users\Davis\Downloads\The_Kharlan_Tournament.zip
2012-07-08 20:07 - 2012-07-08 20:07 - 00589036 ____A C:\Users\Davis\Downloads\gettys.zip
2012-07-08 20:07 - 2012-07-08 20:07 - 00417975 ____A C:\Users\Davis\Downloads\Alamo_0001.zip
2012-07-08 20:06 - 2012-07-08 20:08 - 11191464 ____A C:\Users\Davis\Downloads\Strategic Objectives - Death Valley V2.zip
2012-07-08 20:06 - 2012-07-08 20:07 - 10144806 ____A C:\Users\Davis\Downloads\Geronimo.zip
2012-07-08 20:06 - 2012-07-08 20:07 - 04016140 ____A C:\Users\Davis\Downloads\Conquest of Constantinople_0001.zip
2012-07-08 20:06 - 2012-07-08 20:06 - 01324162 ____A C:\Users\Davis\Downloads\Jail Break.zip
2012-07-08 20:06 - 2012-07-08 20:06 - 00743904 ____A C:\Users\Davis\Downloads\Operation Overlord_0001.zip
2012-07-08 20:01 - 2012-07-08 20:02 - 15131395 ____A C:\Users\Davis\Downloads\strat obj bay french normal.zip
2012-07-08 19:01 - 2012-07-08 19:01 - 03984860 ____A C:\Users\Davis\Downloads\Utah Beach.zip
2012-07-08 18:53 - 2012-07-08 18:55 - 20359699 ____A C:\Users\Davis\Downloads\ne_en_100+hotfix.rar
2012-07-01 17:12 - 2012-07-01 17:13 - 00000248 ____A C:\Windows\w32demo8.ini
2012-07-01 17:12 - 2012-07-01 17:12 - 00938053 ____A C:\Users\Davis\Downloads\w32dsm87.zip
2012-07-01 17:06 - 2012-07-01 17:06 - 01103126 ____A C:\Users\Davis\Downloads\fl_sdk_v1.5b_20050314.zip
2012-07-01 16:59 - 2012-07-01 16:59 - 00030567 ____A C:\Users\Davis\Downloads\allmost_all_ini_file_hierachies_by_rasauul_3rd_edition.txt
2012-07-01 16:59 - 2012-07-01 16:59 - 00019293 ____A C:\Users\Davis\Downloads\fl_weapon_reference_2.1.zip
2012-06-30 18:23 - 2012-06-30 18:25 - 14624005 ____A C:\Users\Davis\Downloads\A10_nightmares(1).zip
2012-06-30 18:13 - 2012-06-30 18:25 - 66210721 ____A C:\Users\Davis\Downloads\DMT-OD_SP4_Upskirts.zip
2012-06-30 17:37 - 2012-06-30 17:39 - 11346578 ____A C:\Users\Davis\Downloads\gephyrophobia-base-defence.zip
2012-06-30 17:32 - 2012-06-30 17:48 - 96007126 ____A C:\Users\Davis\Downloads\BigGiantBattle2.zip
2012-06-30 17:32 - 2012-06-30 17:46 - 81216238 ____A C:\Users\Davis\Downloads\BigGiantBattleV2.zip
2012-06-30 17:31 - 2012-06-30 17:42 - 63122053 ____A C:\Users\Davis\Downloads\FloodFright.zip
2012-06-30 17:30 - 2012-06-30 17:34 - 24557989 ____A C:\Users\Davis\Downloads\ellites.zip

============ 3 Months Modified Files ========================

2012-07-30 11:08 - 2008-01-20 17:53 - 01518584 ____A C:\Windows\WindowsUpdate.log
2012-07-30 11:08 - 2006-11-02 07:42 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-30 11:08 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 11:08 - 2006-11-02 07:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 11:08 - 2006-11-02 07:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 11:03 - 2012-07-30 11:03 - 155750400 ____A C:\Users\Davis\Desktop\RepairDiscWindowsVista64-bit.iso
2012-07-30 11:03 - 2012-07-30 10:53 - 155750400 ____A C:\Users\Davis\Downloads\RepairDiscWindowsVista64-bit.iso
2012-07-30 10:54 - 2012-07-30 11:02 - 01438391 ____A (Farbar) C:\Users\Davis\Desktop\FRST64.exe
2012-07-30 10:54 - 2012-07-30 10:53 - 01438391 ____A (Farbar) C:\Users\Davis\Downloads\FRST64.exe
2012-07-30 10:52 - 2012-07-30 10:53 - 00621056 ____A C:\Users\Davis\Desktop\WiNToBootic.exe
2012-07-30 10:52 - 2012-07-30 10:52 - 00621056 ____A C:\Users\Davis\Downloads\WiNToBootic.exe
2012-07-30 10:47 - 2012-07-21 17:37 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-30 10:13 - 2006-11-02 04:46 - 00694964 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 10:07 - 2012-07-21 17:37 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-30 10:07 - 2011-07-08 15:53 - 00000857 __ASH C:\Windows\SysWOW64\mmf.sys
2012-07-30 10:07 - 2011-04-07 20:14 - 00070474 ____A C:\Users\All Users\dleascan.log
2012-07-30 09:57 - 2012-07-30 09:57 - 00002794 ____A C:\Users\Davis\Desktop\Result.txt
2012-07-30 09:56 - 2012-07-30 09:57 - 00306999 ____A (Farbar) C:\Users\Davis\Desktop\ListParts.exe
2012-07-30 09:56 - 2012-07-30 09:56 - 00306999 ____A (Farbar) C:\Users\Davis\Downloads\ListParts.exe
2012-07-30 09:42 - 2012-07-30 09:45 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Davis\Desktop\tdsskiller.exe
2012-07-30 09:42 - 2012-07-30 09:42 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Davis\Downloads\tdsskiller.exe
2012-07-29 22:57 - 2012-07-29 22:57 - 02704432 ____A (ESET) C:\Users\Davis\Downloads\ERARemover_x64.exe
2012-07-29 22:55 - 2012-07-29 22:55 - 00348704 ____A (ESET spol. s r.o.) C:\Users\Davis\Downloads\EOlmarikRemover.exe
2012-07-29 22:55 - 2012-07-29 22:55 - 00140768 ____A (ESET spol. s r.o.) C:\Users\Davis\Downloads\EOlmarikTdl4Cleaner(1).exe
2012-07-29 22:54 - 2012-07-29 22:54 - 00029000 ____A (ESET) C:\Windows\System32\Drivers\OlmarikFixer.sys
2012-07-29 22:52 - 2012-07-29 22:52 - 00140768 ____A (ESET spol. s r.o.) C:\Users\Davis\Downloads\EOlmarikTdl4Cleaner.exe
2012-07-29 22:30 - 2012-07-29 22:30 - 00094456 ____A C:\Users\Davis\Desktop\Extras.Txt
2012-07-29 22:29 - 2012-07-29 22:29 - 00079784 ____A C:\Users\Davis\Desktop\OTL.Txt
2012-07-29 22:22 - 2012-07-29 22:23 - 00597504 ____A (OldTimer Tools) C:\Users\Davis\Desktop\OTL.exe
2012-07-29 22:22 - 2012-07-29 22:22 - 00597504 ____A (OldTimer Tools) C:\Users\Davis\Downloads\OTL.exe
2012-07-29 22:01 - 2008-01-20 19:26 - 00117910 ____A C:\Windows\PFRO.log
2012-07-28 19:20 - 2011-04-07 20:16 - 00011612 ____A C:\Users\All Users\dleaJSW.log
2012-07-27 13:48 - 2012-07-27 13:40 - 37306499 ____A C:\Users\Davis\Downloads\Goblin'sInfernoBDmod.rar
2012-07-26 12:23 - 2012-07-26 12:23 - 00002213 ____A C:\Users\Davis\AppData\Local\recently-used.xbel
2012-07-26 11:46 - 2012-07-26 11:46 - 00000898 ____A C:\Users\Public\Desktop\GIMP 2.lnk
2012-07-26 11:42 - 2012-07-26 11:37 - 76225536 ____A (The GIMP Team ) C:\Users\Davis\Downloads\gimp-2.8.0-setup(1).exe
2012-07-26 11:36 - 2012-07-26 11:34 - 27899511 ____A (The GIMP Team ) C:\Users\Davis\Downloads\gimp-2.8.0-setup.exe
2012-07-26 11:31 - 2012-07-26 11:31 - 00278142 ____A C:\Users\Davis\Downloads\utf_editorv1_0_0_4.zip
2012-07-26 11:22 - 2012-07-26 11:22 - 00007659 ____A C:\Users\Davis\Downloads\FlColors.zip
2012-07-26 11:14 - 2011-09-27 19:25 - 00008704 ____A C:\Users\Davis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 19:00 - 2012-07-25 19:00 - 03005956 ____A (Microsoft Corporation) C:\Users\Davis\Downloads\Freelancer(1)
2012-07-25 12:55 - 2012-07-25 12:23 - 518337599 ____A C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
2012-07-23 16:08 - 2012-07-23 13:41 - 00039322 ____A C:\Users\Davis\Desktop\article.txt
2012-07-21 22:17 - 2012-07-21 22:17 - 00008756 ____A C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
2012-07-21 17:39 - 2012-07-21 17:39 - 00001504 ____A C:\Users\Davis\Desktop\Google Drive.lnk
2012-07-21 17:36 - 2012-07-21 17:36 - 00740104 ____A (Google Inc.) C:\Users\Davis\Downloads\googledrivesync.exe
2012-07-20 22:31 - 2012-07-20 22:31 - 00016198 ____A C:\Users\Davis\Downloads\ku06.ini
2012-07-20 22:30 - 2012-07-20 22:30 - 00160517 ____A C:\Users\Davis\Downloads\goblins_inferno[loadouts-ships-weps-npcdiff].rar
2012-07-20 22:30 - 2012-07-20 22:30 - 00078760 ____A C:\Users\Davis\Downloads\ryuku.rar
2012-07-20 22:30 - 2012-07-20 22:30 - 00002307 ____A C:\Users\Davis\Downloads\mpnewcharacter.fl
2012-07-19 22:17 - 2012-07-19 22:08 - 156252543 ____A C:\Users\Davis\Downloads\FL_Tools.rar
2012-07-18 21:49 - 2012-07-18 21:49 - 00002058 ____A C:\Users\Public\Desktop\Freelancer.lnk
2012-07-18 14:48 - 2012-07-18 14:48 - 00679434 ____A C:\Users\Davis\Downloads\flgls_workaround_v10(1).zip
2012-07-18 14:47 - 2012-07-18 14:47 - 01657440 ____A (Microsoft Corp.) C:\Users\Davis\Downloads\flpatch(1).exe
2012-07-17 11:27 - 2011-03-05 16:49 - 00102472 ____A C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-17 11:25 - 2006-11-02 07:21 - 00377880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-16 17:28 - 2012-07-16 15:38 - 1961163987 ____A (SWAT-Portal) C:\Users\Davis\Downloads\Crossfire19.exe
2012-07-16 13:40 - 2012-07-16 13:40 - 00060132 ____A C:\Users\Davis\Downloads\ProcyonUpdater.exe
2012-07-16 13:40 - 2012-07-16 13:39 - 03968337 ____A C:\Users\Davis\Downloads\ProcyonHook_1_45_Final(1).exe
2012-07-12 19:37 - 2012-07-12 19:33 - 03269778 ____A C:\Users\Davis\Desktop\EXE.rar
2012-07-12 16:42 - 2012-07-12 16:42 - 00038729 ____A C:\Users\Davis\Downloads\ku07.ini
2012-07-10 23:48 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-09 21:12 - 2012-07-09 21:12 - 00001275 ____A C:\Users\UpdatusUser\Desktop\Age of Empires III Napoleonic Era.lnk
2012-07-08 23:46 - 2012-07-08 23:46 - 00001024 ____A C:\.rnd
2012-07-08 23:45 - 2012-07-08 23:44 - 16151040 ____A C:\Users\Davis\Downloads\LogMeIn.msi
2012-07-08 23:41 - 2012-07-08 23:41 - 00281336 ____A C:\Users\Davis\Downloads\aoe3loader.zip
2012-07-08 20:09 - 2012-07-08 20:07 - 20939707 ____A C:\Users\Davis\Downloads\strat obj turky russ normal_0001.zip
2012-07-08 20:08 - 2012-07-08 20:06 - 11191464 ____A C:\Users\Davis\Downloads\Strategic Objectives - Death Valley V2.zip
2012-07-08 20:07 - 2012-07-08 20:07 - 00661079 ____A C:\Users\Davis\Downloads\The_Kharlan_Tournament.zip
2012-07-08 20:07 - 2012-07-08 20:07 - 00589036 ____A C:\Users\Davis\Downloads\gettys.zip
2012-07-08 20:07 - 2012-07-08 20:07 - 00417975 ____A C:\Users\Davis\Downloads\Alamo_0001.zip
2012-07-08 20:07 - 2012-07-08 20:06 - 10144806 ____A C:\Users\Davis\Downloads\Geronimo.zip
2012-07-08 20:07 - 2012-07-08 20:06 - 04016140 ____A C:\Users\Davis\Downloads\Conquest of Constantinople_0001.zip
2012-07-08 20:06 - 2012-07-08 20:06 - 01324162 ____A C:\Users\Davis\Downloads\Jail Break.zip
2012-07-08 20:06 - 2012-07-08 20:06 - 00743904 ____A C:\Users\Davis\Downloads\Operation Overlord_0001.zip
2012-07-08 20:02 - 2012-07-08 20:01 - 15131395 ____A C:\Users\Davis\Downloads\strat obj bay french normal.zip
2012-07-08 19:01 - 2012-07-08 19:01 - 03984860 ____A C:\Users\Davis\Downloads\Utah Beach.zip
2012-07-08 18:55 - 2012-07-08 18:53 - 20359699 ____A C:\Users\Davis\Downloads\ne_en_100+hotfix.rar
2012-07-01 17:13 - 2012-07-01 17:12 - 00000248 ____A C:\Windows\w32demo8.ini
2012-07-01 17:12 - 2012-07-01 17:12 - 00938053 ____A C:\Users\Davis\Downloads\w32dsm87.zip
2012-07-01 17:06 - 2012-07-01 17:06 - 01103126 ____A C:\Users\Davis\Downloads\fl_sdk_v1.5b_20050314.zip
2012-07-01 16:59 - 2012-07-01 16:59 - 00030567 ____A C:\Users\Davis\Downloads\allmost_all_ini_file_hierachies_by_rasauul_3rd_edition.txt
2012-07-01 16:59 - 2012-07-01 16:59 - 00019293 ____A C:\Users\Davis\Downloads\fl_weapon_reference_2.1.zip
2012-06-30 18:25 - 2012-06-30 18:23 - 14624005 ____A C:\Users\Davis\Downloads\A10_nightmares(1).zip
2012-06-30 18:25 - 2012-06-30 18:13 - 66210721 ____A C:\Users\Davis\Downloads\DMT-OD_SP4_Upskirts.zip
2012-06-30 17:48 - 2012-06-30 17:32 - 96007126 ____A C:\Users\Davis\Downloads\BigGiantBattle2.zip
2012-06-30 17:46 - 2012-06-30 17:32 - 81216238 ____A C:\Users\Davis\Downloads\BigGiantBattleV2.zip
2012-06-30 17:42 - 2012-06-30 17:31 - 63122053 ____A C:\Users\Davis\Downloads\FloodFright.zip
2012-06-30 17:39 - 2012-06-30 17:37 - 11346578 ____A C:\Users\Davis\Downloads\gephyrophobia-base-defence.zip
2012-06-30 17:34 - 2012-06-30 17:30 - 24557989 ____A C:\Users\Davis\Downloads\ellites.zip
2012-06-26 13:37 - 2012-06-26 13:37 - 00164474 ____A C:\Users\Davis\Downloads\fled-ids.zip
2012-06-26 13:24 - 2012-06-26 13:24 - 00557770 ____A C:\Users\Davis\Downloads\biniqdu_1_1.zip
2012-06-26 13:24 - 2012-05-10 16:21 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2012-06-24 23:15 - 2012-06-24 23:15 - 00121234 ____A C:\Users\Davis\Downloads\st_equip.ini
2012-06-24 17:54 - 2012-06-24 17:48 - 51518126 ____A C:\Users\Davis\Downloads\nowayout_MAD.zip
2012-06-24 17:54 - 2012-06-24 17:48 - 35306506 ____A C:\Users\Davis\Downloads\house2v2.zip
2012-06-24 17:51 - 2012-06-24 17:46 - 44715786 ____A C:\Users\Davis\Downloads\hugeass_dogfight.zip
2012-06-24 17:03 - 2012-06-24 16:58 - 57059970 ____A C:\Users\Davis\Downloads\extinction_ai.zip
2012-06-21 18:26 - 2012-06-21 18:17 - 03269071 ____A C:\Users\Davis\EXE.rar
2012-06-13 19:59 - 2012-06-13 19:45 - 125689184 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_-_D40.zip
2012-06-13 19:54 - 2012-06-13 19:41 - 103725014 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_D20.zip
2012-06-13 05:58 - 2012-07-10 23:47 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 15:42 - 2012-06-12 15:42 - 00102080 ____A C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-12 15:40 - 2012-06-12 15:40 - 00000020 __ASH C:\Users\Test\ntuser.ini
2012-06-12 13:14 - 2012-06-12 13:01 - 137553030 ____A C:\Users\Davis\Downloads\H3_Style_Campaign-C40.zip
2012-06-08 09:59 - 2012-07-10 13:04 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-10 13:04 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 08:47 - 2012-07-10 13:05 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-10 13:05 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-10 13:05 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-10 13:05 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-07-10 13:05 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 15:58 - 2012-06-02 15:42 - 71703282 ____A C:\Users\Davis\Downloads\secret_mision_4.zip
2012-06-02 15:56 - 2012-06-02 15:42 - 64288741 ____A C:\Users\Davis\Downloads\secret_mision_3.zip
2012-06-02 15:56 - 2012-06-02 15:42 - 61128858 ____A C:\Users\Davis\Downloads\secret_mision_2.zip
2012-06-02 15:42 - 2012-06-02 15:34 - 83766894 ____A C:\Users\Davis\Downloads\secret_mision_1.zip
2012-06-02 14:19 - 2012-06-21 11:16 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:16 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:16 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:15 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 11:15 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-21 11:16 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 11:15 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 12:19 - 2012-06-21 11:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:19 - 2012-06-21 11:15 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 12:12 - 2012-06-21 11:15 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-01 19:51 - 2012-06-01 19:45 - 52166802 ____A C:\Users\Davis\Downloads\flood_war.zip
2012-06-01 19:16 - 2012-06-01 19:10 - 41435438 ____A C:\Users\Davis\Downloads\nspm.zip
2012-06-01 19:14 - 2012-06-01 19:09 - 44491083 ____A C:\Users\Davis\Downloads\salisp.zip
2012-06-01 16:22 - 2012-07-10 13:05 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-10 13:05 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-10 13:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-10 13:05 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-10 13:05 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 13:04 - 2012-06-01 12:55 - 82861692 ____A C:\Users\Davis\Downloads\project_subterfuge.zip
2012-06-01 09:39 - 2012-06-01 09:28 - 67257593 ____A C:\Users\Davis\Downloads\lac_chapter1.zip
2012-06-01 09:38 - 2012-06-01 09:24 - 86554476 ____A C:\Users\Davis\Downloads\H3_Style_Campaign-C20.zip
2012-05-31 10:17 - 2012-05-31 09:53 - 132421959 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_-_C10.zip
2012-05-31 10:10 - 2012-05-31 09:54 - 74368033 ____A C:\Users\Davis\Downloads\firefight-fissurefall.zip
2012-05-31 10:10 - 2012-05-31 09:54 - 67843439 ____A C:\Users\Davis\Downloads\demise.zip
2012-05-31 09:25 - 2011-03-06 16:24 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 16:57 - 2012-05-29 16:37 - 146796814 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_-_B40.zip
2012-05-29 16:46 - 2012-05-29 16:39 - 53173598 ____A C:\Users\Davis\Downloads\Operation_Exodus.zip
2012-05-27 19:30 - 2012-05-27 19:10 - 126697237 ____A C:\Users\Davis\Downloads\The_Great_Infestation.zip
2012-05-27 19:28 - 2012-05-27 19:11 - 111355550 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_-_B30.zip
2012-05-26 16:35 - 2012-05-26 16:35 - 114881013 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_-_A50.zip
2012-05-26 15:31 - 2012-05-26 15:19 - 109363497 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_-_A30.zip
2012-05-23 14:03 - 2012-05-23 13:48 - 168454136 ____A (NVIDIA Corporation) C:\Users\Davis\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-20 11:41 - 2012-05-20 11:05 - 117405395 ____A C:\Users\Davis\Downloads\Metropoli_Assault.zip
2012-05-20 11:41 - 2012-05-20 11:02 - 126080153 ____A C:\Users\Davis\Downloads\sudden_conflict.zip
2012-05-20 11:37 - 2012-05-20 11:04 - 94224622 ____A C:\Users\Davis\Downloads\The_Fall_of_The_Resistance.zip
2012-05-20 11:31 - 2012-05-20 10:40 - 119017694 ____A C:\Users\Davis\Downloads\Halo_Covert_Ops_e60.zip
2012-05-20 11:29 - 2012-05-20 10:43 - 104219588 ____A C:\Users\Davis\Downloads\The_Last_Capital_Ship.zip
2012-05-20 11:12 - 2012-05-20 10:40 - 66501137 ____A C:\Users\Davis\Downloads\Halo_Covert_Ops_e40.zip
2012-05-20 11:08 - 2012-05-20 10:40 - 62048106 ____A C:\Users\Davis\Downloads\Halo_Covert_Ops_e50.zip
2012-05-20 11:05 - 2012-05-20 10:39 - 55867813 ____A C:\Users\Davis\Downloads\Halo_Covert_Ops_e20.zip
2012-05-20 11:04 - 2012-05-20 10:40 - 55784318 ____A C:\Users\Davis\Downloads\Halo_Covert_Ops_e30.zip
2012-05-20 07:46 - 2012-05-20 07:27 - 124103081 ____A C:\Users\Davis\Downloads\H3_Style_Campaign_-_A10.zip
2012-05-20 07:42 - 2012-05-20 07:28 - 85121175 ____A C:\Users\Davis\Downloads\Halo_Covert_Ops_e10.zip
2012-05-19 17:22 - 2012-05-19 16:16 - 137902836 ____A C:\Users\Davis\Downloads\Lumoria_Episode_1_Updated.zip
2012-05-19 17:19 - 2012-05-19 16:19 - 111823961 ____A C:\Users\Davis\Downloads\rpsp_s50.zip
2012-05-19 17:17 - 2012-05-19 16:19 - 107288069 ____A C:\Users\Davis\Downloads\rpsp_s30.zip
2012-05-19 17:11 - 2012-05-19 16:24 - 71621890 ____A C:\Users\Davis\Downloads\firefight-portent.zip
2012-05-19 17:09 - 2012-05-19 16:18 - 83730448 ____A C:\Users\Davis\Downloads\rpsp_s10.zip
2012-05-19 16:32 - 2012-05-19 16:14 - 41142511 ____A C:\Users\Davis\Downloads\biohalo.zip
2012-05-19 16:13 - 2012-05-19 15:59 - 91019747 ____A C:\Users\Davis\Downloads\infestation.zip
2012-05-19 16:12 - 2012-05-19 16:04 - 30500212 ____A C:\Users\Davis\Downloads\survival.zip
2012-05-19 15:57 - 2012-05-19 15:57 - 03062175 ____A C:\Users\Davis\Downloads\haloce109patch.zip
2012-05-19 15:40 - 2012-05-19 15:21 - 178262016 ____A (Microsoft Corporation) C:\Users\Davis\Downloads\halocesetup_en_1.00.exe
2012-05-15 15:17 - 2012-05-15 15:17 - 00366798 _____ C:\Users\Davis\AppData\Local\dd_vcredistMSI41BE.txt
2012-05-15 15:17 - 2012-05-15 15:17 - 00011206 _____ C:\Users\Davis\AppData\Local\dd_vcredistUI41BE.txt
2012-05-15 14:18 - 2012-06-13 13:49 - 01032192 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-15 14:16 - 2012-06-13 13:49 - 00032256 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-15 14:04 - 2012-06-13 13:49 - 00834048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-15 14:02 - 2012-06-13 13:49 - 00027648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-23 14:34 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-05-23 14:34 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2012-03-13 20:20 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-03-13 20:20 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-11-26 11:50 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-11-26 11:50 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-03-05 17:24 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2011-03-05 17:24 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 01:29 - 2011-01-07 18:49 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-01-07 18:48 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-01-07 18:48 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2011-01-07 18:48 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2011-01-07 18:49 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 23:21 - 2012-05-14 23:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-13 20:20 - 2012-05-13 20:15 - 59477464 ____A C:\Users\Davis\Downloads\Ultimate Apocalypse Patch - 1.62.62.zip
2012-05-13 18:44 - 2012-05-13 18:04 - 515641739 ____A () C:\Users\Davis\Downloads\UA_CC_1.62.59_Installer.exe
2012-05-13 18:00 - 2012-05-13 18:00 - 05523839 ____A C:\Users\Davis\Downloads\Ultimate_Apocalypse_Files.zip
2012-05-11 07:41 - 2012-07-08 23:46 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-11 07:41 - 2012-07-08 23:46 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-11 07:41 - 2012-07-08 23:46 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-10 16:21 - 2012-05-10 16:21 - 00073216 ____N (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2012-05-10 16:11 - 2012-05-10 16:11 - 00163840 ____A (FASTech Integratiion, Inc.) C:\Users\Davis\Downloads\LaptopScoreBoardv14.exe
2012-05-08 15:01 - 2012-05-08 14:58 - 00001792 ____A C:\Users\UpdatusUser\Desktop\Try Other Games.lnk
2012-05-08 15:01 - 2012-05-08 14:58 - 00001769 ____A C:\Users\UpdatusUser\Desktop\Alawar Games.lnk
2012-05-08 15:01 - 2012-05-08 14:58 - 00000952 ____A C:\Users\UpdatusUser\Desktop\Tank-o-Box.lnk
2012-05-07 17:24 - 2012-05-07 17:24 - 00624158 ____A C:\Users\Davis\Downloads\bet.zip

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4094.27 MB
Available physical RAM: 3468.46 MB
Total Pagefile: 3824.19 MB
Available Pagefile: 3449.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:231.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (MAELSTROM) (CDROM) (Total:3.5 GB) (Free:0 GB) CDFS
4 Drive e: () (Removable) (Total:7.48 GB) (Free:7.27 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 Online 7658 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 932 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7656 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Removable 7656 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 10:16

======================= End Of Log ==========================
  • 0

#10
Essexboy
Posted 30 July 2012 - 01:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached fixlist.txt to the same USB drive as FRST
[attachment=59321:fixlist.txt]
Restart the computer as before to the recovery console
Run FRST and click Fix
Posted Image
A log will be generated on the USB drive

Reboot to normal windows

Then retry TDSSKiller please

If that fails then

Copy listparts.exe to the same USB as FRST
Then restart in the repair mode and as before locate then run listparts
  • 0

Advertisements

#11
Broll
Posted 30 July 2012 - 02:18 PM

Broll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
After running the Fix off my USB drive, I rebooted my computer as ordered.

I then ran TDSKiller, and it worked. It found a rootkit and removed it, I then rebooted my computer.
Instead of being flooded with crash responses, the computer rebooted very quickly, just like it used to and there have been no crash warnings after several minutes.
In addition, ESET isn't flooding me with warnings about trojans and rootkits.

I'm not sure what you need from here, so I ran OTL again and am posting the log.

OTL logfile created on: 7/30/2012 3:05:14 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Davis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.35% Memory free
8.17 Gb Paging File | 6.94 Gb Available in Paging File | 85.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 231.23 Gb Free Space | 24.82% Space Free | Partition Type: NTFS
Drive D: | 3.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 4.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 605.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1015.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.48 Gb Total Space | 7.27 Gb Free Space | 97.17% Space Free | Partition Type: NTFS

Computer Name: DAVIS-PC | User Name: Davis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 01:22:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
PRC - [2012/07/21 20:42:41 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/06/20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/01 20:56:15 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Davis\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/07/08 18:53:24 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/18 12:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
PRC - [2010/01/18 12:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 15:03:44 | 000,571,392 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\pysqlite2._sqlite.pyd
MOD - [2012/07/30 15:03:44 | 000,263,168 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32com.shell.shell.pyd
MOD - [2012/07/30 15:03:44 | 000,096,256 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32api.pyd
MOD - [2012/07/30 15:03:44 | 000,086,016 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\_elementtree.pyd
MOD - [2012/07/30 15:03:44 | 000,070,656 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\wx._html2.pyd
MOD - [2012/07/30 15:03:44 | 000,040,448 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\_socket.pyd
MOD - [2012/07/30 15:03:44 | 000,011,776 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32crypt.pyd
MOD - [2012/07/30 15:03:43 | 001,169,408 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\wx._core_.pyd
MOD - [2012/07/30 15:03:43 | 001,018,368 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\windows._cacheinvalidation.pyd
MOD - [2012/07/30 15:03:43 | 000,807,424 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\wx._windows_.pyd
MOD - [2012/07/30 15:03:43 | 000,792,576 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\wx._gdi_.pyd
MOD - [2012/07/30 15:03:43 | 000,731,136 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\wx._misc_.pyd
MOD - [2012/07/30 15:03:43 | 000,645,120 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\_ssl.pyd
MOD - [2012/07/30 15:03:43 | 000,354,304 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\pythoncom26.dll
MOD - [2012/07/30 15:03:43 | 000,311,808 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\_hashlib.pyd
MOD - [2012/07/30 15:03:43 | 000,153,088 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\pyexpat.pyd
MOD - [2012/07/30 15:03:43 | 000,110,592 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\PyWinTypes26.dll
MOD - [2012/07/30 15:03:43 | 000,073,728 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\_ctypes.pyd
MOD - [2012/07/30 15:03:43 | 000,036,352 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32process.pyd
MOD - [2012/07/30 15:03:43 | 000,022,528 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32pdh.pyd
MOD - [2012/07/30 15:03:42 | 001,056,256 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\wx._controls_.pyd
MOD - [2012/07/30 15:03:42 | 000,585,728 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\unicodedata.pyd
MOD - [2012/07/30 15:03:42 | 000,121,856 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\wx._wizard.pyd
MOD - [2012/07/30 15:03:42 | 000,111,104 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32file.pyd
MOD - [2012/07/30 15:03:42 | 000,039,424 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32inet.pyd
MOD - [2012/07/30 15:03:42 | 000,017,920 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\win32event.pyd
MOD - [2012/07/30 15:03:42 | 000,011,776 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI10202\select.pyd
MOD - [2010/01/18 12:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
MOD - [2010/01/18 12:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
MOD - [2009/12/16 12:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/12/16 12:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
MOD - [2009/11/26 03:49:41 | 000,086,180 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/06/22 08:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 08:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 08:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 08:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 08:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 08:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 08:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 08:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 12:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
MOD - [2009/02/20 03:50:18 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsmr.dll
MOD - [2009/02/20 03:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/07 16:09:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device)
SRV:64bit: - [2010/01/07 16:09:33 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/18 22:53:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/08 18:53:24 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/07 16:09:33 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2010/01/07 16:09:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dleacoms.exe -- (dlea_device)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/30 01:54:51 | 000,029,000 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OlmarikFixer.sys -- (OlmarikFixer)
DRV:64bit: - [2012/05/11 10:41:34 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/01/20 21:49:04 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008/01/20 21:47:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\irsir.sys -- (irsir)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/03/12 04:11:00 | 000,320,512 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys -- (netr7364)
DRV:64bit: - [2007/02/23 14:56:54 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV:64bit: - [2006/10/02 21:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Davis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/11/25 16:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 22:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 12:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/25 16:46:47 | 000,000,000 | ---D | M]

[2011/03/05 19:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davis\AppData\Roaming\Mozilla\Extensions
[2012/05/03 20:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions
[2011/03/08 19:45:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/12 15:02:31 | 000,000,000 | ---D | M] (Diccionario de EspaƱol/EspaƱa) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions\[email protected]
[2012/06/21 14:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/18 22:53:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/29 00:06:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/21 14:13:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/21 14:13:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Davis\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9827CD4C-F3B5-4EBE-8660-B764670D7EDD}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5C296B4-7A12-4D41-A4A9-C8EB44068A9E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B56CD4B2-F36F-46D7-8B86-F4F9121F4A94}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/27 08:57:55 | 000,221,184 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/11/08 16:14:07 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/12/25 17:37:16 | 000,005,022 | R--- | M] () - D:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2011/07/14 12:36:25 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/08/19 13:05:30 | 000,000,054 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003/02/04 15:14:13 | 000,000,183 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/04/10 04:44:31 | 000,000,077 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1c2db39c-479b-11e0-b8df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c2db39c-479b-11e0-b8df-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2006/11/27 08:57:55 | 000,221,184 | R--- | M] ()
O33 - MountPoints2\{355b33f5-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33f5-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/01/17 13:42:14 | 000,335,992 | R--- | M] (2K Sports)
O33 - MountPoints2\{355b33f9-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33f9-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011/09/02 19:29:01 | 000,217,256 | R--- | M] (2K Sports)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2003/02/04 15:22:15 | 002,392,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\directx\command - "" = G:\DIRECTX\DXSETUP.EXE -- [2003/02/04 15:14:37 | 000,461,824 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\setup\command - "" = G:\SETUP.EXE -- [2003/02/04 15:22:15 | 002,392,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fb-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33fb-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = H:\BvsC_Setup.exe -- [2011/04/10 04:27:11 | 955,210,224 | R--- | M] (Zuxxez Entertainment )
O33 - MountPoints2\{b3576a09-ea24-11e0-9d33-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{b3576a09-ea24-11e0-9d33-001fe25350c2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 17:16:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/30 15:01:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/30 14:02:35 | 001,438,391 | ---- | C] (Farbar) -- C:\Users\Davis\Desktop\FRST64.exe
[2012/07/30 13:44:52 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\Flash Drive Backup
[2012/07/30 12:57:11 | 000,306,999 | ---- | C] (Farbar) -- C:\Users\Davis\Desktop\ListParts.exe
[2012/07/30 12:45:41 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davis\Desktop\tdsskiller.exe
[2012/07/30 01:54:51 | 000,029,000 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012/07/30 01:23:33 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
[2012/07/27 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\tobewavd
[2012/07/26 16:06:42 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\m01acutscenes
[2012/07/26 14:47:12 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\fontconfig
[2012/07/26 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\gegl-0.2
[2012/07/26 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Davis\.gimp-2.8
[2012/07/26 14:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP 2
[2012/07/26 14:31:15 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\UtfEditor
[2012/07/26 14:10:29 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\Goblin's Inferno
[2012/07/21 20:39:10 | 000,000,000 | --SD | C] -- C:\Users\Davis\Google Drive
[2012/07/21 20:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/07/21 20:37:27 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\Google
[2012/07/21 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/20 01:18:05 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\FL Tools
[2012/07/19 00:26:19 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\saves
[2012/07/16 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2012/07/16 21:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2012/07/16 17:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/07/10 00:12:58 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Age of Empires III Napoleonic Era
[2012/07/10 00:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III Napoleonic Era
[2012/07/10 00:12:26 | 001,113,600 | ---- | C] (©citybuilders®) -- C:\Windows\SysWow64\Age3NEUnInst.exe
[2012/07/09 02:46:55 | 000,034,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/07/09 02:46:54 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/07/09 02:46:54 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2012/07/09 02:46:48 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/07/09 02:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/07/09 02:44:21 | 001,236,992 | ---- | C] (crea-doo) -- C:\Users\Davis\Desktop\aoe3loader.exe
[2005/01/13 15:47:42 | 000,061,440 | ---- | C] (none) -- C:\Program Files (x86)\mdMod1.dll
[2004/07/28 19:43:27 | 000,024,576 | ---- | C] (none) -- C:\Program Files (x86)\EnDeCrypt.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 15:10:04 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 15:10:04 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 15:10:04 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 15:03:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 15:03:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 15:03:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 15:03:30 | 000,000,857 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2012/07/30 15:03:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 14:03:19 | 155,750,400 | ---- | M] () -- C:\Users\Davis\Desktop\RepairDiscWindowsVista64-bit.iso
[2012/07/30 13:54:27 | 001,438,391 | ---- | M] (Farbar) -- C:\Users\Davis\Desktop\FRST64.exe
[2012/07/30 13:52:40 | 000,621,056 | ---- | M] () -- C:\Users\Davis\Desktop\WiNToBootic.exe
[2012/07/30 13:47:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 12:56:47 | 000,306,999 | ---- | M] (Farbar) -- C:\Users\Davis\Desktop\ListParts.exe
[2012/07/30 12:42:40 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davis\Desktop\tdsskiller.exe
[2012/07/30 01:54:51 | 000,029,000 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012/07/30 01:22:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
[2012/07/26 15:23:08 | 000,002,213 | ---- | M] () -- C:\Users\Davis\AppData\Local\recently-used.xbel
[2012/07/26 14:46:20 | 000,000,922 | ---- | M] () -- C:\Users\Davis\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012/07/26 14:14:09 | 000,008,704 | ---- | M] () -- C:\Users\Davis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 15:55:53 | 518,337,599 | ---- | M] () -- C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
[2012/07/22 01:17:29 | 000,008,756 | ---- | M] () -- C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
[2012/07/21 20:39:11 | 000,001,504 | ---- | M] () -- C:\Users\Davis\Desktop\Google Drive.lnk
[2012/07/19 00:49:03 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/07/17 14:25:34 | 000,377,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 22:37:50 | 003,269,778 | ---- | M] () -- C:\Users\Davis\Desktop\EXE.rar
[2012/07/09 02:46:44 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/07/01 20:13:14 | 000,000,248 | ---- | M] () -- C:\Windows\w32demo8.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/30 14:03:35 | 155,750,400 | ---- | C] () -- C:\Users\Davis\Desktop\RepairDiscWindowsVista64-bit.iso
[2012/07/30 13:53:06 | 000,621,056 | ---- | C] () -- C:\Users\Davis\Desktop\WiNToBootic.exe
[2012/07/26 15:23:08 | 000,002,213 | ---- | C] () -- C:\Users\Davis\AppData\Local\recently-used.xbel
[2012/07/26 14:46:20 | 000,000,922 | ---- | C] () -- C:\Users\Davis\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012/07/25 15:23:34 | 518,337,599 | ---- | C] () -- C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
[2012/07/22 01:17:29 | 000,008,756 | ---- | C] () -- C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
[2012/07/21 20:39:11 | 000,001,504 | ---- | C] () -- C:\Users\Davis\Desktop\Google Drive.lnk
[2012/07/21 20:37:32 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 20:37:31 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 00:49:03 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/07/12 22:33:48 | 003,269,778 | ---- | C] () -- C:\Users\Davis\Desktop\EXE.rar
[2012/07/09 02:46:42 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/01 20:12:47 | 000,000,248 | ---- | C] () -- C:\Windows\w32demo8.ini
[2012/06/26 00:15:59 | 005,309,465 | ---- | C] () -- C:\Users\Davis\DSCN1884.JPG
[2012/06/22 00:58:19 | 000,019,068 | ---- | C] () -- C:\Users\Davis\obviously.jpg
[2012/06/21 21:17:47 | 003,269,071 | ---- | C] () -- C:\Users\Davis\EXE.rar
[2012/06/12 17:56:03 | 000,004,246 | ---- | C] () -- C:\Users\Davis\account.jpg
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/22 16:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/11/25 00:58:35 | 000,001,164 | ---- | C] () -- C:\Windows\eReg.dat
[2011/09/27 22:25:22 | 000,008,704 | ---- | C] () -- C:\Users\Davis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 18:53:24 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2011/07/08 18:53:24 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2011/07/08 18:53:24 | 000,000,857 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2011/05/21 11:29:24 | 000,000,061 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/10 16:50:03 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/22 14:09:18 | 000,003,388 | ---- | C] () -- C:\Users\Davis\AppData\Roaming\glide_wrapper.zbag.ini
[2011/04/07 23:10:28 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2011/04/07 23:10:28 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2011/04/07 23:10:28 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2011/04/07 23:10:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2011/04/07 23:10:27 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2011/04/07 23:10:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2011/04/07 23:10:27 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2011/04/07 23:10:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2011/04/07 23:10:26 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2011/04/07 23:10:26 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2011/04/07 23:10:26 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2011/04/07 23:10:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2011/04/07 23:10:25 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2011/04/07 23:10:25 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2011/04/07 23:10:24 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2011/04/07 23:10:24 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2011/04/07 23:10:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2011/04/07 23:10:23 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2011/04/07 23:10:23 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2011/04/07 23:10:23 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2011/04/07 23:10:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2011/04/07 23:10:22 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2011/04/07 23:09:39 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2011/04/07 23:09:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2011/04/02 18:41:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/27 14:34:10 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2011/03/27 14:34:09 | 000,042,035 | ---- | C] () -- C:\Windows\unins000.dat
[2011/03/06 19:43:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/06 19:42:36 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/06 19:42:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/03/06 19:42:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/03/06 00:38:16 | 000,000,298 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/03/05 20:12:44 | 000,001,356 | ---- | C] () -- C:\Users\Davis\AppData\Local\d3d9caps.dat
[2011/03/05 19:48:52 | 000,000,732 | ---- | C] () -- C:\Users\Davis\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2012/04/04 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\2K Sports
[2012/07/30 15:04:44 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\BitTorrent
[2012/02/20 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/22 16:47:24 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Leadertech
[2011/07/16 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\LucasArts
[2011/07/02 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Out of the Park Developments
[2011/05/21 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\PopCapv1002
[2012/02/01 20:55:57 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\SanDisk
[2011/11/26 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\SystemRequirementsLab
[2012/04/13 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Vulture
[2012/07/30 15:02:38 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8776F88E

< End of report >
  • 0

#12
Essexboy
Posted 30 July 2012 - 02:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the TDSKiller log please so that I can ensure it has all gone
  • 0

#13
Broll
Posted 30 July 2012 - 02:26 PM

Broll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ah, my apologies. Is there anyway I can recover the old report?
  • 0

#14
Essexboy
Posted 30 July 2012 - 02:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could re-run it please but do not do any cure or delete actions
  • 0

#15
Broll
Posted 30 July 2012 - 02:34 PM

Broll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
15:32:49.0270 2512 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:32:49.0804 2512 ============================================================
15:32:49.0804 2512 Current date / time: 2012/07/30 15:32:49.0804
15:32:49.0804 2512 SystemInfo:
15:32:49.0804 2512
15:32:49.0804 2512 OS Version: 6.0.6002 ServicePack: 2.0
15:32:49.0804 2512 Product type: Workstation
15:32:49.0804 2512 ComputerName: DAVIS-PC
15:32:49.0804 2512 UserName: Davis
15:32:49.0804 2512 Windows directory: C:\Windows
15:32:49.0804 2512 System windows directory: C:\Windows
15:32:49.0804 2512 Running under WOW64
15:32:49.0804 2512 Processor architecture: Intel x64
15:32:49.0804 2512 Number of processors: 2
15:32:49.0804 2512 Page size: 0x1000
15:32:49.0805 2512 Boot type: Normal boot
15:32:49.0805 2512 ============================================================
15:32:50.0796 2512 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:50.0801 2512 Drive \Device\Harddisk1\DR1 - Size: 0x1DE97FE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:32:50.0804 2512 ============================================================
15:32:50.0804 2512 \Device\Harddisk0\DR0:
15:32:50.0804 2512 MBR partitions:
15:32:50.0804 2512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:32:50.0804 2512 \Device\Harddisk1\DR1:
15:32:50.0804 2512 MBR partitions:
15:32:50.0804 2512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2C, BlocksNum 0xEF3FA4
15:32:50.0804 2512 ============================================================
15:32:50.0835 2512 C: <-> \Device\Harddisk0\DR0\Partition0
15:32:50.0835 2512 ============================================================
15:32:50.0835 2512 Initialize success
15:32:50.0835 2512 ============================================================
15:33:03.0770 1636 ============================================================
15:33:03.0770 1636 Scan started
15:33:03.0770 1636 Mode: Manual; SigCheck; TDLFS;
15:33:03.0770 1636 ============================================================
15:33:04.0243 1636 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:33:04.0329 1636 ACPI - ok
15:33:04.0459 1636 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:33:04.0469 1636 AdobeARMservice - ok
15:33:04.0535 1636 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:33:04.0553 1636 adp94xx - ok
15:33:04.0603 1636 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:33:04.0619 1636 adpahci - ok
15:33:04.0640 1636 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:33:04.0652 1636 adpu160m - ok
15:33:04.0674 1636 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:33:04.0687 1636 adpu320 - ok
15:33:04.0712 1636 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:33:04.0738 1636 AeLookupSvc - ok
15:33:04.0803 1636 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:33:04.0823 1636 AFD - ok
15:33:04.0835 1636 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:33:04.0848 1636 agp440 - ok
15:33:04.0867 1636 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:33:04.0880 1636 aic78xx - ok
15:33:04.0900 1636 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:33:04.0936 1636 ALG - ok
15:33:04.0957 1636 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:33:04.0968 1636 aliide - ok
15:33:04.0974 1636 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:33:04.0986 1636 amdide - ok
15:33:05.0003 1636 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:33:05.0038 1636 AmdK8 - ok
15:33:05.0076 1636 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:33:05.0089 1636 Appinfo - ok
15:33:05.0108 1636 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:33:05.0122 1636 arc - ok
15:33:05.0137 1636 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:33:05.0151 1636 arcsas - ok
15:33:05.0184 1636 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:33:05.0218 1636 AsyncMac - ok
15:33:05.0230 1636 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:33:05.0244 1636 atapi - ok
15:33:05.0295 1636 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:33:05.0326 1636 AudioEndpointBuilder - ok
15:33:05.0330 1636 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:33:05.0361 1636 AudioSrv - ok
15:33:05.0421 1636 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
15:33:05.0452 1636 BFE - ok
15:33:05.0517 1636 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
15:33:05.0560 1636 BITS - ok
15:33:05.0614 1636 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:33:05.0647 1636 blbdrive - ok
15:33:05.0681 1636 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:33:05.0696 1636 bowser - ok
15:33:05.0717 1636 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:33:05.0742 1636 BrFiltLo - ok
15:33:05.0759 1636 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:33:05.0784 1636 BrFiltUp - ok
15:33:05.0791 1636 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:33:05.0826 1636 Browser - ok
15:33:05.0839 1636 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:33:05.0891 1636 Brserid - ok
15:33:05.0903 1636 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:33:05.0948 1636 BrSerWdm - ok
15:33:05.0977 1636 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:33:06.0021 1636 BrUsbMdm - ok
15:33:06.0038 1636 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:33:06.0083 1636 BrUsbSer - ok
15:33:06.0105 1636 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:33:06.0150 1636 BTHMODEM - ok
15:33:06.0189 1636 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:33:06.0219 1636 cdfs - ok
15:33:06.0240 1636 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:33:06.0262 1636 cdrom - ok
15:33:06.0308 1636 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:33:06.0333 1636 CertPropSvc - ok
15:33:06.0361 1636 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:33:06.0395 1636 circlass - ok
15:33:06.0445 1636 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:33:06.0464 1636 CLFS - ok
15:33:06.0524 1636 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:33:06.0536 1636 clr_optimization_v2.0.50727_32 - ok
15:33:06.0558 1636 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:33:06.0570 1636 clr_optimization_v2.0.50727_64 - ok
15:33:06.0588 1636 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:33:06.0600 1636 cmdide - ok
15:33:06.0615 1636 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:33:06.0627 1636 Compbatt - ok
15:33:06.0629 1636 COMSysApp - ok
15:33:06.0634 1636 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:33:06.0647 1636 crcdisk - ok
15:33:06.0693 1636 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
15:33:06.0708 1636 CryptSvc - ok
15:33:06.0766 1636 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:33:06.0802 1636 DcomLaunch - ok
15:33:06.0824 1636 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:33:06.0837 1636 DfsC - ok
15:33:07.0013 1636 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:33:07.0104 1636 DFSR - ok
15:33:07.0203 1636 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:33:07.0231 1636 Dhcp - ok
15:33:07.0294 1636 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:33:07.0309 1636 disk - ok
15:33:07.0364 1636 dleaCATSCustConnectService (e0d525515537e60aba8f3e29209f02e8) C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
15:33:07.0373 1636 dleaCATSCustConnectService - ok
15:33:07.0375 1636 dlea_device - ok
15:33:07.0429 1636 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:33:07.0444 1636 Dnscache - ok
15:33:07.0465 1636 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:33:07.0494 1636 dot3svc - ok
15:33:07.0541 1636 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:33:07.0577 1636 DPS - ok
15:33:07.0612 1636 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:33:07.0637 1636 drmkaud - ok
15:33:07.0717 1636 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
15:33:07.0746 1636 DXGKrnl - ok
15:33:07.0788 1636 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:33:07.0825 1636 E1G60 - ok
15:33:07.0871 1636 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
15:33:07.0890 1636 eamonm - ok
15:33:07.0927 1636 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:33:07.0953 1636 EapHost - ok
15:33:07.0983 1636 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:33:07.0998 1636 Ecache - ok
15:33:08.0006 1636 efavdrv - ok
15:33:08.0029 1636 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
15:33:08.0040 1636 ehdrv - ok
15:33:08.0080 1636 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:33:08.0097 1636 ehRecvr - ok
15:33:08.0105 1636 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:33:08.0119 1636 ehSched - ok
15:33:08.0131 1636 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:33:08.0144 1636 ehstart - ok
15:33:08.0228 1636 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
15:33:08.0256 1636 ekrn - ok
15:33:08.0343 1636 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:33:08.0363 1636 elxstor - ok
15:33:08.0421 1636 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:33:08.0442 1636 EMDMgmt - ok
15:33:08.0460 1636 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
15:33:08.0472 1636 epfwwfpr - ok
15:33:08.0484 1636 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:33:08.0518 1636 ErrDev - ok
15:33:08.0548 1636 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:33:08.0578 1636 EventSystem - ok
15:33:08.0601 1636 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:33:08.0616 1636 exfat - ok
15:33:08.0652 1636 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:33:08.0678 1636 fastfat - ok
15:33:08.0687 1636 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:33:08.0722 1636 fdc - ok
15:33:08.0725 1636 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:33:08.0759 1636 fdPHost - ok
15:33:08.0768 1636 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:33:08.0821 1636 FDResPub - ok
15:33:08.0833 1636 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:33:08.0845 1636 FileInfo - ok
15:33:08.0859 1636 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:33:08.0887 1636 Filetrace - ok
15:33:08.0897 1636 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:33:08.0926 1636 flpydisk - ok
15:33:08.0948 1636 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:33:08.0962 1636 FltMgr - ok
15:33:09.0059 1636 FontCache (fdf5f06efc8f98bac5fe8b216f93aa5e) C:\Windows\system32\FntCache.dll
15:33:09.0085 1636 FontCache - ok
15:33:09.0154 1636 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:33:09.0162 1636 FontCache3.0.0.0 - ok
15:33:09.0209 1636 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:33:09.0221 1636 Fs_Rec - ok
15:33:09.0243 1636 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:33:09.0257 1636 gagp30kx - ok
15:33:09.0311 1636 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:33:09.0366 1636 gpsvc - ok
15:33:09.0426 1636 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:33:09.0437 1636 gupdate - ok
15:33:09.0440 1636 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:33:09.0450 1636 gupdatem - ok
15:33:09.0515 1636 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
15:33:09.0532 1636 HdAudAddService - ok
15:33:09.0600 1636 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:33:09.0638 1636 HDAudBus - ok
15:33:09.0650 1636 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:33:09.0702 1636 HidBth - ok
15:33:09.0716 1636 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:33:09.0768 1636 HidIr - ok
15:33:09.0771 1636 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
15:33:09.0797 1636 hidserv - ok
15:33:09.0800 1636 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:33:09.0826 1636 HidUsb - ok
15:33:09.0831 1636 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:33:09.0863 1636 hkmsvc - ok
15:33:09.0893 1636 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:33:09.0905 1636 HpCISSs - ok
15:33:09.0953 1636 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:33:09.0974 1636 HTTP - ok
15:33:09.0999 1636 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:33:10.0010 1636 i2omp - ok
15:33:10.0032 1636 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:33:10.0055 1636 i8042prt - ok
15:33:10.0091 1636 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:33:10.0105 1636 iaStorV - ok
15:33:10.0191 1636 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:33:10.0214 1636 idsvc - ok
15:33:10.0249 1636 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:33:10.0261 1636 iirsp - ok
15:33:10.0298 1636 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:33:10.0329 1636 IKEEXT - ok
15:33:10.0486 1636 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
15:33:10.0571 1636 IntcAzAudAddService - ok
15:33:10.0652 1636 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:33:10.0664 1636 intelide - ok
15:33:10.0668 1636 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:33:10.0703 1636 intelppm - ok
15:33:10.0720 1636 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:33:10.0755 1636 IPBusEnum - ok
15:33:10.0784 1636 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:33:10.0810 1636 IpFilterDriver - ok
15:33:10.0857 1636 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
15:33:10.0872 1636 iphlpsvc - ok
15:33:10.0875 1636 IpInIp - ok
15:33:10.0907 1636 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:33:10.0942 1636 IPMIDRV - ok
15:33:10.0970 1636 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:33:11.0004 1636 IPNAT - ok
15:33:11.0030 1636 irda (86583188c7157ffda249529423fc3e6f) C:\Windows\system32\DRIVERS\irda.sys
15:33:11.0066 1636 irda - ok
15:33:11.0069 1636 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:33:11.0103 1636 IRENUM - ok
15:33:11.0106 1636 Irmon (b78af3c5820c0ac3183549ef8c671e67) C:\Windows\System32\irmon.dll
15:33:11.0155 1636 Irmon - ok
15:33:11.0164 1636 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
15:33:11.0194 1636 irsir - ok
15:33:11.0223 1636 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:33:11.0234 1636 isapnp - ok
15:33:11.0293 1636 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:33:11.0307 1636 iScsiPrt - ok
15:33:11.0330 1636 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:33:11.0341 1636 iteatapi - ok
15:33:11.0369 1636 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:33:11.0379 1636 iteraid - ok
15:33:11.0397 1636 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:33:11.0408 1636 kbdclass - ok
15:33:11.0444 1636 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:33:11.0466 1636 kbdhid - ok
15:33:11.0485 1636 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:11.0497 1636 KeyIso - ok
15:33:11.0545 1636 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
15:33:11.0567 1636 KSecDD - ok
15:33:11.0570 1636 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:33:11.0605 1636 ksthunk - ok
15:33:11.0646 1636 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:33:11.0686 1636 KtmRm - ok
15:33:11.0714 1636 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
15:33:11.0731 1636 LanmanServer - ok
15:33:11.0769 1636 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:33:11.0785 1636 LanmanWorkstation - ok
15:33:11.0825 1636 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\Windows\runservice.exe
15:33:11.0829 1636 LicCtrlService ( UnsignedFile.Multi.Generic ) - warning
15:33:11.0829 1636 LicCtrlService - detected UnsignedFile.Multi.Generic (1)
15:33:11.0850 1636 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:33:11.0884 1636 lltdio - ok
15:33:11.0918 1636 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:33:11.0956 1636 lltdsvc - ok
15:33:11.0959 1636 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:33:11.0994 1636 lmhosts - ok
15:33:12.0055 1636 LMIInfo - ok
15:33:12.0084 1636 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
15:33:12.0094 1636 lmimirr - ok
15:33:12.0111 1636 LMIRfsClientNP - ok
15:33:12.0147 1636 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
15:33:12.0156 1636 LMIRfsDriver - ok
15:33:12.0186 1636 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:33:12.0199 1636 LSI_FC - ok
15:33:12.0217 1636 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:33:12.0231 1636 LSI_SAS - ok
15:33:12.0237 1636 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:33:12.0251 1636 LSI_SCSI - ok
15:33:12.0258 1636 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:33:12.0293 1636 luafv - ok
15:33:12.0351 1636 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
15:33:12.0367 1636 mcdbus - ok
15:33:12.0397 1636 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:33:12.0410 1636 Mcx2Svc - ok
15:33:12.0470 1636 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:33:12.0478 1636 MDM ( UnsignedFile.Multi.Generic ) - warning
15:33:12.0479 1636 MDM - detected UnsignedFile.Multi.Generic (1)
15:33:12.0499 1636 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:33:12.0514 1636 megasas - ok
15:33:12.0547 1636 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:33:12.0566 1636 MegaSR - ok
15:33:12.0616 1636 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:33:12.0652 1636 MMCSS - ok
15:33:12.0674 1636 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:33:12.0708 1636 Modem - ok
15:33:12.0713 1636 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:33:12.0748 1636 monitor - ok
15:33:12.0752 1636 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:33:12.0765 1636 mouclass - ok
15:33:12.0797 1636 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:33:12.0831 1636 mouhid - ok
15:33:12.0836 1636 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:33:12.0850 1636 MountMgr - ok
15:33:12.0981 1636 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:33:12.0994 1636 MozillaMaintenance - ok
15:33:13.0032 1636 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:33:13.0047 1636 mpio - ok
15:33:13.0074 1636 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:33:13.0100 1636 mpsdrv - ok
15:33:13.0174 1636 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
15:33:13.0208 1636 MpsSvc - ok
15:33:13.0245 1636 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:33:13.0258 1636 Mraid35x - ok
15:33:13.0270 1636 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:33:13.0285 1636 MRxDAV - ok
15:33:13.0309 1636 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:33:13.0322 1636 mrxsmb - ok
15:33:13.0362 1636 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:33:13.0378 1636 mrxsmb10 - ok
15:33:13.0385 1636 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:33:13.0398 1636 mrxsmb20 - ok
15:33:13.0421 1636 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:33:13.0434 1636 msahci - ok
15:33:13.0452 1636 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:33:13.0466 1636 msdsm - ok
15:33:13.0490 1636 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:33:13.0526 1636 MSDTC - ok
15:33:13.0565 1636 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:33:13.0600 1636 Msfs - ok
15:33:13.0610 1636 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:33:13.0623 1636 msisadrv - ok
15:33:13.0652 1636 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:33:13.0688 1636 MSiSCSI - ok
15:33:13.0690 1636 msiserver - ok
15:33:13.0714 1636 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:33:13.0747 1636 MSKSSRV - ok
15:33:13.0761 1636 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:33:13.0795 1636 MSPCLOCK - ok
15:33:13.0808 1636 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:33:13.0842 1636 MSPQM - ok
15:33:13.0867 1636 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:33:13.0883 1636 MsRPC - ok
15:33:13.0888 1636 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:33:13.0898 1636 mssmbios - ok
15:33:13.0911 1636 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:33:13.0940 1636 MSTEE - ok
15:33:13.0945 1636 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:33:13.0958 1636 Mup - ok
15:33:13.0988 1636 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:33:14.0016 1636 napagent - ok
15:33:14.0060 1636 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:33:14.0073 1636 NativeWifiP - ok
15:33:14.0125 1636 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:33:14.0148 1636 NDIS - ok
15:33:14.0195 1636 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:33:14.0217 1636 NdisTapi - ok
15:33:14.0220 1636 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:33:14.0250 1636 Ndisuio - ok
15:33:14.0277 1636 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:33:14.0304 1636 NdisWan - ok
15:33:14.0314 1636 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:33:14.0340 1636 NDProxy - ok
15:33:14.0345 1636 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:33:14.0376 1636 NetBIOS - ok
15:33:14.0392 1636 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:33:14.0415 1636 netbt - ok
15:33:14.0428 1636 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:14.0440 1636 Netlogon - ok
15:33:14.0471 1636 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:33:14.0505 1636 Netman - ok
15:33:14.0530 1636 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:33:14.0562 1636 netprofm - ok
15:33:14.0616 1636 netr7364 (4d457321124ef6031875da01e9c402b3) C:\Windows\system32\DRIVERS\WUSB54GCx64.sys
15:33:14.0629 1636 netr7364 - ok
15:33:14.0663 1636 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:33:14.0673 1636 NetTcpPortSharing - ok
15:33:14.0688 1636 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:33:14.0699 1636 nfrd960 - ok
15:33:14.0727 1636 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:33:14.0760 1636 NlaSvc - ok
15:33:14.0800 1636 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
15:33:14.0811 1636 NPF - ok
15:33:14.0815 1636 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:33:14.0841 1636 Npfs - ok
15:33:14.0849 1636 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:33:14.0884 1636 nsi - ok
15:33:14.0890 1636 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:33:14.0924 1636 nsiproxy - ok
15:33:14.0999 1636 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:33:15.0043 1636 Ntfs - ok
15:33:15.0124 1636 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:33:15.0159 1636 Null - ok
15:33:15.0220 1636 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
15:33:15.0234 1636 NVHDA - ok
15:33:15.0681 1636 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:33:16.0093 1636 nvlddmkm - ok
15:33:16.0148 1636 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:33:16.0161 1636 nvraid - ok
15:33:16.0184 1636 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:33:16.0196 1636 nvstor - ok
15:33:16.0273 1636 NVSvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
15:33:16.0303 1636 NVSvc - ok
15:33:16.0427 1636 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:33:16.0462 1636 nvUpdatusService - ok
15:33:16.0516 1636 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:33:16.0531 1636 nv_agp - ok
15:33:16.0533 1636 NwlnkFlt - ok
15:33:16.0537 1636 NwlnkFwd - ok
15:33:16.0604 1636 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:33:16.0623 1636 odserv - ok
15:33:16.0672 1636 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:33:16.0697 1636 ohci1394 - ok
15:33:16.0721 1636 OlmarikFixer (549e48ce8281bcda6e20fd0e6b85bd53) C:\Windows\system32\drivers\OlmarikFixer.sys
15:33:16.0730 1636 OlmarikFixer - ok
15:33:16.0755 1636 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:33:16.0767 1636 ose - ok
15:33:16.0829 1636 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:16.0854 1636 p2pimsvc - ok
15:33:16.0861 1636 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:16.0887 1636 p2psvc - ok
15:33:16.0923 1636 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:33:16.0976 1636 Parport - ok
15:33:17.0007 1636 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:33:17.0020 1636 partmgr - ok
15:33:17.0042 1636 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:33:17.0058 1636 PcaSvc - ok
15:33:17.0078 1636 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:33:17.0094 1636 pci - ok
15:33:17.0110 1636 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
15:33:17.0124 1636 pciide - ok
15:33:17.0151 1636 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:33:17.0165 1636 pcmcia - ok
15:33:17.0214 1636 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:33:17.0277 1636 PEAUTH - ok
15:33:17.0338 1636 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:33:17.0372 1636 PerfHost - ok
15:33:17.0433 1636 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:33:17.0479 1636 pla - ok
15:33:17.0516 1636 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:33:17.0547 1636 PlugPlay - ok
15:33:17.0583 1636 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:17.0607 1636 PNRPAutoReg - ok
15:33:17.0615 1636 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:17.0640 1636 PNRPsvc - ok
15:33:17.0682 1636 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:33:17.0725 1636 PolicyAgent - ok
15:33:17.0757 1636 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:33:17.0782 1636 PptpMiniport - ok
15:33:17.0803 1636 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:33:17.0839 1636 Processor - ok
15:33:17.0869 1636 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:33:17.0896 1636 ProfSvc - ok
15:33:17.0918 1636 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:17.0931 1636 ProtectedStorage - ok
15:33:17.0942 1636 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:33:17.0968 1636 PSched - ok
15:33:18.0030 1636 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:33:18.0066 1636 ql2300 - ok
15:33:18.0101 1636 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:33:18.0114 1636 ql40xx - ok
15:33:18.0128 1636 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:33:18.0145 1636 QWAVE - ok
15:33:18.0162 1636 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:33:18.0176 1636 QWAVEdrv - ok
15:33:18.0190 1636 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:33:18.0224 1636 RasAcd - ok
15:33:18.0234 1636 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:33:18.0270 1636 RasAuto - ok
15:33:18.0291 1636 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:33:18.0318 1636 Rasl2tp - ok
15:33:18.0338 1636 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:33:18.0369 1636 RasMan - ok
15:33:18.0382 1636 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:33:18.0405 1636 RasPppoe - ok
15:33:18.0422 1636 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:33:18.0434 1636 RasSstp - ok
15:33:18.0447 1636 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:33:18.0471 1636 rdbss - ok
15:33:18.0487 1636 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:33:18.0519 1636 RDPCDD - ok
15:33:18.0554 1636 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:33:18.0586 1636 rdpdr - ok
15:33:18.0590 1636 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:33:18.0615 1636 RDPENCDD - ok
15:33:18.0663 1636 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:33:18.0674 1636 RDPWD - ok
15:33:18.0706 1636 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:33:18.0733 1636 RemoteAccess - ok
15:33:18.0751 1636 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:33:18.0772 1636 RemoteRegistry - ok
15:33:18.0830 1636 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
15:33:18.0838 1636 rpcapd - ok
15:33:18.0868 1636 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:33:18.0879 1636 RpcLocator - ok
15:33:18.0939 1636 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:33:18.0968 1636 RpcSs - ok
15:33:18.0999 1636 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:33:19.0028 1636 rspndr - ok
15:33:19.0072 1636 RTL8169 (c6701c5f6781d7ded9208a4d554ac37b) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:33:19.0121 1636 RTL8169 - ok
15:33:19.0125 1636 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:19.0139 1636 SamSs - ok
15:33:19.0160 1636 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:33:19.0172 1636 sbp2port - ok
15:33:19.0197 1636 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:33:19.0222 1636 SCardSvr - ok
15:33:19.0275 1636 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:33:19.0298 1636 Schedule - ok
15:33:19.0316 1636 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:33:19.0339 1636 SCPolicySvc - ok
15:33:19.0345 1636 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:33:19.0360 1636 SDRSVC - ok
15:33:19.0381 1636 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:33:19.0433 1636 secdrv - ok
15:33:19.0437 1636 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:33:19.0474 1636 seclogon - ok
15:33:19.0484 1636 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
15:33:19.0520 1636 SENS - ok
15:33:19.0528 1636 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
15:33:19.0565 1636 Serenum - ok
15:33:19.0587 1636 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
15:33:19.0622 1636 Serial - ok
15:33:19.0638 1636 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:33:19.0672 1636 sermouse - ok
15:33:19.0697 1636 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:33:19.0734 1636 SessionEnv - ok
15:33:19.0745 1636 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:33:19.0779 1636 sffdisk - ok
15:33:19.0796 1636 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:33:19.0828 1636 sffp_mmc - ok
15:33:19.0843 1636 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:33:19.0874 1636 sffp_sd - ok
15:33:19.0926 1636 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:33:19.0973 1636 sfloppy - ok
15:33:20.0015 1636 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
15:33:20.0052 1636 SharedAccess - ok
15:33:20.0100 1636 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:33:20.0116 1636 ShellHWDetection - ok
15:33:20.0144 1636 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:33:20.0156 1636 SiSRaid2 - ok
15:33:20.0179 1636 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:33:20.0191 1636 SiSRaid4 - ok
15:33:20.0281 1636 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:33:20.0366 1636 slsvc - ok
15:33:20.0429 1636 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:33:20.0458 1636 SLUINotify - ok
15:33:20.0469 1636 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:33:20.0496 1636 Smb - ok
15:33:20.0501 1636 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:33:20.0516 1636 SNMPTRAP - ok
15:33:20.0532 1636 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:33:20.0545 1636 spldr - ok
15:33:20.0580 1636 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:33:20.0597 1636 Spooler - ok
15:33:20.0659 1636 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:33:20.0678 1636 srv - ok
15:33:20.0728 1636 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:33:20.0743 1636 srv2 - ok
15:33:20.0775 1636 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:33:20.0790 1636 srvnet - ok
15:33:20.0821 1636 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:33:20.0859 1636 SSDPSRV - ok
15:33:20.0902 1636 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:33:20.0918 1636 SstpSvc - ok
15:33:20.0946 1636 Steam Client Service - ok
15:33:21.0017 1636 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:33:21.0035 1636 Stereo Service - ok
15:33:21.0091 1636 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:33:21.0116 1636 stisvc - ok
15:33:21.0176 1636 StMp3Recx64 (63b2818651f111b08288b8ab7d2debf6) C:\Windows\system32\Drivers\StMp3Recx64.sys
15:33:21.0187 1636 StMp3Recx64 - ok
15:33:21.0206 1636 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:33:21.0217 1636 swenum - ok
15:33:21.0261 1636 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:33:21.0297 1636 swprv - ok
15:33:21.0327 1636 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:33:21.0340 1636 Symc8xx - ok
15:33:21.0355 1636 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:33:21.0370 1636 Sym_hi - ok
15:33:21.0391 1636 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:33:21.0405 1636 Sym_u3 - ok
15:33:21.0475 1636 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:33:21.0515 1636 SysMain - ok
15:33:21.0537 1636 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:33:21.0553 1636 TabletInputService - ok
15:33:21.0580 1636 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:33:21.0606 1636 TapiSrv - ok
15:33:21.0624 1636 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:33:21.0655 1636 TBS - ok
15:33:21.0746 1636 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:33:21.0780 1636 Tcpip - ok
15:33:21.0899 1636 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:33:21.0931 1636 Tcpip6 - ok
15:33:22.0013 1636 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:33:22.0022 1636 tcpipreg - ok
15:33:22.0036 1636 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:33:22.0060 1636 TDPIPE - ok
15:33:22.0075 1636 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:33:22.0099 1636 TDTCP - ok
15:33:22.0122 1636 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:33:22.0140 1636 tdx - ok
15:33:22.0156 1636 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:33:22.0165 1636 TermDD - ok
15:33:22.0206 1636 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:33:22.0234 1636 TermService - ok
15:33:22.0282 1636 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:33:22.0293 1636 Themes - ok
15:33:22.0316 1636 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:33:22.0343 1636 THREADORDER - ok
15:33:22.0354 1636 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:33:22.0382 1636 TrkWks - ok
15:33:22.0405 1636 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:33:22.0425 1636 TrustedInstaller - ok
15:33:22.0437 1636 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:33:22.0466 1636 tssecsrv - ok
15:33:22.0469 1636 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:33:22.0483 1636 tunmp - ok
15:33:22.0514 1636 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:33:22.0524 1636 tunnel - ok
15:33:22.0548 1636 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:33:22.0558 1636 uagp35 - ok
15:33:22.0600 1636 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:33:22.0622 1636 udfs - ok
15:33:22.0629 1636 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:33:22.0658 1636 UI0Detect - ok
15:33:22.0682 1636 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:33:22.0693 1636 uliagpkx - ok
15:33:22.0723 1636 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:33:22.0735 1636 uliahci - ok
15:33:22.0757 1636 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:33:22.0766 1636 UlSata - ok
15:33:22.0784 1636 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:33:22.0792 1636 ulsata2 - ok
15:33:22.0822 1636 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:33:22.0846 1636 umbus - ok
15:33:22.0870 1636 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:33:22.0897 1636 upnphost - ok
15:33:22.0938 1636 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:33:22.0956 1636 usbccgp - ok
15:33:22.0975 1636 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:33:23.0012 1636 usbcir - ok
15:33:23.0044 1636 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:33:23.0064 1636 usbehci - ok
15:33:23.0076 1636 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:33:23.0096 1636 usbhub - ok
15:33:23.0115 1636 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:33:23.0156 1636 usbohci - ok
15:33:23.0172 1636 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:33:23.0200 1636 usbprint - ok
15:33:23.0237 1636 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:33:23.0256 1636 usbscan - ok
15:33:23.0288 1636 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:33:23.0312 1636 USBSTOR - ok
15:33:23.0318 1636 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:33:23.0336 1636 usbuhci - ok
15:33:23.0340 1636 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:33:23.0361 1636 UxSms - ok
15:33:23.0405 1636 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:33:23.0428 1636 vds - ok
15:33:23.0445 1636 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:33:23.0469 1636 vga - ok
15:33:23.0482 1636 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:33:23.0507 1636 VgaSave - ok
15:33:23.0536 1636 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:33:23.0544 1636 viaide - ok
15:33:23.0549 1636 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:33:23.0560 1636 volmgr - ok
15:33:23.0601 1636 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:33:23.0619 1636 volmgrx - ok
15:33:23.0660 1636 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:33:23.0673 1636 volsnap - ok
15:33:23.0708 1636 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:33:23.0718 1636 vsmraid - ok
15:33:23.0779 1636 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:33:23.0817 1636 VSS - ok
15:33:23.0928 1636 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:33:23.0954 1636 W32Time - ok
15:33:23.0990 1636 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:33:24.0034 1636 WacomPen - ok
15:33:24.0058 1636 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:33:24.0079 1636 Wanarp - ok
15:33:24.0081 1636 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:33:24.0101 1636 Wanarpv6 - ok
15:33:24.0135 1636 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:33:24.0155 1636 wcncsvc - ok
15:33:24.0191 1636 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:33:24.0211 1636 WcsPlugInService - ok
15:33:24.0235 1636 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:33:24.0244 1636 Wd - ok
15:33:24.0281 1636 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:33:24.0305 1636 Wdf01000 - ok
15:33:24.0341 1636 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:33:24.0373 1636 WdiServiceHost - ok
15:33:24.0375 1636 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:33:24.0408 1636 WdiSystemHost - ok
15:33:24.0425 1636 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:33:24.0443 1636 WebClient - ok
15:33:24.0488 1636 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:33:24.0502 1636 Wecsvc - ok
15:33:24.0520 1636 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:33:24.0545 1636 wercplsupport - ok
15:33:24.0555 1636 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:33:24.0580 1636 WerSvc - ok
15:33:24.0589 1636 WinDefend - ok
15:33:24.0593 1636 WinHttpAutoProxySvc - ok
15:33:24.0622 1636 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:33:24.0651 1636 Winmgmt - ok
15:33:24.0765 1636 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:33:24.0815 1636 WinRM - ok
15:33:24.0898 1636 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:33:24.0920 1636 Wlansvc - ok
15:33:24.0939 1636 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:33:24.0958 1636 WmiAcpi - ok
15:33:24.0971 1636 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:33:24.0992 1636 wmiApSrv - ok
15:33:25.0010 1636 WMPNetworkSvc - ok
15:33:25.0039 1636 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:33:25.0051 1636 WPCSvc - ok
15:33:25.0098 1636 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:33:25.0110 1636 WPDBusEnum - ok
15:33:25.0159 1636 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:33:25.0169 1636 WpdUsb - ok
15:33:25.0194 1636 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:33:25.0217 1636 ws2ifsl - ok
15:33:25.0252 1636 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
15:33:25.0265 1636 wscsvc - ok
15:33:25.0296 1636 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:33:25.0314 1636 WSDPrintDevice - ok
15:33:25.0317 1636 WSearch - ok
15:33:25.0437 1636 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:33:25.0513 1636 wuauserv - ok
15:33:25.0572 1636 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:33:25.0599 1636 WUDFRd - ok
15:33:25.0611 1636 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:33:25.0638 1636 wudfsvc - ok
15:33:25.0653 1636 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:33:25.0872 1636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:33:25.0872 1636 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:33:25.0875 1636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:33:26.0426 1636 \Device\Harddisk1\DR1 - ok
15:33:26.0429 1636 Boot (0x1200) (c1bd420b7afb25289665843d7bb8f0d5) \Device\Harddisk0\DR0\Partition0
15:33:26.0430 1636 \Device\Harddisk0\DR0\Partition0 - ok
15:33:26.0433 1636 Boot (0x1200) (aa4101bb5cce97200f7d825f0a1faa86) \Device\Harddisk1\DR1\Partition0
15:33:26.0436 1636 \Device\Harddisk1\DR1\Partition0 - ok
15:33:26.0436 1636 ============================================================
15:33:26.0436 1636 Scan finished
15:33:26.0436 1636 ============================================================
15:33:26.0444 2548 Detected object count: 3
15:33:26.0444 2548 Actual detected object count: 3
15:34:02.0970 2548 LicCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:02.0970 2548 LicCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:34:02.0971 2548 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:02.0971 2548 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:34:02.0972 2548 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:34:02.0972 2548 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP