Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Bitminer [Solved]

Started by Adam2013 , Feb 18 2013 08:03 AM

  • This topic is locked This topic is locked

#1
Adam2013
Posted 18 February 2013 - 08:03 AM

Adam2013

    Member

  • Member
  • PipPip
  • 10 posts
Recently I downloaded a .exe which seemed to be safe but in fact infected my PC with a Trojan.Bitminer and nocked out my Windows Firewall as well as making my graphics card go to temperatures of 81c.

After much struggle I got my Windows FIrewall back up and got Malwarebytes to find and quarantine it. I keep trying to remove it and Malwarebytes asks me to restart my PC and every time I do all I get is Malwarebytes saying its blocked it again.

For this reason I thought it might be an injector so I backed up and went through my registry looking for the code and found nothing.

I then went to the internet and found a post similar to mine on this forum but the persons Malwarbytes seemed to remove theirs first time. As I cannot find any other thread with this virus im asking for your help :)

I will attach a DDS file because I saw in the other thread he required this along with a log from Malwarebytes.

This is the Malwarebytes log:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

18/02/2013 13:48:16
MBAM-log-2013-02-18 (14-01-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209655
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\User\Local Settings\Temporary Internet Files\Content.IE5\T6RBMKFU\svchost[1].exe (Trojan.Bitminer) -> No action taken.

(end)
  • 0

Advertisements

#2
Essexboy
Posted 18 February 2013 - 08:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a quick look see

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Adam2013
Posted 18 February 2013 - 09:40 AM

Adam2013

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here are the logs you requested. Also thank you for replying :)

OTL.txt:
OTL logfile created on: 18/02/2013 15:08:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.96 Gb Total Physical Memory | 12.76 Gb Available Physical Memory | 79.94% Memory free
31.92 Gb Paging File | 28.32 Gb Available in Paging File | 88.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1027.00 Gb Free Space | 55.13% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 15:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/02/15 00:39:10 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/24 22:50:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe
PRC - [2012/10/15 20:27:56 | 000,108,544 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2012/09/12 07:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2012/01/05 11:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/08 06:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
PRC - [2010/06/28 09:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
PRC - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/18 14:08:13 | 000,192,512 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/02/18 14:08:13 | 000,158,720 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/02/13 00:34:42 | 012,638,576 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2012/10/15 20:28:38 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2012/10/15 20:28:36 | 011,998,208 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2012/10/15 20:28:30 | 000,386,560 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2012/10/15 20:28:30 | 000,185,856 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2012/10/15 20:28:30 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/10/15 20:28:30 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/10/15 20:28:30 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2012/10/15 20:28:30 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2012/10/15 20:28:28 | 001,887,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2012/10/15 20:28:28 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2012/10/15 20:28:28 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2012/10/15 20:28:28 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2012/10/15 20:28:26 | 001,719,296 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2012/10/15 20:28:26 | 001,318,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2012/10/15 20:28:26 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2012/10/15 20:28:26 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2012/10/15 20:28:26 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2012/10/15 20:28:24 | 009,263,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2012/10/15 20:28:24 | 000,372,224 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2012/10/15 20:28:24 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2012/10/15 20:28:20 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
MOD - [2012/10/15 20:28:20 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2012/10/15 20:28:20 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2012/10/15 20:28:20 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2012/10/15 20:28:18 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2012/10/15 20:28:18 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2012/10/15 20:28:18 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2012/10/15 20:28:16 | 000,379,392 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2012/10/15 20:28:14 | 001,544,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2012/10/15 20:28:14 | 001,518,080 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,182,272 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2012/10/15 20:28:14 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2012/10/15 20:28:12 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2012/10/15 20:28:10 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
MOD - [2012/10/15 20:28:10 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
MOD - [2012/10/15 20:28:08 | 001,238,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2012/10/15 20:28:08 | 000,288,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
MOD - [2012/10/15 20:28:08 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
MOD - [2012/10/15 20:28:08 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2012/10/15 20:28:08 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,703,488 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,056,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2012/10/15 20:28:06 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2012/10/15 20:28:04 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2012/10/15 20:28:02 | 000,258,560 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2012/10/15 20:28:02 | 000,219,648 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2012/10/15 20:28:02 | 000,157,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2012/10/15 20:28:00 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2012/10/15 20:28:00 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2012/10/15 20:28:00 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2012/10/15 20:28:00 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2012/10/15 20:28:00 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2012/10/15 20:27:58 | 000,724,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2012/10/15 20:27:58 | 000,440,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2012/10/15 20:27:58 | 000,198,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2012/10/15 20:27:58 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2012/10/15 20:27:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2012/10/15 20:27:56 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012/05/30 14:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2011/11/08 06:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/01/10 14:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/12/08 15:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/17 18:18:47 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/11 23:32:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/02/04 19:52:50 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/24 22:50:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/06/28 09:51:00 | 000,211,808 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010/06/28 09:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Tenda\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/11 02:18:07 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/06 11:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/20 04:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/20 04:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/07 01:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/24 07:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 19:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/06 15:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/20 10:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/07/20 10:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 14:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/01/06 08:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/01/06 08:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/01/05 11:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 11:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 11:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/11 22:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 15:02:44 | 000,066,160 | ---- | M] (Giga-Byte Technology CO., LTD.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys -- (VirtDiskBus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/14 14:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 23:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 22:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/30 22:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV - [2013/01/21 15:33:44 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/01/16 17:46:45 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 17:46:45 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\eng64.sys -- (NAVENG)
DRV - [2013/01/16 02:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/12 19:13:35 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/11 16:34:02 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130126.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/10 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/07/27 13:02:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 F7 AC ED 61 88 CD 01 [binary data]
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\..\SearchScopes\{3C86EBD6-35F2-45BC-97A2-565F661FABE3}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\..\SearchScopes\{62797A94-95CB-47c9-A188-67005302F5E8}: "URL" = http://uk.search.yah...evm&type=IEBDSV
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\..\SearchScopes\{D3566D1F-8F42-408d-8BED-A48BB259BC1C}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/02/18 14:08:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/01/13 03:05:13 | 000,000,000 | ---D | M]

[2012/10/18 16:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/18 16:11:48 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Poper Blocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche\1.62_0\
CHR - Extension: Adblock Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.2_0\
CHR - Extension: Minecraft Theme = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnmkpgipfeflohebgbmbjpeopbiioin\1_0\
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Yahoo Mail Checker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbgodfidfimmjgeapafonbdkkkndpmp\1.4.1_0\
CHR - Extension: Minecraft Wiki Searcher = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kffllhckohamkhicfkcncgjekbbfmbji\0.3_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Norton Identity Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: Auto Refresh Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.21_0\
CHR - Extension: 4chan Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\

O1 HOSTS File: ([2013/02/11 20:07:17 | 000,006,764 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 65.52.240.48
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com
O1 - Hosts: 123 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-559612745-3904666825-1817983461-1000\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe] C:\Users\User\AppData\Roaming\AdobeUpdater\color.vbe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [GMouse] C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-559612745-3904666825-1817983461-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDEEB9B-2E4B-46EE-AF3E-028518C1ED4C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 15:09:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013/02/18 15:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/18 13:37:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.com
[2013/02/16 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AdobeUpdater
[2013/02/16 18:10:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\cod clips
[2013/02/16 17:29:42 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\F3 patch 1.7
[2013/02/16 00:35:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/02/14 17:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2013/02/14 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2013/02/13 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\f3 mods
[2013/02/12 19:10:00 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/12 19:10:00 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/12 19:10:00 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/12 19:05:04 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/12 19:04:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/12 19:04:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/12 19:04:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/12 19:04:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/12 19:04:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/12 19:04:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/12 19:04:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/12 19:04:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/12 19:04:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/12 19:04:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/12 19:04:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/12 19:04:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/12 19:04:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/12 19:04:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/12 19:04:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/12 19:03:35 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/12 19:03:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/12 19:03:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/12 19:03:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/12 19:03:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/12 19:03:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/11 23:32:56 | 002,902,498 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013/02/11 23:32:56 | 001,940,992 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013/02/11 23:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013/02/11 23:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013/02/11 23:30:30 | 000,497,664 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\CTAPO32.dll
[2013/02/11 23:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013/02/11 23:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/02/11 22:14:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\savegame
[2013/02/11 20:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2013/02/11 20:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/11 20:29:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Abode After Effects CS5.5
[2013/02/08 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\LEGO Creations
[2013/02/08 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LEGO Company
[2013/02/08 22:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
[2013/02/08 22:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company
[2013/02/07 18:21:17 | 000,059,392 | ---- | C] (Technic) -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/02/06 19:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/06 19:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/06 19:01:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/04 19:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013/02/04 18:36:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DayZCommander
[2013/02/04 18:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013/02/02 02:15:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/02 02:15:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/02 02:15:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/02 02:15:36 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/31 17:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2013/01/31 17:31:02 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll
[2013/01/31 17:31:02 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2013/01/31 17:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2013/01/31 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Dxtory Software
[2013/01/30 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/01/30 19:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
[2013/01/29 21:12:38 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Games for Windows - LIVE Demos
[2013/01/26 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/01/26 19:25:17 | 001,304,032 | ---- | C] (techPowerUp (www.techpowerup.com)) -- C:\Users\User\Desktop\GPU-Z.0.6.7.exe
[2013/01/26 17:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/01/26 17:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/01/26 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/01/26 17:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/01/24 18:24:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\FTB
[2013/01/21 15:28:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Tekkit Stuff
[2013/01/21 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\College
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 15:10:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013/02/18 15:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/18 15:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/18 14:44:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000UA.job
[2013/02/18 14:11:12 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 14:11:12 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 14:06:20 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/18 14:05:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/18 14:05:03 | 4265,127,934 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/18 13:37:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.com
[2013/02/18 00:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000Core.job
[2013/02/17 23:54:30 | 005,798,808 | ---- | M] () -- C:\Users\User\Desktop\Fleet Foxes - Tiger Mountain Peasant Song (Cover).mp3
[2013/02/17 21:12:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/17 21:12:53 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/17 21:12:53 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/17 20:50:04 | 000,075,027 | ---- | M] () -- C:\Users\User\Desktop\66963_502739726431095_858533673_n.jpg
[2013/02/17 20:43:50 | 000,094,359 | ---- | M] () -- C:\Users\User\Desktop\223448_502739733097761_476356545_n.jpg
[2013/02/17 18:18:47 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/17 18:18:47 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/16 19:21:33 | 000,007,661 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/02/16 18:33:47 | 093,749,015 | ---- | M] () -- C:\Users\User\Desktop\crysis 3 clips rendered.mp4
[2013/02/16 18:29:46 | 000,106,567 | ---- | M] () -- C:\Users\User\Desktop\Untitled.camproj
[2013/02/14 17:49:55 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/12 23:05:02 | 005,059,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 23:04:27 | 001,607,517 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/02/12 19:33:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/12 19:10:00 | 005,553,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/12 19:10:00 | 003,967,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/12 19:10:00 | 003,913,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/12 19:05:04 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/12 19:04:41 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/12 19:04:41 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/12 19:04:41 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/12 19:04:41 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/12 19:04:41 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/12 19:04:41 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/12 19:04:41 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/12 19:04:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/12 19:04:41 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/12 19:04:41 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/12 19:04:40 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/12 19:04:40 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/12 19:04:40 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/12 19:04:40 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/12 19:04:40 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/12 19:03:36 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/12 19:03:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/12 19:03:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/12 19:03:35 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/12 19:03:35 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/12 19:03:35 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/11 23:32:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/02/11 23:32:58 | 000,123,480 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013/02/11 23:32:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/02/11 23:32:57 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013/02/11 23:30:40 | 000,000,314 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/02/11 21:01:30 | 000,001,242 | ---- | M] () -- C:\Users\User\Desktop\Adobe After Effects CS5.5.lnk
[2013/02/11 20:07:17 | 000,006,764 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/10 22:07:17 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\Random Clips.lnk
[2013/02/09 19:30:03 | 004,458,120 | ---- | M] () -- C:\Users\User\Desktop\DayZ Heavy Metal Farmer.mp4
[2013/02/07 22:29:54 | 005,812,633 | ---- | M] () -- C:\Users\User\Desktop\Justice - D.A.N.C.E. (Official Video).mp3
[2013/02/07 18:21:18 | 000,059,392 | ---- | M] (Technic) -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/02/06 23:37:37 | 000,001,084 | ---- | M] () -- C:\Users\User\Desktop\OrangeAClock.lnk
[2013/02/06 19:09:37 | 001,921,018 | ---- | M] () -- C:\Users\User\Desktop\It Rains - Crunch Test With Brian 2.25 Rendered.mp3
[2013/02/05 18:06:34 | 012,291,556 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-12-48-81.avi
[2013/02/05 18:05:48 | 030,805,868 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-02-18-41.avi
[2013/02/04 19:51:10 | 000,001,406 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/02/02 23:32:28 | 014,704,506 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-02 21-09-04-20.avi
[2013/02/02 02:15:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/02 02:15:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/02 02:15:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/02 02:15:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/02 02:15:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/02 02:15:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/01/31 23:18:59 | 248,091,136 | ---- | M] () -- C:\Users\User\Desktop\other rocket stuff.avi
[2013/01/31 23:03:59 | 331,681,708 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 21-23-37-06.avi
[2013/01/31 20:47:12 | 060,067,292 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 19-51-40-12.avi
[2013/01/31 17:52:29 | 000,001,940 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/31 17:52:28 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/31 17:31:06 | 000,001,182 | ---- | M] () -- C:\Users\User\Desktop\Dxtory.lnk
[2013/01/31 02:48:15 | 000,001,054 | ---- | M] () -- C:\Users\User\AppData\Roaming\Network Meter_Settings.ini
[2013/01/31 02:47:19 | 000,000,842 | ---- | M] () -- C:\Users\User\AppData\Roaming\Drives Meter_Settings.ini
[2013/01/31 02:47:05 | 000,000,579 | ---- | M] () -- C:\Users\User\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/01/29 17:52:27 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/01/29 17:52:25 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/01/26 19:30:26 | 000,001,007 | ---- | M] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2013/01/26 19:30:23 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/01/26 19:25:26 | 001,304,032 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Users\User\Desktop\GPU-Z.0.6.7.exe
[2013/01/25 20:24:38 | 000,764,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/25 17:04:54 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/25 17:04:11 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 18:24:21 | 000,537,171 | ---- | M] () -- C:\Users\User\Desktop\FTB_Launcher.exe
[2013/01/24 17:02:41 | 000,703,117 | ---- | M] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar
[2013/01/21 15:33:44 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
[2013/01/19 15:35:16 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/01/19 15:35:16 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/17 23:54:25 | 005,798,808 | ---- | C] () -- C:\Users\User\Desktop\Fleet Foxes - Tiger Mountain Peasant Song (Cover).mp3
[2013/02/17 20:43:49 | 000,094,359 | ---- | C] () -- C:\Users\User\Desktop\223448_502739733097761_476356545_n.jpg
[2013/02/17 20:43:41 | 000,075,027 | ---- | C] () -- C:\Users\User\Desktop\66963_502739726431095_858533673_n.jpg
[2013/02/16 18:33:34 | 093,749,015 | ---- | C] () -- C:\Users\User\Desktop\crysis 3 clips rendered.mp4
[2013/02/14 17:49:55 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/11 23:30:40 | 000,025,262 | ---- | C] () -- C:\Windows\SysNative\xfisk.ini
[2013/02/11 23:30:40 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
[2013/02/11 23:30:30 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2013/02/11 23:30:30 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2013/02/11 23:30:26 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013/02/11 23:30:26 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/02/11 23:30:26 | 000,083,456 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013/02/11 23:30:26 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/02/11 23:30:26 | 000,000,314 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/02/11 20:48:42 | 000,001,242 | ---- | C] () -- C:\Users\User\Desktop\Adobe After Effects CS5.5.lnk
[2013/02/11 20:43:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.5.lnk
[2013/02/11 20:42:45 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.5.lnk
[2013/02/11 20:42:31 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2013/02/11 20:42:09 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.5.lnk
[2013/02/11 20:41:39 | 000,001,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2013/02/11 20:41:33 | 000,001,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.6.lnk
[2013/02/11 20:39:53 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2013/02/11 20:39:42 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2013/02/11 20:38:55 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/02/09 19:04:42 | 004,458,120 | ---- | C] () -- C:\Users\User\Desktop\DayZ Heavy Metal Farmer.mp4
[2013/02/07 22:29:49 | 005,812,633 | ---- | C] () -- C:\Users\User\Desktop\Justice - D.A.N.C.E. (Official Video).mp3
[2013/02/06 23:37:33 | 000,001,084 | ---- | C] () -- C:\Users\User\Desktop\OrangeAClock.lnk
[2013/02/06 23:36:12 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\Random Clips.lnk
[2013/02/06 19:09:36 | 001,921,018 | ---- | C] () -- C:\Users\User\Desktop\It Rains - Crunch Test With Brian 2.25 Rendered.mp3
[2013/02/05 18:06:21 | 012,291,556 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-12-48-81.avi
[2013/02/05 18:05:23 | 030,805,868 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-02-18-41.avi
[2013/02/04 18:36:35 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/02/02 23:54:58 | 000,106,567 | ---- | C] () -- C:\Users\User\Desktop\Untitled.camproj
[2013/02/02 23:32:17 | 014,704,506 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-02 21-09-04-20.avi
[2013/01/31 23:13:50 | 248,091,136 | ---- | C] () -- C:\Users\User\Desktop\other rocket stuff.avi
[2013/01/31 22:59:15 | 331,681,708 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 21-23-37-06.avi
[2013/01/31 20:46:20 | 060,067,292 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 19-51-40-12.avi
[2013/01/31 17:52:29 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/31 17:52:29 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013/01/31 17:52:29 | 000,001,940 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/31 17:31:06 | 000,001,182 | ---- | C] () -- C:\Users\User\Desktop\Dxtory.lnk
[2013/01/31 02:47:19 | 000,000,842 | ---- | C] () -- C:\Users\User\AppData\Roaming\Drives Meter_Settings.ini
[2013/01/31 02:47:05 | 000,000,579 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/01/31 02:39:12 | 000,001,054 | ---- | C] () -- C:\Users\User\AppData\Roaming\Network Meter_Settings.ini
[2013/01/26 19:30:26 | 000,001,007 | ---- | C] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2013/01/25 17:04:54 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/24 18:23:36 | 000,537,171 | ---- | C] () -- C:\Users\User\Desktop\FTB_Launcher.exe
[2012/12/24 22:40:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/11/21 13:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/18 19:17:11 | 000,000,083 | ---- | C] () -- C:\Program Files (x86)\update-NFSMW2012.bat
[2012/11/08 16:42:06 | 000,703,117 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar
[2012/11/08 16:42:06 | 000,703,007 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar.bak
[2012/10/13 11:58:34 | 000,007,661 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2012/10/05 21:54:20 | 000,000,079 | ---- | C] () -- C:\Users\User\AppData\Local\CrystalDiskMark30.ini
[2012/10/03 18:29:25 | 000,018,944 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/08/05 08:43:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/05 08:43:44 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/08/05 08:43:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/05 08:43:39 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/08/01 15:05:59 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/08/01 15:05:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/31 14:06:30 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/31 14:06:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/27 14:03:57 | 000,764,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 13:19:57 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/07/27 13:19:20 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/07/27 13:19:20 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/07/26 14:57:39 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/07/26 14:23:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/26 13:40:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/12/11 20:28:34 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/11 20:28:34 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/12/11 20:28:35 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/21 03:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 03:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 22:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 05:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 04:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 03:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 03:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 03:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 17:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 06:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 03:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 03:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 01:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 03:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 03:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 03:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 03:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 03:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 03:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 05:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 03:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 03:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 03:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 03:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 03:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 03:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 03:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/12/11 20:28:34 | 000,219,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 03:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 03:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2012/08/26 01:39:26 | 000,000,026 | ---- | M] () MD5=06286C93E26B25E81D87635F24E4F6ED -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-0-learning\desk-25.corporate.com\services
[2012/08/26 01:39:36 | 000,000,028 | ---- | M] () MD5=0FA008A584C6258FF8DE576E12DA88C8 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-0-learning\secure.corp.net\services
[2012/08/26 01:38:21 | 000,000,017 | ---- | M] () MD5=11479A2FF23146A3D82ADABFA2533184 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\he-level-1\xenti-design.com\services
[2012/08/26 01:39:19 | 000,000,027 | ---- | M] () MD5=26AC9903119170D5075E6E0C61651989 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\2-45.gsm\services
[2012/08/26 01:39:19 | 000,000,032 | ---- | M] () MD5=2F29EDD53B41A54A568A65F88D813675 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\243.143.35.99\services
[2012/08/26 01:39:26 | 000,000,047 | ---- | M] () MD5=328314E9568DDBEB7F700D181B7A0989 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\xenti-com.net\services
[2012/08/26 01:39:34 | 000,000,029 | ---- | M] () MD5=34A789D32EF20D4B66DB595C382FC2D2 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\ctrl-45.citycom.net\services
[2012/08/26 01:39:16 | 000,000,021 | ---- | M] () MD5=3557402340A5E1AD86884765ECAD7227 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\camera-35.citycom.net\services
[2012/08/26 01:38:25 | 000,000,023 | ---- | M] () MD5=3B85D69665A4413C733790F0855B36D1 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\tutorial\hacker-evolution.com\services
[2012/08/26 01:38:24 | 000,000,024 | ---- | M] () MD5=40BDAF26800FEEFB097CB79DA24EA35F -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\he-level-1\dot-hackers.net\services
[2012/08/26 01:38:21 | 000,000,021 | ---- | M] () MD5=42BE429451DAE055755B1798C83EFB75 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\tutorial\user.hacker-evolution.com\services
[2012/08/26 01:39:14 | 000,000,028 | ---- | M] () MD5=45A06767D8C3694BFA729E517739C2A1 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\45-2011.tower.gsm\services
[2012/08/26 01:39:22 | 000,000,017 | ---- | M] () MD5=529DD5DA2EAABCC2732650D286E86228 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\node.citycom.net\services
[2012/08/26 01:38:25 | 000,000,024 | ---- | M] () MD5=588481062A6C3335F19574B2865C92B6 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\tutorial\atm.hacker-evolution.com\services
[2012/08/26 01:38:27 | 000,000,027 | ---- | M] () MD5=5CE092CBD735F6B750AB5D3F0488B1FF -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\he-level-1\xenti.com\services
[2012/08/26 01:38:27 | 000,000,048 | ---- | M] () MD5=681812DA53949E020506738380507056 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\he-level-1\files.fsa.gov\services
[2012/08/26 01:39:34 | 000,000,030 | ---- | M] () MD5=6BAEE943229AAAC2AB8D4B6F334BDA1F -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\atm.central-bank.com\services
[2012/08/26 01:39:34 | 000,000,021 | ---- | M] () MD5=70C328FE4888B5DBB116521232A84866 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\wireless.cafe.com\services
[2012/08/26 01:39:33 | 000,000,066 | ---- | M] () MD5=754D2B9C18C7F1EFF6FF986603EBA447 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-0-learning\main.corporate.com\services
[2012/08/26 01:39:23 | 000,000,017 | ---- | M] () MD5=77D0BD6F88AA213975948D0763FED008 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-0-learning\desk-11.corporate.com\services
[2012/08/26 01:39:22 | 000,000,018 | ---- | M] () MD5=7B0088AAF594BB643854CE75ADF265BC -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\xenti-com.net\services
[2012/08/26 01:39:35 | 000,000,030 | ---- | M] () MD5=7C4264C33727FB041E000D432A485C39 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\channel-9.45.gsm\services
[2012/08/26 01:38:29 | 000,000,024 | ---- | M] () MD5=7D6EA4C34F6A0C472A25EAB97B7524A3 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\tutorial\sec.hacker-evolution.com\services
[2012/08/26 01:38:28 | 000,000,019 | ---- | M] () MD5=96244416125C75CA55176C7125351D06 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\he-level-1\terminal-83.xenti.com\services
[2012/08/26 01:39:31 | 000,000,043 | ---- | M] () MD5=974E1556DEEE6F3252BF8C81F955B3D8 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\link-245.satellite.military\services
[2012/08/26 01:39:09 | 000,000,019 | ---- | M] () MD5=D73EAE5D4694D995710AB49B96CDACF3 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-0-learning\secret.exosyphen.com\services
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2012/08/26 01:39:15 | 000,000,023 | ---- | M] () MD5=DF3648634294BFF5BA38D0A5D2D990D4 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\channel-2.99.gsm\services
[2012/08/26 01:39:36 | 000,000,023 | ---- | M] () MD5=DF3648634294BFF5BA38D0A5D2D990D4 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-2\channel-6.45.gsm\services
[2012/08/26 01:39:28 | 000,000,046 | ---- | M] () MD5=EC2AC8FAC86C579F14E464AFF06E0278 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\pcrs.citycom.net\services
[2012/08/26 01:38:21 | 000,000,024 | ---- | M] () MD5=EC806181E2C41B4B2223FCFA4A6740F5 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\tutorial\core.hacker-evolution.com\services
[2012/08/26 01:39:29 | 000,000,043 | ---- | M] () MD5=F275B09054433B580C855425CA0657B3 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution untold - demo\hemod-untold-demo\level-1-tutorial\channel-3.2-45.gsm\services
[2012/08/26 01:38:21 | 000,000,049 | ---- | M] () MD5=F48066555394243B5BEF1042A81E61D5 -- C:\Program Files (x86)\Steam\steamapps\common\hacker evolution - demo\hemod-hackerevolution\he-level-1\ny-exchange.com\services

< MD5 for: SERVICES.CFG >
[2012/12/18 19:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 08:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 08:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/08/05 21:50:53 | 000,000,134 | ---- | M] () MD5=D9E5E8226638234CF0DCEF5620C7DEAA -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EA9S5AAY\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 08:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 08:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 08:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 08:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.WHM >
[2012/07/28 17:05:30 | 000,003,675 | ---- | M] () MD5=28EBAA95EE14484EE5DAE93DA0EDD001 -- C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\pc\html\www.craplist.net\services.whm
[2012/07/30 04:40:35 | 000,003,676 | ---- | M] () MD5=C255226EECC185E54229D969DC73EC67 -- C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\pc\html\www.craplist.net\services.whm

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >



Extras.txt:

OTL Extras logfile created on: 18/02/2013 15:08:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.96 Gb Total Physical Memory | 12.76 Gb Available Physical Memory | 79.94% Memory free
31.92 Gb Paging File | 28.32 Gb Available in Paging File | 88.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1027.00 Gb Free Space | 55.13% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0688CE6E-5D29-4225-84ED-CB2F61E30B0D}" = rport=137 | protocol=17 | dir=out | app=system |
"{13F09FB9-6F73-4D10-93EA-A1B3D89828A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{184F5857-E267-4221-9220-50CFADD26569}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DF46FE6-5C30-463A-979A-D63DBB1FC43F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20E9A8BC-8F2B-4DEA-8346-D380327B60B7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{31AD3CC8-7A76-454B-8E35-0291FD59C508}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DFE02EC-6BDA-424E-9745-9D5A6F7BB5F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4296DA16-48C0-4647-8049-E6A087E6411F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4EC0D536-BD4C-4616-8D3E-C37DB08BC307}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E6B8879-197A-41DC-9EB4-7A84CEF0A2BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63F45594-1CC7-4201-AF71-AE5D39DCE8C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B41D545-086D-4806-94B8-F222F900D798}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EA43C23-BB17-4589-98B2-0D17E9212363}" = lport=137 | protocol=17 | dir=in | app=system |
"{71B812FF-4F25-456F-9009-20D8ADD063CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92049F3A-C527-4A9E-80D5-80EAA9B8BD1C}" = rport=139 | protocol=6 | dir=out | app=system |
"{9669C5C4-8B36-44B5-A57C-B3A7E27820A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9B1E45B1-1342-4476-BF25-281D8C54795C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A42C9BD6-FA34-4B3F-AE8B-141E12F361A0}" = rport=138 | protocol=17 | dir=out | app=system |
"{C29E3A7F-6FD9-4E05-9C2B-D5F88EE2586A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4606CA5-3556-438A-BB82-198E5232CD20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C94DA0D7-4D5C-411E-B635-2FBF092AF5CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{EC7FD673-7835-4874-967A-06D34D8AF880}" = lport=138 | protocol=17 | dir=in | app=system |
"{F11A7214-0495-4BF2-88D3-553E63D8755B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB5DB8EF-65FD-44B2-BFB9-E00FC7306360}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00902CDC-AF2D-48AE-B9C4-6E7ABF99AD10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{02C9CF50-77A6-41BB-B391-292399592ED6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\limbo\limbo.exe |
"{0458A6CA-5E7C-4B7D-B393-489A0F0296D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05675C1D-449F-410D-8BF3-D59DED068602}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{05AAE4DD-A7E4-4F25-90AF-D548C7B8A7C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{05C7575C-3B5F-49F3-9DC6-3D83F23082A0}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{098FD395-DC80-428A-A7E5-2FBCA112DB51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{09D172A6-9DBF-449F-A3BF-A8BF68CABDD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{0B388E56-73C7-4971-B97B-D183C6EE9116}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"{0BC0B23A-3324-4D6D-B9D9-212D2EA03DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{0E60A90B-9702-4A77-A334-3C9E73029859}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\limbo\limbo.exe |
"{0EB2A015-DE67-4F3B-B9AA-35D28A3D7CA6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0EE76928-CFB1-4DD1-B1BA-011F8DBD09B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{10BD9938-D566-40E8-8BD2-B316C1D15FF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{13A8C3B8-B469-4F30-A2AA-5E7CE2927C11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{143E450A-ECCD-4796-897F-45553B9A8B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{153071B4-53B4-4AC4-AD67-0FAFEB752DAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{1544AA5A-B92B-4254-8C7B-BB67A5AFF9C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{1947C185-14ED-4C3D-BFEA-CD61DAC1DBF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{1AA7B9A2-6190-48EA-B4E1-4C4D3A64DE6C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{1B38FC3C-DDEC-45F3-AFF0-D1E21A337927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{1F2CD724-5DCD-4179-BAD6-80AC158F5605}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{20B9337E-8220-458D-A467-0F68FEC353DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{214ECF4E-AD1B-4627-9AAB-802D9B326569}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution untold - demo\hacker evolution untold.exe |
"{22ACE71A-30F1-494C-86CC-EE058E1E3A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{23003910-DE0D-4CE6-92E8-BE3277D03056}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2315F454-4CE7-4E20-A1BA-5086D8C11F8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{24D90494-0947-4791-AF3C-53EA092BAF03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{25CE5651-F903-4A4B-8348-A5FA3399599F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{262341CB-2BB7-4359-A539-DB38CDA0E5F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{26694D5F-D05B-4CD2-BDEE-A2B8BFDC5626}" = protocol=1 | dir=in | [email protected],-28543 |
"{282A0309-5327-4B56-A2DD-C748165642CE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{285C00A0-4A7D-41D4-B158-7A6FE79EE25C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{2908BD80-239A-44C3-B66F-A907F000F831}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{2A38BBAE-162D-4DCE-B745-058F6FC4F433}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{2B506420-C46B-40BF-9196-6512D39AA17A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{2E1CF966-6320-4721-8C77-47B5119BDA80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{2E518896-D3E2-40C7-8F48-DC353DE60880}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{2EF648CA-E3B9-4C51-802B-BCF5F673AB30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{2EFB4A54-E035-4C08-9341-D491AC9A443A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{30F2784B-7EA0-4514-8EC2-A721ECA9CBFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{31ED8859-6ABF-4E1E-B3F2-06A44C3003A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{364B639A-99BD-4829-9CFF-54FD9C0976FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{36834773-9587-4E6B-8026-2C9B80C70EE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{36DB9A5C-AE90-4562-91A2-D487CB60D165}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{384118AB-BD1F-41AB-AAC7-754B71307016}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{386F7A12-775B-4899-B447-73313FFA5133}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{3C989E88-8681-4837-A7A8-8E56163AB1AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{3DF12A74-26FB-4DDA-B351-ED9B985E1207}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{3E219E8B-D32F-4A54-B8A9-2D1C82ED126B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3E2FE9F8-CE89-4756-88BD-FA94C5782C73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E5D326B-5F74-495A-A2CB-B5F6AB27C460}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"{3F0E5A1C-08E1-4DE8-9BC2-BEBD82DE7F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{46D5F0EC-25BA-44CE-8758-B50D4F2989D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{478CA25D-B2CB-45C1-90D7-3309CAB74398}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{47C78B07-094B-4F3F-8FB5-C687B5FD0A24}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil operation raccoon city\raccooncity.exe |
"{48F7907F-7C3F-4BFA-857E-4C849EE3644C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{4B91E942-D269-42D9-888C-C7AB894D8140}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"{4D76B143-D21F-4BCE-99A7-7B2420E9656D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4E708F2A-3D8C-4B78-AC04-1E75070AFB6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{4EAAC565-4E09-4195-8D61-893D0D00921E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{4EFD76E5-AF58-49E2-8EFB-B1013E2EBA73}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4F824822-8759-4CF9-BD19-75C9ABF19F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{51219225-D6FF-409B-9733-C13D246A9B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{537D97F9-B777-44B2-AE8D-7F1BB74576CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"{54478104-A42E-43BE-A296-41649F6FBE8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5489347C-2D85-4068-8C0E-2A33780D4F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{548E7EA7-278D-49D6-B014-CDF96D4487E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{57C4FE06-55A0-45DC-8B5F-86C92572102F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{58940834-86AF-4D31-8953-552F8143553F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{58A65630-6127-4CBB-A3FC-C9092983B18B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{5B5CDB90-6FED-4479-92F3-317DF4CBC746}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{5C2FB83A-63FE-4A09-B00B-06E217A6E41E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |
"{5DCF33F5-8CF9-4A40-A355-A585E9BC773A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{6049BB6F-CE69-4513-9721-E2EB1C1D1EF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution untold - demo\hacker evolution untold.exe |
"{60819F27-EFF6-4EF7-AB3F-A07EBA91034B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{620F671E-6118-40B6-B221-A02C5F62CF24}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{6330FBB6-01D0-49A9-B7FC-EB965D7F3278}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{64044BB9-07BE-4C73-AF8E-C6734937FBA8}" = protocol=58 | dir=in | [email protected],-28545 |
"{6410F5FE-39CC-47C0-BA13-CC5EE81302DC}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{65A214C2-457C-4A52-A6CB-BDAA44FD01ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{66065462-B64E-4AA5-9A3E-4B1A5DA2C1ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution duality demo\hacker evolution duality.exe |
"{66866C5C-7FB2-4B8A-A24D-61D91C066526}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{66EDC619-ABE1-47AE-8F14-FAA2E9A1A140}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{6C575F50-55C4-416E-BAC3-BD56688ACC7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{6D49737B-0E27-4016-A9C2-679FBED29CA6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6E28F4AF-10BF-4EC3-935C-F110948B2054}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{6EEA53D6-4BA1-4748-A2FA-B291DD10EFEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{6FB6EAC8-AF57-4FE8-A357-82FCBA003501}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{705F19CF-B195-4D02-916B-84202229B0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{70B21B68-4525-4875-9192-2D6041F5275D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{7109557C-9905-497D-9F0F-F80B059999E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{71307F52-A8E4-4230-BCF7-141169CFF80C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{72830C5B-3492-4C47-B364-10508E9C81C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{73BDD715-8A45-490D-9A85-7EABBE896A5E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{73E0AFA0-BCA9-482E-B31A-E67630247988}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{7534A7A9-C5DF-444B-82E8-BE22AADAD1E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{758979D7-212B-42BA-A3B5-564FA582B479}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{75BC4FFB-7F13-4349-A505-FB5778966647}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75F7E16D-B507-4B11-8226-62B64CB095F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{764DD3FB-0691-4C4C-9D5D-7942126D04EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{76F01675-CB43-4223-B347-9A050103445D}" = protocol=58 | dir=out | [email protected],-28546 |
"{7853E5D3-20D5-46DE-A54F-E095A1F2B82D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{78D12E96-A19C-4334-B46D-7CFD12F80E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{7920A48D-2EFD-442A-9F6D-06BA687DC28E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A494591-9450-4E91-ACB7-3B32C7CD6E48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{7AC123D6-8AC7-489C-8441-465FB1EB09BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7B71F036-7E95-4822-BFE5-D6F165A5F879}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{7B8BFBE7-5198-4FF4-AE16-952E30724C10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{7C54F61D-B72B-4E6A-B625-2CE657418A5D}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{7E9A3F66-82B1-4144-91DD-2DDBFF6DE590}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{7FA7C85A-D549-452B-8350-E76BB5334A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{82284FF6-3327-4635-A58E-42DB0A43A946}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{8232ACFC-E512-48D9-A2F3-2747744789FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{83374BC9-3569-48BB-9363-8F5478F28D27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{84467558-840A-458A-92A8-D6D113777C34}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{854A536C-CA94-455C-BD4A-F23F8871E949}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{87D24C4D-29DA-4486-849E-0599457E45B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{8A0A8A06-0921-4277-A797-0B7A397F5355}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C60C161-C01D-44B3-B5E4-E16C13AFD5FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{8CD54B29-D41D-4294-8CD7-2D32FD749109}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{8DCE4709-D3A1-4769-B42B-58CBD2BD16BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{8E2EC432-DDBE-421A-BE17-8DE0D218CA17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{912E169A-09F9-4187-B216-C6C72E8070A8}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{934E4A8C-8EC9-4FF1-A7E8-5D5FC564F1EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{94014EF1-E8B4-4D8E-8622-C86D7608B3D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{94C655EE-B079-408D-86BC-9C875C5D2923}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{95923A46-8CBE-459D-8CC5-7D005211BEB1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{960F47C6-93BC-471B-90D3-5DB63DF546F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{9647CEF7-4DD7-4F53-847C-C6A44C9DD66B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{9655A13E-FF48-437D-BC1E-8586629C1324}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{96932E3E-CF30-4C4E-86CA-27E3A4334DDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{970725AB-090C-49A9-B346-56E76A1BB08B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war alexander\testappa.exe |
"{9800D9D8-7FFB-47B7-ACB8-78271EDC074E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{988285EF-B8AB-44A3-8E0C-6192D282F219}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{99DCDEB2-E345-4DCA-A06A-8028B9BB0B4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{9A486F2C-9CC7-4A15-A2C3-3FF2C345B331}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{9ABE1FEA-88DB-486E-8729-EFB1FA871905}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\robotomr\garrysmod\hl2.exe |
"{9DD839B7-0EB4-4344-943F-1713FA3B6A37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{9E902200-B6B8-4956-A53A-4FE71122104E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FB5F55E-E703-4AA4-AB00-EBD7FB73D962}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{A0D61B7F-F718-4A03-990C-875EC2CEA58D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{A2DC87D8-C366-4CC1-B977-F3C8300F4167}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2F9C986-D3A0-4045-9C98-0EBC1DC89E25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{A4D94477-56F8-4FD9-AC9A-9DA2763E4FF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{A51C8F9C-3416-496C-B3FB-FD69E2415F9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{A70DF3AC-30E2-424A-9CCB-A2C9EF178B1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown\showdown.exe |
"{A73B266F-EDA9-462A-B9A7-6C7A34B7B83F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{A94FCDBD-2B2E-4E47-B354-3573B6B84BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{AACF8172-CE72-4E69-84C6-2A2EE05EAC2C}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{AADC7D1C-3A42-4D70-9C7F-AF93C4F59BF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{AC2C1A26-76E3-4C2F-A93F-7C545C9F6A07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{AC341775-104B-47B4-9193-E10968B7173D}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil operation raccoon city\raccooncity.exe |
"{AD83B6B7-E3E4-429B-9F2B-13AE718DA3A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{AD8EB4D7-349B-4B26-BD6A-0228FB11EAEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{ADF7B56D-3062-4DC2-89D2-CE0FDD0A6B90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{AE0DC5F0-D2F0-4A83-8EFB-FB5E5553A5A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{AF0C4E1E-354D-4A14-82AB-0C39C3AD022E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{AF550C4E-76D3-4437-A412-5A4163F12B62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{B116870F-287C-4707-BE3F-5A2DC6949EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{B26BD62C-58AA-4228-B26D-A388B02792B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{B50A9C23-6D3D-449E-934A-690E3A75B4D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{B7134A39-956B-44CF-94B7-6051C26FD4DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{B7AF1BEF-AAC7-49AE-A186-0686E1731C18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{B8D2189C-D20D-4BA7-A8B8-FEBB69218A49}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{B9436D3A-53AA-49FB-AAD4-90F71315BB75}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
"{BA075FC8-6C25-4496-8D24-1D5630734555}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution duality demo\hacker evolution duality.exe |
"{BE648E4B-595A-48DA-A1E4-2320AE0B20A8}" = protocol=1 | dir=out | [email protected],-28544 |
"{BEDEF8CA-94A5-4762-BD4F-AF5058DA7D56}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BF45A88B-38DC-4F92-8EE7-D38A3D83274B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BF679D26-2A11-4E7B-A589-8A3AFC65B24D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{C202A4FD-D3A9-4609-BD4A-FA971ED87756}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution - demo\hacker evolution.exe |
"{C24E6C1D-7E2D-41ED-AE45-9033E5CB6132}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{C3DCBF3C-B33F-44EC-A837-C89A395098B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3F0D1E1-7190-4065-BEEA-D3AD1071A0F1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |
"{C4CA9323-B817-4F80-8CBD-B78600A8FC0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C62EDDF8-2CE7-490D-9AFE-7863447A0B1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C7CB13CD-F187-418A-923E-9DA6D734EB94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8422488-72F9-461B-B23A-7953FAF8CBEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{CA71128C-7DEB-4F3B-801F-3AAAF62E9E26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{CB65386A-1518-4B6F-8DDA-E74774F6773D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{CBD971AE-212E-45A6-BB22-65BC2F66796D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{CC298143-F921-405A-9C58-0AD712EBA579}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{CD07C144-DB93-453A-BF35-90D14CE5E2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{D1F1485A-6CD9-4F86-A99E-FEE4B6271AD9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{D21A6A26-4BA2-42C6-A641-624D46B46453}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{D220EE02-581B-4519-BDD7-29A56878D64B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{D45173BC-5125-4FCE-ABBE-3717BCA28AC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D45AFAD6-4E5F-4560-8D2D-ADD8E923123A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\robotomr\garrysmod\hl2.exe |
"{D5D1B566-F3E2-4785-AEA0-F946EA03162F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{DA26369F-ECCE-4F37-833A-6B539BDE8C13}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DABF70CA-A2BC-4EF3-98A8-7C8C45E0896A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution - demo\hacker evolution.exe |
"{DC1A85B8-BDA2-45C6-8C49-BE98F4AB881A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{DCEC214A-9965-4E91-AB67-C94B17B475E9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{DDFB0EB9-9E78-4E60-9A25-9C66DDBACF03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{DE194347-FB8E-4479-9D35-B0C13E1ED9BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{DE6EE6D4-57AA-4E57-841F-6C627B582B61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{DED52C3B-B6AE-4C92-B89F-14DA48390226}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E3696B8A-BE54-4A4A-8AF8-AD6309C80115}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{E3BB1AE8-C3E6-43FD-97C9-73AB5828D023}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
"{E3DB05AD-278E-44FC-ACB5-F5FCDE77BF5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{E4CE3B7C-CDCD-4E94-A186-837A8962C63B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{E80AA680-F202-43C3-9FCD-BAA8AA93672F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E85E57BF-E1F0-4CC5-9A06-8E7C3E7D34EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E870A9C9-31D8-4370-B55B-43F43437E27F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{E8DA148C-11D5-4B72-95EC-D2B5DB0896B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{E90E109F-FF84-4DB9-AE4E-56EAF944F9E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown\showdown.exe |
"{E9E1B225-6450-4063-ACFE-65ED5D25314C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war alexander\testappa.exe |
"{EB5289AA-B267-4C82-A155-7E08E2D9E58F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC335394-196E-497C-82CC-A007607C074A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{ECA15521-D196-4C99-BC9E-EEEF97B6A227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{F01826D6-E9BE-40E2-BFBD-4DF9A4234496}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F32278FC-583C-4EB8-9D01-A043F0E4444E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3460BEB-AABE-4EB4-B2D6-0F9BD8D8D72D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{F34D941D-DB31-4288-B9D5-E88875487995}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3BD7D65-9745-40FD-9994-696B5F950595}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{F3E8C9D5-AC45-4FF7-B381-E8DBD6FA71FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{F59DF434-4EE9-4C0E-898C-3F3F1231DC38}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{F628588C-21FC-4B24-A25D-424E892146AF}" = protocol=6 | dir=out | app=system |
"{F642DD0F-5EDC-483A-96E2-1E67243E540B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F725251C-AF6B-476C-85AB-56FAA06E4204}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F87CBB0C-98B4-405F-B5DE-6C122206299A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{F9F49F15-6E13-4250-93E7-8C00034D75F2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{FC510846-7A77-404E-B427-E2457151B86E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{FF542901-9734-4E29-8D23-2D41290D2BCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"TCP Query User{134D4E13-1BAC-4F19-A3F3-2AA9BCD66FE5}C:\program files (x86)\steam\steamapps\robotomr\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\robotomr\team fortress 2\hl2.exe |
"TCP Query User{2408D12F-D4FA-4941-860F-919D65EA4740}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{24C0F647-310E-4CDF-92C3-D14268418C3B}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"TCP Query User{2BD2DFE7-3B49-49DF-AE31-6D27B841EC9C}C:\users\user\desktop\files\games\actual games\age of empires\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\files\games\actual games\age of empires\age of empires ii\empires2.exe |
"TCP Query User{68DFE391-FB6E-4D38-8557-668794817ECB}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{7659BC23-7261-4345-B931-6850BDEB1FB3}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"TCP Query User{87911E5B-9565-46DD-B1C7-178C4C1FF6AE}C:\users\user\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"TCP Query User{941D900F-A78A-41B0-8BE1-A459BCF0CBAC}C:\users\user\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\user\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{985BE0E8-4370-4FE1-B415-5BA699593860}C:\program files (x86)\bethesda softworks\fallout 3\vaultmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\vaultmp.exe |
"TCP Query User{A3AA54AE-FCF8-4DFB-8448-5261108A1EFE}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{AABD9CF0-1BCF-4A23-81FF-617AF14F57CC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{AE8FBF46-2CF6-4DF8-A48B-9B4456ACB110}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{B26E124D-9ECF-40A6-9EC8-F52CCA248FBB}C:\program files (x86)\steam\steamapps\common\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\medieval2.exe |
"TCP Query User{C3F9A2A8-0946-45FD-B3A9-24465E72907B}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"TCP Query User{C5EA0865-4DAD-4532-B6B5-AE850350137D}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe |
"TCP Query User{D79F1FA1-212B-4B49-811D-947066A47848}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{F551F0EB-E0A6-497D-8085-2620FF3AF27C}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{0E2D0A8E-47F0-40CD-A318-FBEA8CD2CAB3}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{202F2505-2AB3-47A9-A5E7-1A86C4F646F1}C:\program files (x86)\bethesda softworks\fallout 3\vaultmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\vaultmp.exe |
"UDP Query User{22837E69-87FA-4FD9-829F-AD7E19AFC9B8}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{325606A9-B905-4275-A864-8CE49730D58D}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"UDP Query User{39CA9E77-1F6C-4406-8C60-86EBA21B5487}C:\users\user\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\user\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{4D49D7A6-477F-4B7D-BB7D-FFCA3C235649}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{52EAD848-C558-4FD0-AD44-7498C9619032}C:\program files (x86)\steam\steamapps\common\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\medieval2.exe |
"UDP Query User{5407E80A-0A4B-4C41-B0F4-E390FC14D2CB}C:\users\user\desktop\files\games\actual games\age of empires\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\files\games\actual games\age of empires\age of empires ii\empires2.exe |
"UDP Query User{697DCCF2-CD12-4DA9-B0E8-9FE08B1F5723}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{88068D10-75E8-4296-8658-68AE87691AA8}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"UDP Query User{8B92C26E-F1EE-4C35-8F13-80E9C7008D13}C:\users\user\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"UDP Query User{8D683E45-494C-4FA6-82FE-A262C1357CB4}C:\program files (x86)\steam\steamapps\robotomr\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\robotomr\team fortress 2\hl2.exe |
"UDP Query User{8F949364-3D77-448A-9C28-02A3DD77C3D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{AE8DB327-09BC-4D42-B559-B87934E1E914}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{BD835EEF-DD0D-4DA0-A8AD-4622DE971BB1}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"UDP Query User{E1F14425-C284-4512-B1AB-7DBA9D79C738}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{E2386230-500C-4DEE-9A07-9DE3D3E640B7}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.20
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"GIMP-2_is1" = GIMP 2.8.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{02454664-23E6-46B3-9CB3-30870AE3645E}" = Crysis®3 MP Open Beta
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}" = 3TB+Unlock B11.0919.1
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{192BCCC6-C47B-4473-B187-5164185A413C}" = Tenda Wireless LAN Card
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EB28256-1D66-49F1-AF66-691BF9A27C79}" = Camtasia Studio 8
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43430FA1-12BB-4D88-862E-4F1000008400}" = Resident Evil: Operation Raccoon City
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5C5A944F-096E-4ADD-B8E8-887F18BA6228}" = LEGO® Harry Potter™: Years 5-7
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
"{6B1F9121-5599-47F9-9F82-9FEA0F03C47F}" = 3DPower B12.0208.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DDE3AC-B0EF-40D3-ADCA-7C002F9E11D1}_is1" = Guitar Hero - World Tour v1.0
"{790412BB-B6CE-459B-9E17-7DA7C20FC98C}" = DayZ Commander
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Years 1-4
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E82097B9-A3B8-404A-9A92-AC16A8AC9576}" = Adobe After Effects CS5.5
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Afterburner" = MSI Afterburner 2.1.0
"Audacity_is1" = Audacity 2.0
"AudioCS" = Creative Audio Control Panel
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BIT.TRIP RUNNER" = BIT.TRIP RUNNER (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dishonored_is1" = Dishonored
"Dxtory2.0_is1" = Dxtory version 2.0.119
"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GMouse" = GIGABYTE FORCE Driver
"GTA IV Vehicle Mod Installer v1.2_is1" = GTA IV Vehicle Mod Installer v1.2
"Hitman Absolution_is1" = Hitman Absolution
"Host OpenAL" = Host OpenAL
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}" = Viva Pinata
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.1.0
"Lord of the Rings - War in the North_is1" = Lord of the Rings - War in the North
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"N360" = Norton 360
"New LEGO Digital Designer" = LEGO Digital Designer
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Portal" = Portal
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Scribblenauts Unlimited_is1" = Scribblenauts Unlimited
"Sleeping Dogs_is1" = Sleeping Dogs version 1.4
"Sniper Elite V2_is1" = Sniper Elite V2
"SpeedFan" = SpeedFan (remove only)
"Steam App 102600" = Orcs Must Die!
"Steam App 10500" = Empire: Total War
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding of Isaac
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1520" = DEFCON
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 200170" = Worms Revolution
"Steam App 200210" = Realm of the Mad God
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 200710" = Torchlight II
"Steam App 201700" = DiRT Showdown
"Steam App 201720" = Hacker Evolution Duality Demo
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220240" = Far Cry® 3
"Steam App 22100" = Mount & Blade
"Steam App 22230" = Rock of Ages
"Steam App 22380" = Fallout: New Vegas
"Steam App 24240" = PAYDAY: The Heist
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 34030" = Napoleon: Total War
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4770" = Rome: Total War - Alexander
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 48000" = LIMBO
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 49520" = Borderlands 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 6060" = Star Wars - Battlefront II
"Steam App 620" = Portal 2
"Steam App 70130" = Hacker Evolution - Demo
"Steam App 70140" = Hacker Evolution: Untold - Demo
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 91310" = Dead Island
"Steam App 96800" = Nexuiz
"Steam App 9930" = Test Drive Unlimited 2
"TeamViewer 8" = TeamViewer 8
"The Elder Scrolls V Skyrim ..." = The Elder Scrolls V Skyrim ...
"Tony Hawks Pro Skater HD_is1" = Tony Hawks Pro Skater HD
"Uplay" = Uplay
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VLC media player" = VLC media player 2.0.4
"WinFF_is1" = WinFF 1.4.2
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-559612745-3904666825-1817983461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/02/2013 09:22:10 | Computer Name = User-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 18/02/2013 09:22:10 | Computer Name = User-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 18/02/2013 09:22:10 | Computer Name = User-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 18/02/2013 09:22:16 | Computer Name = User-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 18/02/2013 09:22:16 | Computer Name = User-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 18/02/2013 09:22:16 | Computer Name = User-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 18/02/2013 09:22:16 | Computer Name = User-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 18/02/2013 09:22:44 | Computer Name = User-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 18/02/2013 09:47:49 | Computer Name = User-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 18/02/2013 10:06:56 | Computer Name = User-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

[ System Events ]
Error - 12/12/2012 09:45:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 12/12/2012 09:47:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 12/12/2012 09:47:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 12/12/2012 09:48:00 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 12/12/2012 12:15:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 12/12/2012 12:15:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 14/12/2012 13:12:05 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 14/12/2012 13:12:05 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 15/12/2012 10:25:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 15/12/2012 10:25:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >



aswMBR report:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-18 15:18:25
-----------------------------
15:18:25.257 OS Version: Windows x64 6.1.7601 Service Pack 1
15:18:25.257 Number of processors: 4 586 0x3A09
15:18:25.257 ComputerName: USER-PC UserName: User
15:18:30.167 Initialize success
15:19:20.804 AVAST engine defs: 13021800
15:19:26.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
15:19:26.905 Disk 0 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
15:19:26.920 Disk 0 MBR read successfully
15:19:26.921 Disk 0 MBR scan
15:19:26.950 Disk 0 Windows 7 default MBR code
15:19:26.952 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:19:26.966 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
15:19:27.006 Disk 0 scanning C:\Windows\system32\drivers
15:19:39.756 Service scanning
15:19:52.449 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
15:20:05.036 Modules scanning
15:20:05.040 Disk 0 trace - called modules:
15:20:05.054 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:20:05.379 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d391060]
15:20:05.381 3 CLASSPNP.SYS[fffff88001b1543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800d45c060]
15:20:09.246 AVAST engine scan C:\Windows
15:20:15.289 AVAST engine scan C:\Windows\system32
15:23:44.872 AVAST engine scan C:\Windows\system32\drivers
15:24:00.158 AVAST engine scan C:\Users\User
15:25:41.477 File: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6RBMKFU\svchost[1].exe **INFECTED** Win32:Malware-gen
15:37:07.576 AVAST engine scan C:\ProgramData
15:39:19.383 Scan finished successfully
15:39:56.919 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
15:39:56.948 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 18 February 2013 - 09:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can kill it now

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [Adobe] C:\Users\User\AppData\Roaming\AdobeUpdater\color.vbe ()

:Files
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6RBMKFU 

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
Adam2013
Posted 18 February 2013 - 10:08 AM

Adam2013

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
When I pasted in the custom scan fix in OTL, as soon as I clicked Run Fix I got a blue screen

Here's what the blue screen was if you need it:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: f4
BCP1: 0000000000000006
BCP2: FFFFFA80100B5B50
BCP3: FFFFFA801003EE10
BCP4: FFFFF8000339A440
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\021813-29858-01.dmp
C:\Users\User\AppData\Local\Temp\WER-87251-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
  • 0

#6
Essexboy
Posted 18 February 2013 - 10:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK jump direct to TDSSKiller next and we will proceed from there
  • 0

#7
Adam2013
Posted 18 February 2013 - 10:16 AM

Adam2013

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here's the results:

16:15:28.0417 4020 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:15:28.0663 4020 ============================================================
16:15:28.0663 4020 Current date / time: 2013/02/18 16:15:28.0663
16:15:28.0663 4020 SystemInfo:
16:15:28.0663 4020
16:15:28.0663 4020 OS Version: 6.1.7601 ServicePack: 1.0
16:15:28.0663 4020 Product type: Workstation
16:15:28.0663 4020 ComputerName: USER-PC
16:15:28.0663 4020 UserName: User
16:15:28.0663 4020 Windows directory: C:\Windows
16:15:28.0663 4020 System windows directory: C:\Windows
16:15:28.0663 4020 Running under WOW64
16:15:28.0663 4020 Processor architecture: Intel x64
16:15:28.0663 4020 Number of processors: 4
16:15:28.0663 4020 Page size: 0x1000
16:15:28.0663 4020 Boot type: Normal boot
16:15:28.0663 4020 ============================================================
16:15:32.0843 4020 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:15:32.0846 4020 ============================================================
16:15:32.0846 4020 \Device\Harddisk0\DR0:
16:15:32.0847 4020 MBR partitions:
16:15:32.0847 4020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:15:32.0847 4020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
16:15:32.0847 4020 ============================================================
16:15:32.0876 4020 C: <-> \Device\Harddisk0\DR0\Partition2
16:15:32.0876 4020 ============================================================
16:15:32.0876 4020 Initialize success
16:15:32.0876 4020 ============================================================
16:15:37.0099 4220 ============================================================
16:15:37.0099 4220 Scan started
16:15:37.0099 4220 Mode: Manual; SigCheck; TDLFS;
16:15:37.0099 4220 ============================================================
16:15:37.0883 4220 ================ Scan system memory ========================
16:15:37.0883 4220 System memory - ok
16:15:37.0883 4220 ================ Scan services =============================
16:15:38.0009 4220 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:15:38.0078 4220 1394ohci - ok
16:15:38.0092 4220 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:15:38.0109 4220 ACPI - ok
16:15:38.0111 4220 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:15:38.0123 4220 AcpiPmi - ok
16:15:38.0239 4220 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:15:38.0258 4220 AdobeARMservice - ok
16:15:38.0332 4220 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:15:38.0377 4220 AdobeFlashPlayerUpdateSvc - ok
16:15:38.0394 4220 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:15:38.0410 4220 adp94xx - ok
16:15:38.0432 4220 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:15:38.0446 4220 adpahci - ok
16:15:38.0461 4220 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:15:38.0475 4220 adpu320 - ok
16:15:38.0521 4220 [ CBFAA333EBA2E402A0439A3A0E5413F3 ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
16:15:38.0579 4220 AdvancedSystemCareService6 - ok
16:15:38.0608 4220 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:15:38.0638 4220 AeLookupSvc - ok
16:15:38.0669 4220 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:15:38.0686 4220 AFD - ok
16:15:38.0700 4220 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:15:38.0711 4220 agp440 - ok
16:15:38.0714 4220 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:15:38.0731 4220 ALG - ok
16:15:38.0746 4220 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:15:38.0756 4220 aliide - ok
16:15:38.0789 4220 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:15:38.0822 4220 AMD External Events Utility - ok
16:15:38.0824 4220 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:15:38.0834 4220 amdide - ok
16:15:38.0836 4220 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:15:38.0849 4220 AmdK8 - ok
16:15:39.0011 4220 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:15:39.0103 4220 amdkmdag - ok
16:15:39.0125 4220 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:15:39.0143 4220 amdkmdap - ok
16:15:39.0145 4220 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:15:39.0157 4220 AmdPPM - ok
16:15:39.0186 4220 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:15:39.0197 4220 amdsata - ok
16:15:39.0216 4220 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:15:39.0231 4220 amdsbs - ok
16:15:39.0253 4220 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:15:39.0264 4220 amdxata - ok
16:15:39.0267 4220 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:15:39.0292 4220 AppID - ok
16:15:39.0325 4220 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:15:39.0354 4220 AppIDSvc - ok
16:15:39.0357 4220 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:15:39.0385 4220 Appinfo - ok
16:15:39.0430 4220 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:15:39.0458 4220 Apple Mobile Device - ok
16:15:39.0480 4220 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
16:15:39.0495 4220 AppleCharger - ok
16:15:39.0506 4220 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
16:15:39.0525 4220 AppleChargerSrv - ok
16:15:39.0544 4220 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:15:39.0556 4220 arc - ok
16:15:39.0561 4220 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:15:39.0573 4220 arcsas - ok
16:15:39.0637 4220 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:15:39.0649 4220 aspnet_state - ok
16:15:39.0669 4220 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:15:39.0693 4220 AsyncMac - ok
16:15:39.0695 4220 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:15:39.0705 4220 atapi - ok
16:15:39.0740 4220 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:15:39.0753 4220 AtiHDAudioService - ok
16:15:39.0783 4220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:15:39.0816 4220 AudioEndpointBuilder - ok
16:15:39.0844 4220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:15:39.0877 4220 AudioSrv - ok
16:15:39.0891 4220 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:15:39.0914 4220 AxInstSV - ok
16:15:39.0930 4220 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:15:39.0944 4220 b06bdrv - ok
16:15:39.0959 4220 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:15:39.0973 4220 b57nd60a - ok
16:15:39.0991 4220 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:15:40.0009 4220 BDESVC - ok
16:15:40.0018 4220 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:15:40.0037 4220 Beep - ok
16:15:40.0093 4220 [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
16:15:40.0110 4220 BEService ( UnsignedFile.Multi.Generic ) - warning
16:15:40.0110 4220 BEService - detected UnsignedFile.Multi.Generic (1)
16:15:40.0126 4220 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:15:40.0159 4220 BFE - ok
16:15:40.0325 4220 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
16:15:40.0355 4220 BHDrvx64 - ok
16:15:40.0394 4220 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:15:40.0441 4220 BITS - ok
16:15:40.0443 4220 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:15:40.0455 4220 blbdrive - ok
16:15:40.0523 4220 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:15:40.0555 4220 Bonjour Service - ok
16:15:40.0569 4220 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:15:40.0581 4220 bowser - ok
16:15:40.0584 4220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:15:40.0596 4220 BrFiltLo - ok
16:15:40.0598 4220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:15:40.0636 4220 BrFiltUp - ok
16:15:40.0662 4220 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:15:40.0679 4220 Browser - ok
16:15:40.0683 4220 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:15:40.0712 4220 Brserid - ok
16:15:40.0715 4220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:15:40.0727 4220 BrSerWdm - ok
16:15:40.0729 4220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:15:40.0742 4220 BrUsbMdm - ok
16:15:40.0744 4220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:15:40.0755 4220 BrUsbSer - ok
16:15:40.0758 4220 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:15:40.0773 4220 BTHMODEM - ok
16:15:40.0790 4220 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:15:40.0821 4220 bthserv - ok
16:15:40.0899 4220 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys
16:15:40.0914 4220 ccSet_N360 - ok
16:15:40.0934 4220 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:15:40.0958 4220 cdfs - ok
16:15:40.0962 4220 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:15:40.0975 4220 cdrom - ok
16:15:40.0992 4220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:15:41.0022 4220 CertPropSvc - ok
16:15:41.0027 4220 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:15:41.0061 4220 circlass - ok
16:15:41.0085 4220 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:15:41.0105 4220 CLFS - ok
16:15:41.0144 4220 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:41.0162 4220 clr_optimization_v2.0.50727_32 - ok
16:15:41.0259 4220 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:15:41.0271 4220 clr_optimization_v2.0.50727_64 - ok
16:15:41.0318 4220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:41.0332 4220 clr_optimization_v4.0.30319_32 - ok
16:15:41.0344 4220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:15:41.0357 4220 clr_optimization_v4.0.30319_64 - ok
16:15:41.0360 4220 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:15:41.0371 4220 CmBatt - ok
16:15:41.0387 4220 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:15:41.0398 4220 cmdide - ok
16:15:41.0440 4220 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:15:41.0462 4220 CNG - ok
16:15:41.0465 4220 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:15:41.0475 4220 Compbatt - ok
16:15:41.0478 4220 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:15:41.0490 4220 CompositeBus - ok
16:15:41.0492 4220 COMSysApp - ok
16:15:41.0495 4220 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:15:41.0506 4220 crcdisk - ok
16:15:41.0562 4220 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
16:15:41.0638 4220 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:15:41.0638 4220 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:15:41.0652 4220 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:15:41.0670 4220 CryptSvc - ok
16:15:41.0715 4220 [ CACB67BC2E73894ECBCBC4EAD2F02456 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
16:15:41.0769 4220 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
16:15:41.0769 4220 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
16:15:41.0796 4220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:15:41.0829 4220 DcomLaunch - ok
16:15:41.0839 4220 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:15:41.0871 4220 defragsvc - ok
16:15:41.0874 4220 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:15:41.0898 4220 DfsC - ok
16:15:41.0934 4220 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:15:41.0950 4220 dg_ssudbus - ok
16:15:41.0962 4220 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:15:41.0980 4220 Dhcp - ok
16:15:41.0983 4220 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:15:42.0008 4220 discache - ok
16:15:42.0023 4220 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:15:42.0036 4220 Disk - ok
16:15:42.0064 4220 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:15:42.0082 4220 Dnscache - ok
16:15:42.0096 4220 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:15:42.0126 4220 dot3svc - ok
16:15:42.0129 4220 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:15:42.0158 4220 DPS - ok
16:15:42.0187 4220 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:15:42.0196 4220 drmkaud - ok
16:15:42.0217 4220 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:15:42.0239 4220 DXGKrnl - ok
16:15:42.0252 4220 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:15:42.0283 4220 EapHost - ok
16:15:42.0338 4220 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:15:42.0369 4220 ebdrv - ok
16:15:42.0393 4220 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:15:42.0421 4220 eeCtrl - ok
16:15:42.0453 4220 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:15:42.0468 4220 EFS - ok
16:15:42.0537 4220 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:15:42.0564 4220 ehRecvr - ok
16:15:42.0578 4220 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:15:42.0621 4220 ehSched - ok
16:15:42.0650 4220 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:15:42.0679 4220 elxstor - ok
16:15:42.0748 4220 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:15:42.0789 4220 EraserUtilRebootDrv - ok
16:15:42.0802 4220 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:15:42.0813 4220 ErrDev - ok
16:15:42.0834 4220 [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
16:15:42.0845 4220 EtronHub3 - ok
16:15:42.0861 4220 [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
16:15:42.0873 4220 EtronXHCI - ok
16:15:42.0892 4220 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:15:42.0923 4220 EventSystem - ok
16:15:42.0928 4220 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:15:42.0954 4220 exfat - ok
16:15:42.0970 4220 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:15:42.0996 4220 fastfat - ok
16:15:43.0015 4220 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:15:43.0064 4220 Fax - ok
16:15:43.0067 4220 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:15:43.0079 4220 fdc - ok
16:15:43.0104 4220 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:15:43.0132 4220 fdPHost - ok
16:15:43.0140 4220 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:15:43.0168 4220 FDResPub - ok
16:15:43.0171 4220 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:15:43.0183 4220 FileInfo - ok
16:15:43.0186 4220 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:15:43.0212 4220 Filetrace - ok
16:15:43.0214 4220 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:15:43.0225 4220 flpydisk - ok
16:15:43.0237 4220 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:15:43.0252 4220 FltMgr - ok
16:15:43.0287 4220 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:15:43.0326 4220 FontCache - ok
16:15:43.0376 4220 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:15:43.0413 4220 FontCache3.0.0.0 - ok
16:15:43.0418 4220 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:15:43.0434 4220 FsDepends - ok
16:15:43.0466 4220 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:15:43.0479 4220 Fs_Rec - ok
16:15:43.0484 4220 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:15:43.0502 4220 fvevol - ok
16:15:43.0516 4220 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:15:43.0530 4220 gagp30kx - ok
16:15:43.0554 4220 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
16:15:43.0567 4220 gdrv - ok
16:15:43.0590 4220 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:15:43.0602 4220 GEARAspiWDM - ok
16:15:43.0624 4220 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:15:43.0659 4220 gpsvc - ok
16:15:43.0675 4220 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
16:15:43.0687 4220 GVTDrv64 - ok
16:15:43.0719 4220 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:15:43.0731 4220 hamachi - ok
16:15:43.0742 4220 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:15:43.0753 4220 hcw85cir - ok
16:15:43.0786 4220 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:15:43.0814 4220 HdAudAddService - ok
16:15:43.0828 4220 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:15:43.0842 4220 HDAudBus - ok
16:15:43.0845 4220 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:15:43.0856 4220 HidBatt - ok
16:15:43.0859 4220 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:15:43.0874 4220 HidBth - ok
16:15:43.0877 4220 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:15:43.0891 4220 HidIr - ok
16:15:43.0908 4220 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:15:43.0937 4220 hidserv - ok
16:15:43.0940 4220 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:15:43.0953 4220 HidUsb - ok
16:15:43.0960 4220 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:15:43.0991 4220 hkmsvc - ok
16:15:44.0001 4220 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:15:44.0021 4220 HomeGroupListener - ok
16:15:44.0039 4220 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:15:44.0057 4220 HomeGroupProvider - ok
16:15:44.0072 4220 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:15:44.0083 4220 HpSAMD - ok
16:15:44.0091 4220 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:15:44.0122 4220 HTTP - ok
16:15:44.0134 4220 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:15:44.0144 4220 hwpolicy - ok
16:15:44.0147 4220 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:15:44.0161 4220 i8042prt - ok
16:15:44.0188 4220 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:15:44.0214 4220 iaStorV - ok
16:15:44.0246 4220 [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
16:15:44.0285 4220 ICCS ( UnsignedFile.Multi.Generic ) - warning
16:15:44.0285 4220 ICCS - detected UnsignedFile.Multi.Generic (1)
16:15:44.0324 4220 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:15:44.0339 4220 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:15:44.0340 4220 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:15:44.0390 4220 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:15:44.0411 4220 idsvc - ok
16:15:44.0515 4220 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130126.002\IDSvia64.sys
16:15:44.0538 4220 IDSVia64 - ok
16:15:44.0560 4220 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:15:44.0571 4220 iirsp - ok
16:15:44.0580 4220 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:15:44.0615 4220 IKEEXT - ok
16:15:44.0658 4220 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:15:45.0218 4220 Intel® Capability Licensing Service Interface - ok
16:15:45.0227 4220 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:15:45.0238 4220 intelide - ok
16:15:45.0241 4220 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:15:45.0252 4220 intelppm - ok
16:15:45.0261 4220 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:15:45.0291 4220 IPBusEnum - ok
16:15:45.0305 4220 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:45.0329 4220 IpFilterDriver - ok
16:15:45.0363 4220 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:15:45.0401 4220 iphlpsvc - ok
16:15:45.0405 4220 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:15:45.0417 4220 IPMIDRV - ok
16:15:45.0421 4220 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:15:45.0447 4220 IPNAT - ok
16:15:45.0479 4220 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:15:45.0539 4220 iPod Service - ok
16:15:45.0542 4220 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:15:45.0557 4220 IRENUM - ok
16:15:45.0560 4220 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:15:45.0570 4220 isapnp - ok
16:15:45.0588 4220 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:15:45.0602 4220 iScsiPrt - ok
16:15:45.0620 4220 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:15:45.0631 4220 iusb3hcs - ok
16:15:45.0642 4220 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:15:45.0657 4220 iusb3hub - ok
16:15:45.0666 4220 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:15:45.0686 4220 iusb3xhc - ok
16:15:45.0725 4220 [ 166FC0B36842135BC2D3C32DF70ED0D6 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:15:45.0756 4220 jhi_service - ok
16:15:45.0759 4220 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:45.0773 4220 kbdclass - ok
16:15:45.0776 4220 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:45.0789 4220 kbdhid - ok
16:15:45.0801 4220 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:15:45.0815 4220 KeyIso - ok
16:15:45.0832 4220 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:15:45.0846 4220 KSecDD - ok
16:15:45.0888 4220 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:15:45.0903 4220 KSecPkg - ok
16:15:45.0907 4220 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:15:45.0931 4220 ksthunk - ok
16:15:45.0949 4220 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:15:45.0981 4220 KtmRm - ok
16:15:46.0000 4220 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:15:46.0012 4220 L1C - ok
16:15:46.0031 4220 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:15:46.0062 4220 LanmanServer - ok
16:15:46.0085 4220 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:15:46.0115 4220 LanmanWorkstation - ok
16:15:46.0124 4220 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:15:46.0149 4220 lltdio - ok
16:15:46.0167 4220 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:15:46.0199 4220 lltdsvc - ok
16:15:46.0210 4220 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:15:46.0237 4220 lmhosts - ok
16:15:46.0251 4220 [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:15:46.0287 4220 LMS - ok
16:15:46.0300 4220 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:15:46.0327 4220 LSI_FC - ok
16:15:46.0340 4220 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:15:46.0352 4220 LSI_SAS - ok
16:15:46.0367 4220 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:15:46.0377 4220 LSI_SAS2 - ok
16:15:46.0394 4220 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:15:46.0405 4220 LSI_SCSI - ok
16:15:46.0409 4220 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:15:46.0436 4220 luafv - ok
16:15:46.0471 4220 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
16:15:46.0482 4220 lvpepf64 - ok
16:15:46.0505 4220 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:15:46.0517 4220 LVPr2M64 - ok
16:15:46.0520 4220 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:15:46.0532 4220 LVPr2Mon - ok
16:15:46.0581 4220 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
16:15:46.0660 4220 LVPrcS64 - ok
16:15:46.0688 4220 [ 125AE13C293889001B8456CF3EB04A40 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
16:15:46.0711 4220 LVRS64 - ok
16:15:46.0732 4220 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
16:15:46.0744 4220 LVUSBS64 - ok
16:15:46.0769 4220 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
16:15:46.0799 4220 ManyCam - ok
16:15:46.0829 4220 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:15:46.0840 4220 MBAMProtector - ok
16:15:46.0882 4220 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:15:46.0921 4220 MBAMScheduler - ok
16:15:46.0939 4220 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:15:47.0019 4220 MBAMService - ok
16:15:47.0036 4220 [ 2E7FFDEF8BAFD04CBB517507B821E878 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
16:15:47.0047 4220 mcaudrv_simple - ok
16:15:47.0081 4220 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:15:47.0099 4220 Mcx2Svc - ok
16:15:47.0116 4220 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:15:47.0127 4220 megasas - ok
16:15:47.0143 4220 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:15:47.0159 4220 MegaSR - ok
16:15:47.0181 4220 [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:15:47.0193 4220 MEIx64 - ok
16:15:47.0247 4220 Microsoft SharePoint Workspace Audit Service - ok
16:15:47.0276 4220 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:15:47.0304 4220 MMCSS - ok
16:15:47.0327 4220 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:15:47.0351 4220 Modem - ok
16:15:47.0354 4220 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:15:47.0367 4220 monitor - ok
16:15:47.0371 4220 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:15:47.0384 4220 mouclass - ok
16:15:47.0387 4220 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:15:47.0400 4220 mouhid - ok
16:15:47.0419 4220 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:15:47.0432 4220 mountmgr - ok
16:15:47.0475 4220 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:15:47.0491 4220 MpFilter - ok
16:15:47.0515 4220 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:15:47.0527 4220 mpio - ok
16:15:47.0531 4220 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:15:47.0557 4220 mpsdrv - ok
16:15:47.0578 4220 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:15:47.0613 4220 MpsSvc - ok
16:15:47.0617 4220 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:15:47.0634 4220 MRxDAV - ok
16:15:47.0657 4220 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:47.0671 4220 mrxsmb - ok
16:15:47.0682 4220 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:47.0697 4220 mrxsmb10 - ok
16:15:47.0705 4220 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:47.0718 4220 mrxsmb20 - ok
16:15:47.0736 4220 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:15:47.0746 4220 msahci - ok
16:15:47.0780 4220 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:15:47.0793 4220 msdsm - ok
16:15:47.0828 4220 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:15:47.0847 4220 MSDTC - ok
16:15:47.0858 4220 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:15:47.0881 4220 Msfs - ok
16:15:47.0902 4220 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:15:47.0922 4220 mshidkmdf - ok
16:15:47.0925 4220 MSICDSetup - ok
16:15:47.0936 4220 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:15:47.0946 4220 msisadrv - ok
16:15:47.0968 4220 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:15:47.0997 4220 MSiSCSI - ok
16:15:48.0001 4220 msiserver - ok
16:15:48.0011 4220 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:15:48.0035 4220 MSKSSRV - ok
16:15:48.0104 4220 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:15:48.0117 4220 MsMpSvc - ok
16:15:48.0120 4220 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:48.0140 4220 MSPCLOCK - ok
16:15:48.0143 4220 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:15:48.0162 4220 MSPQM - ok
16:15:48.0169 4220 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:15:48.0185 4220 MsRPC - ok
16:15:48.0191 4220 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:15:48.0203 4220 mssmbios - ok
16:15:48.0206 4220 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:15:48.0225 4220 MSTEE - ok
16:15:48.0229 4220 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:15:48.0240 4220 MTConfig - ok
16:15:48.0248 4220 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:15:48.0261 4220 Mup - ok
16:15:48.0359 4220 [ 4BA84C832E0741A294C4444556DFE993 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
16:15:48.0419 4220 N360 - ok
16:15:48.0450 4220 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:15:48.0481 4220 napagent - ok
16:15:48.0501 4220 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:15:48.0519 4220 NativeWifiP - ok
16:15:48.0586 4220 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\ENG64.SYS
16:15:48.0612 4220 NAVENG - ok
16:15:48.0664 4220 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\EX64.SYS
16:15:48.0698 4220 NAVEX15 - ok
16:15:48.0750 4220 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:15:48.0794 4220 NDIS - ok
16:15:48.0804 4220 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:15:48.0856 4220 NdisCap - ok
16:15:48.0859 4220 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:48.0884 4220 NdisTapi - ok
16:15:48.0888 4220 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:48.0911 4220 Ndisuio - ok
16:15:48.0916 4220 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:48.0942 4220 NdisWan - ok
16:15:48.0946 4220 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:15:48.0970 4220 NDProxy - ok
16:15:48.0974 4220 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:15:48.0999 4220 NetBIOS - ok
16:15:49.0020 4220 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:15:49.0047 4220 NetBT - ok
16:15:49.0065 4220 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:15:49.0079 4220 Netlogon - ok
16:15:49.0099 4220 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:15:49.0130 4220 Netman - ok
16:15:49.0168 4220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:15:49.0183 4220 NetMsmqActivator - ok
16:15:49.0188 4220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:15:49.0202 4220 NetPipeActivator - ok
16:15:49.0228 4220 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:15:49.0259 4220 netprofm - ok
16:15:49.0334 4220 [ F1814E62EB6E50472AFC9903525ECEC1 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
16:15:49.0355 4220 netr28x - ok
16:15:49.0359 4220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:15:49.0374 4220 NetTcpActivator - ok
16:15:49.0378 4220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:15:49.0392 4220 NetTcpPortSharing - ok
16:15:49.0410 4220 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:15:49.0421 4220 nfrd960 - ok
16:15:49.0463 4220 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:15:49.0476 4220 NisDrv - ok
16:15:49.0501 4220 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:15:49.0523 4220 NisSrv - ok
16:15:49.0547 4220 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:15:49.0566 4220 NlaSvc - ok
16:15:49.0578 4220 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:15:49.0603 4220 Npfs - ok
16:15:49.0635 4220 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:15:49.0664 4220 nsi - ok
16:15:49.0668 4220 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:15:49.0691 4220 nsiproxy - ok
16:15:49.0748 4220 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:15:49.0774 4220 Ntfs - ok
16:15:49.0789 4220 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:15:49.0808 4220 Null - ok
16:15:49.0825 4220 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:15:49.0849 4220 nvraid - ok
16:15:49.0875 4220 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:15:49.0887 4220 nvstor - ok
16:15:49.0902 4220 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:15:49.0917 4220 nv_agp - ok
16:15:49.0921 4220 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:15:49.0934 4220 ohci1394 - ok
16:15:49.0975 4220 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:15:50.0018 4220 ose - ok
16:15:50.0126 4220 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:15:50.0248 4220 osppsvc - ok
16:15:50.0267 4220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:15:50.0303 4220 p2pimsvc - ok
16:15:50.0326 4220 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:15:50.0362 4220 p2psvc - ok
16:15:50.0367 4220 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:15:50.0380 4220 Parport - ok
16:15:50.0405 4220 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:15:50.0417 4220 partmgr - ok
16:15:50.0433 4220 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:15:50.0454 4220 PcaSvc - ok
16:15:50.0470 4220 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:15:50.0483 4220 pci - ok
16:15:50.0496 4220 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:15:50.0506 4220 pciide - ok
16:15:50.0511 4220 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:15:50.0525 4220 pcmcia - ok
16:15:50.0529 4220 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:15:50.0555 4220 pcw - ok
16:15:50.0563 4220 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:15:50.0591 4220 PEAUTH - ok
16:15:50.0668 4220 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:15:50.0685 4220 PerfHost - ok
16:15:50.0757 4220 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
16:15:50.0804 4220 PID_PEPI - ok
16:15:50.0839 4220 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:15:50.0876 4220 pla - ok
16:15:50.0911 4220 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:15:50.0931 4220 PlugPlay - ok
16:15:50.0935 4220 PnkBstrA - ok
16:15:50.0947 4220 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:15:50.0964 4220 PNRPAutoReg - ok
16:15:50.0970 4220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:15:50.0990 4220 PNRPsvc - ok
16:15:51.0020 4220 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:15:51.0051 4220 PolicyAgent - ok
16:15:51.0072 4220 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:15:51.0102 4220 Power - ok
16:15:51.0107 4220 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:15:51.0132 4220 PptpMiniport - ok
16:15:51.0149 4220 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:15:51.0161 4220 Processor - ok
16:15:51.0180 4220 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:15:51.0198 4220 ProfSvc - ok
16:15:51.0212 4220 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:15:51.0226 4220 ProtectedStorage - ok
16:15:51.0231 4220 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:15:51.0256 4220 Psched - ok
16:15:51.0306 4220 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:15:51.0331 4220 ql2300 - ok
16:15:51.0346 4220 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:15:51.0360 4220 ql40xx - ok
16:15:51.0376 4220 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:15:51.0412 4220 QWAVE - ok
16:15:51.0416 4220 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:15:51.0432 4220 QWAVEdrv - ok
16:15:51.0469 4220 [ E5F568414F32873E6EC9FD97F9EE980C ] RalinkRegistryWriter C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
16:15:51.0521 4220 RalinkRegistryWriter - ok
16:15:51.0539 4220 [ FFB6C1E16FF8772F62693A3DCA731F8F ] RalinkRegistryWriter64 C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe
16:15:51.0571 4220 RalinkRegistryWriter64 - ok
16:15:51.0587 4220 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:15:51.0612 4220 RasAcd - ok
16:15:51.0630 4220 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:15:51.0655 4220 RasAgileVpn - ok
16:15:51.0660 4220 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:15:51.0690 4220 RasAuto - ok
16:15:51.0694 4220 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:51.0719 4220 Rasl2tp - ok
16:15:51.0734 4220 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:15:51.0764 4220 RasMan - ok
16:15:51.0769 4220 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:51.0794 4220 RasPppoe - ok
16:15:51.0798 4220 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:15:51.0823 4220 RasSstp - ok
16:15:51.0830 4220 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:15:51.0857 4220 rdbss - ok
16:15:51.0861 4220 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:15:51.0874 4220 rdpbus - ok
16:15:51.0889 4220 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:51.0908 4220 RDPCDD - ok
16:15:51.0915 4220 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:15:51.0935 4220 RDPENCDD - ok
16:15:51.0944 4220 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:15:51.0963 4220 RDPREFMP - ok
16:15:52.0003 4220 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:15:52.0015 4220 RdpVideoMiniport - ok
16:15:52.0030 4220 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:15:52.0043 4220 RDPWD - ok
16:15:52.0049 4220 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:15:52.0063 4220 rdyboost - ok
16:15:52.0101 4220 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:15:52.0131 4220 RemoteAccess - ok
16:15:52.0160 4220 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:15:52.0189 4220 RemoteRegistry - ok
16:15:52.0205 4220 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:15:52.0235 4220 RpcEptMapper - ok
16:15:52.0251 4220 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:15:52.0264 4220 RpcLocator - ok
16:15:52.0283 4220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:15:52.0316 4220 RpcSs - ok
16:15:52.0321 4220 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:15:52.0346 4220 rspndr - ok
16:15:52.0350 4220 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:15:52.0364 4220 SamSs - ok
16:15:52.0386 4220 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:15:52.0398 4220 sbp2port - ok
16:15:52.0403 4220 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:15:52.0448 4220 SCardSvr - ok
16:15:52.0477 4220 [ 3A09F31454DFEFBB124BAF378F90B636 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
16:15:52.0496 4220 SCDEmu - ok
16:15:52.0501 4220 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:15:52.0524 4220 scfilter - ok
16:15:52.0558 4220 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:15:52.0602 4220 Schedule - ok
16:15:52.0623 4220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:15:52.0653 4220 SCPolicySvc - ok
16:15:52.0671 4220 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:15:52.0690 4220 SDRSVC - ok
16:15:52.0707 4220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:15:52.0732 4220 secdrv - ok
16:15:52.0739 4220 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:15:52.0767 4220 seclogon - ok
16:15:52.0776 4220 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:15:52.0806 4220 SENS - ok
16:15:52.0811 4220 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:15:52.0827 4220 SensrSvc - ok
16:15:52.0832 4220 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:15:52.0843 4220 Serenum - ok
16:15:52.0853 4220 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:15:52.0865 4220 Serial - ok
16:15:52.0875 4220 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:15:52.0886 4220 sermouse - ok
16:15:52.0910 4220 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:15:52.0941 4220 SessionEnv - ok
16:15:52.0946 4220 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:15:52.0958 4220 sffdisk - ok
16:15:52.0962 4220 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:15:52.0974 4220 sffp_mmc - ok
16:15:52.0979 4220 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:15:52.0991 4220 sffp_sd - ok
16:15:52.0996 4220 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:15:53.0007 4220 sfloppy - ok
16:15:53.0031 4220 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:15:53.0063 4220 SharedAccess - ok
16:15:53.0080 4220 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:15:53.0112 4220 ShellHWDetection - ok
16:15:53.0124 4220 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:15:53.0135 4220 SiSRaid2 - ok
16:15:53.0146 4220 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:15:53.0157 4220 SiSRaid4 - ok
16:15:53.0187 4220 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:15:53.0265 4220 SkypeUpdate - ok
16:15:53.0270 4220 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:15:53.0296 4220 Smb - ok
16:15:53.0318 4220 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:15:53.0333 4220 SNMPTRAP - ok
16:15:53.0369 4220 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
16:15:53.0381 4220 speedfan - ok
16:15:53.0400 4220 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:15:53.0410 4220 spldr - ok
16:15:53.0454 4220 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:15:53.0492 4220 Spooler - ok
16:15:53.0561 4220 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:15:53.0608 4220 sppsvc - ok
16:15:53.0614 4220 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:15:53.0644 4220 sppuinotify - ok
16:15:53.0726 4220 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS
16:15:53.0755 4220 SRTSP - ok
16:15:53.0779 4220 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS
16:15:53.0791 4220 SRTSPX - ok
16:15:53.0810 4220 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:15:53.0826 4220 srv - ok
16:15:53.0834 4220 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:15:53.0849 4220 srv2 - ok
16:15:53.0863 4220 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:15:53.0879 4220 srvnet - ok
16:15:53.0891 4220 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:15:53.0922 4220 SSDPSRV - ok
16:15:53.0928 4220 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:15:53.0956 4220 SstpSvc - ok
16:15:53.0989 4220 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:15:54.0018 4220 ssudmdm - ok
16:15:54.0037 4220 Steam Client Service - ok
16:15:54.0044 4220 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:15:54.0057 4220 stexstor - ok
16:15:54.0090 4220 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:15:54.0119 4220 stisvc - ok
16:15:54.0124 4220 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:15:54.0136 4220 swenum - ok
16:15:54.0256 4220 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:15:54.0337 4220 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:15:54.0337 4220 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:15:54.0346 4220 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:15:54.0379 4220 swprv - ok
16:15:54.0398 4220 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS
16:15:54.0420 4220 SymDS - ok
16:15:54.0445 4220 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS
16:15:54.0467 4220 SymEFA - ok
16:15:54.0500 4220 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:15:54.0520 4220 SymEvent - ok
16:15:54.0554 4220 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS
16:15:54.0605 4220 SymIRON - ok
16:15:54.0648 4220 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS
16:15:54.0687 4220 SymNetS - ok
16:15:54.0729 4220 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:15:54.0761 4220 SysMain - ok
16:15:54.0779 4220 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:15:54.0799 4220 TabletInputService - ok
16:15:54.0806 4220 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:15:54.0837 4220 TapiSrv - ok
16:15:54.0864 4220 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:15:54.0894 4220 TBS - ok
16:15:54.0953 4220 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:15:54.0985 4220 Tcpip - ok
16:15:55.0026 4220 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:15:55.0057 4220 TCPIP6 - ok
16:15:55.0116 4220 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:15:55.0130 4220 tcpipreg - ok
16:15:55.0153 4220 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:15:55.0164 4220 TDPIPE - ok
16:15:55.0182 4220 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:15:55.0193 4220 TDTCP - ok
16:15:55.0212 4220 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:15:55.0236 4220 tdx - ok
16:15:55.0337 4220 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
16:15:55.0584 4220 TeamViewer8 - ok
16:15:55.0589 4220 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:15:55.0603 4220 TermDD - ok
16:15:55.0638 4220 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:15:55.0671 4220 TermService - ok
16:15:55.0680 4220 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:15:55.0700 4220 Themes - ok
16:15:55.0712 4220 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:15:55.0740 4220 THREADORDER - ok
16:15:55.0746 4220 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:15:55.0776 4220 TrkWks - ok
16:15:55.0825 4220 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:15:55.0856 4220 TrustedInstaller - ok
16:15:55.0865 4220 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:55.0889 4220 tssecsrv - ok
16:15:55.0916 4220 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:15:55.0927 4220 TsUsbFlt - ok
16:15:55.0952 4220 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:15:55.0964 4220 TsUsbGD - ok
16:15:55.0970 4220 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:15:55.0995 4220 tunnel - ok
16:15:56.0001 4220 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:15:56.0012 4220 uagp35 - ok
16:15:56.0033 4220 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:15:56.0058 4220 udfs - ok
16:15:56.0079 4220 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:15:56.0095 4220 UI0Detect - ok
16:15:56.0101 4220 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:15:56.0113 4220 uliagpkx - ok
16:15:56.0118 4220 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:15:56.0130 4220 umbus - ok
16:15:56.0141 4220 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:15:56.0151 4220 UmPass - ok
16:15:56.0210 4220 [ 0F9E1BC7E2BEA1A4108EC9736CF0C2D9 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:15:56.0241 4220 UNS - ok
16:15:56.0254 4220 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:15:56.0286 4220 upnphost - ok
16:15:56.0329 4220 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:15:56.0342 4220 USBAAPL64 - ok
16:15:56.0379 4220 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:15:56.0394 4220 usbaudio - ok
16:15:56.0423 4220 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:56.0434 4220 usbccgp - ok
16:15:56.0440 4220 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:15:56.0454 4220 usbcir - ok
16:15:56.0468 4220 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:15:56.0478 4220 usbehci - ok
16:15:56.0502 4220 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:15:56.0517 4220 usbhub - ok
16:15:56.0554 4220 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:15:56.0565 4220 usbohci - ok
16:15:56.0583 4220 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:15:56.0595 4220 usbprint - ok
16:15:56.0609 4220 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:56.0621 4220 USBSTOR - ok
16:15:56.0637 4220 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:15:56.0647 4220 usbuhci - ok
16:15:56.0653 4220 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:15:56.0682 4220 UxSms - ok
16:15:56.0697 4220 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:15:56.0711 4220 VaultSvc - ok
16:15:56.0717 4220 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:15:56.0727 4220 vdrvroot - ok
16:15:56.0746 4220 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:15:56.0777 4220 vds - ok
16:15:56.0788 4220 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:56.0801 4220 vga - ok
16:15:56.0806 4220 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:15:56.0830 4220 VgaSave - ok
16:15:56.0836 4220 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:15:56.0850 4220 vhdmp - ok
16:15:56.0894 4220 [ E8AF45C4FE2457D003E1842806F38748 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
16:15:56.0923 4220 VIAHdAudAddService - ok
16:15:56.0940 4220 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:15:56.0950 4220 viaide - ok
16:15:56.0984 4220 [ 05D6657A9CCFD269D05D41BFFDCE9498 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
16:15:56.0999 4220 VIAKaraokeService - ok
16:15:57.0025 4220 [ FF7C6E015AA32FC6BE0AEF582B802332 ] VirtDiskBus C:\Windows\system32\DRIVERS\VirtDiskBus64.sys
16:15:57.0036 4220 VirtDiskBus - ok
16:15:57.0042 4220 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:15:57.0054 4220 volmgr - ok
16:15:57.0062 4220 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:15:57.0078 4220 volmgrx - ok
16:15:57.0085 4220 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:15:57.0100 4220 volsnap - ok
16:15:57.0121 4220 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:15:57.0134 4220 vsmraid - ok
16:15:57.0162 4220 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:15:57.0202 4220 VSS - ok
16:15:57.0208 4220 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:15:57.0221 4220 vwifibus - ok
16:15:57.0227 4220 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:15:57.0242 4220 vwififlt - ok
16:15:57.0250 4220 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:15:57.0282 4220 W32Time - ok
16:15:57.0304 4220 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:15:57.0316 4220 WacomPen - ok
16:15:57.0326 4220 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:15:57.0352 4220 WANARP - ok
16:15:57.0367 4220 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:15:57.0394 4220 Wanarpv6 - ok
16:15:57.0450 4220 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:15:57.0577 4220 WatAdminSvc - ok
16:15:57.0609 4220 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:15:57.0668 4220 wbengine - ok
16:15:57.0675 4220 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:15:57.0696 4220 WbioSrvc - ok
16:15:57.0728 4220 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:15:57.0749 4220 wcncsvc - ok
16:15:57.0754 4220 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:15:57.0771 4220 WcsPlugInService - ok
16:15:57.0786 4220 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:15:57.0796 4220 Wd - ok
16:15:57.0842 4220 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:15:57.0861 4220 Wdf01000 - ok
16:15:57.0868 4220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:15:57.0888 4220 WdiServiceHost - ok
16:15:57.0893 4220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:15:57.0914 4220 WdiSystemHost - ok
16:15:57.0921 4220 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:15:57.0943 4220 WebClient - ok
16:15:57.0976 4220 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:15:57.0994 4220 Wecsvc - ok
16:15:58.0013 4220 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:15:58.0064 4220 wercplsupport - ok
16:15:58.0070 4220 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:15:58.0101 4220 WerSvc - ok
16:15:58.0118 4220 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:15:58.0141 4220 WfpLwf - ok
16:15:58.0154 4220 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:15:58.0165 4220 WIMMount - ok
16:15:58.0178 4220 WinDefend - ok
16:15:58.0192 4220 WinHttpAutoProxySvc - ok
16:15:58.0254 4220 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:15:58.0273 4220 Winmgmt - ok
16:15:58.0315 4220 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
16:15:58.0356 4220 WinRM - ok
16:15:58.0396 4220 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:15:58.0423 4220 Wlansvc - ok
16:15:58.0510 4220 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:15:58.0577 4220 wlidsvc - ok
16:15:58.0585 4220 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:15:58.0597 4220 WmiAcpi - ok
16:15:58.0614 4220 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:15:58.0660 4220 wmiApSrv - ok
16:15:58.0683 4220 WMPNetworkSvc - ok
16:15:58.0702 4220 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:15:58.0718 4220 WPCSvc - ok
16:15:58.0724 4220 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:15:58.0743 4220 WPDBusEnum - ok
16:15:58.0763 4220 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:15:58.0786 4220 ws2ifsl - ok
16:15:58.0804 4220 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:15:58.0841 4220 wscsvc - ok
16:15:58.0847 4220 WSearch - ok
16:15:58.0906 4220 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:15:58.0958 4220 wuauserv - ok
16:15:58.0988 4220 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:15:59.0001 4220 WudfPf - ok
16:15:59.0019 4220 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:15:59.0034 4220 WUDFRd - ok
16:15:59.0050 4220 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:15:59.0067 4220 wudfsvc - ok
16:15:59.0112 4220 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:15:59.0134 4220 WwanSvc - ok
16:15:59.0180 4220 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:15:59.0192 4220 xusb21 - ok
16:15:59.0202 4220 ================ Scan global ===============================
16:15:59.0223 4220 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:15:59.0255 4220 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:15:59.0259 4220 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:15:59.0290 4220 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:15:59.0319 4220 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:15:59.0323 4220 [Global] - ok
16:15:59.0323 4220 ================ Scan MBR ==================================
16:15:59.0339 4220 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:15:59.0606 4220 \Device\Harddisk0\DR0 - ok
16:15:59.0608 4220 ================ Scan VBR ==================================
16:15:59.0611 4220 [ CA3AABF9A14B8F232F3C5DDCD8DAA5A1 ] \Device\Harddisk0\DR0\Partition1
16:15:59.0612 4220 \Device\Harddisk0\DR0\Partition1 - ok
16:15:59.0621 4220 [ 7C543F54A1EE09246C6FD612151218C3 ] \Device\Harddisk0\DR0\Partition2
16:15:59.0622 4220 \Device\Harddisk0\DR0\Partition2 - ok
16:15:59.0624 4220 ============================================================
16:15:59.0624 4220 Scan finished
16:15:59.0624 4220 ============================================================
16:15:59.0634 1996 Detected object count: 6
16:15:59.0634 1996 Actual detected object count: 6
16:16:09.0289 1996 BEService ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:09.0289 1996 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:09.0290 1996 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:09.0290 1996 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:09.0290 1996 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:09.0290 1996 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:09.0291 1996 ICCS ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:09.0291 1996 ICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:09.0291 1996 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:09.0292 1996 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:09.0292 1996 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:09.0292 1996 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#8
Essexboy
Posted 18 February 2013 - 12:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it is not hiding there

When you download combofix please rename it to Gotcha

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
Adam2013
Posted 18 February 2013 - 12:41 PM

Adam2013

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OK so I did as you said and then when ComboFix rebooted I couldn't get on any program "Illegal operation attempted on a registry" so I went on my phone and googled it, they said restart my PC and it will work, it did work as I can now write this reply :D

When I logged on Malwarebytes said as always that it had quarentined the trojan again so I don't think it's dead :(

Anyway here's the log:


ComboFix 13-02-18.02 - User 18/02/2013 18:13:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16346.13123 [GMT 0:00]
Running from: c:\users\User\Desktop\Gotcha.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
c:\users\User\AppData\Local\Temp\{E04340F2-2314-4258-A318-1F612C053AEF}
c:\users\User\AppData\Local\Temp\sfamcc00001.dll
c:\users\User\AppData\Local\Temp\sfareca00001.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\tmpAD60.tmp
c:\windows\SysWow64\tmpAD70.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-18 18:20 . 2013-02-18 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-18 16:01 . 2013-02-18 16:01 -------- d-----w- C:\_OTL
2013-02-18 14:31 . 2013-02-18 14:31 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E714EA69-2CD1-4F28-A581-42AA545FB15F}\offreg.dll
2013-02-18 13:32 . 2013-01-08 05:32 9161176 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E714EA69-2CD1-4F28-A581-42AA545FB15F}\mpengine.dll
2013-02-16 19:08 . 2013-02-16 19:08 -------- d--h--w- c:\users\User\AppData\Roaming\AdobeUpdater
2013-02-16 00:35 . 2013-02-16 00:35 -------- d-sh--w- c:\programdata\SecuROM
2013-02-14 17:49 . 2013-02-14 17:49 -------- d-----w- c:\program files\Nexus Mod Manager
2013-02-12 19:10 . 2013-02-12 19:10 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-12 19:10 . 2013-02-12 19:10 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 19:10 . 2013-02-12 19:10 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 19:09 . 2013-02-12 19:09 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 19:09 . 2013-02-12 19:09 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 19:05 . 2013-02-12 19:05 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 19:05 . 2013-02-12 19:05 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-12 19:03 . 2013-02-12 19:03 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-12 19:03 . 2013-02-12 19:03 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-12 19:03 . 2013-02-12 19:03 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-12 19:03 . 2013-02-12 19:03 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-12 19:03 . 2013-02-12 19:03 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-12 19:03 . 2013-02-12 19:03 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-12 19:03 . 2013-02-12 19:03 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-11 23:32 . 2010-02-02 10:59 1940992 ------w- c:\windows\system32\Sens_oal.dll
2013-02-11 23:32 . 2010-02-02 10:57 2902498 ------w- c:\windows\SysWow64\Sens_oal.dll
2013-02-11 23:32 . 2013-02-11 23:32 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2013-02-11 20:41 . 2013-02-11 20:41 -------- d-----w- c:\program files (x86)\Adobe Story
2013-02-11 20:40 . 2013-02-11 20:43 -------- d-----w- c:\program files\Adobe
2013-02-08 22:30 . 2013-02-08 22:30 -------- d-----w- c:\users\User\AppData\Roaming\LEGO Company
2013-02-08 22:30 . 2013-02-08 22:30 -------- d-----w- c:\program files (x86)\LEGO Company
2013-02-06 19:01 . 2013-02-06 19:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-06 19:01 . 2013-02-06 19:01 -------- d-----r- c:\program files (x86)\Skype
2013-02-04 19:52 . 2013-02-04 19:52 -------- d-----w- c:\program files (x86)\Common Files\BattlEye
2013-02-04 18:36 . 2013-02-04 18:36 -------- d-----w- c:\users\User\AppData\Local\DayZCommander
2013-02-04 18:36 . 2013-02-04 18:36 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2013-02-02 02:15 . 2013-02-02 02:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-31 17:52 . 2013-01-31 17:52 715038 ----a-w- c:\windows\unins000.exe
2013-01-31 17:52 . 2011-12-07 19:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2013-01-31 17:31 . 2011-05-23 23:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2013-01-31 17:31 . 2011-05-23 23:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2013-01-31 17:31 . 2013-01-31 17:31 -------- d-----w- c:\program files (x86)\Dxtory Software
2013-01-31 17:30 . 2013-01-31 17:31 -------- d-----w- c:\users\User\AppData\Local\Dxtory Software
2013-01-30 20:44 . 2013-01-30 20:44 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2013-01-26 17:49 . 2013-01-26 17:49 -------- d-----w- c:\programdata\ATI
2013-01-26 17:48 . 2013-01-26 17:48 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-26 17:48 . 2013-01-26 17:48 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-24 16:09 . 2013-01-25 17:04 -------- d-----w- c:\windows\system32\drivers\N360x64\1402010.016
2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 18:18 . 2012-07-27 16:47 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-17 18:18 . 2012-07-27 16:47 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 19:34 . 2012-07-27 16:20 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 19:03 . 2013-02-12 19:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-02-11 23:32 . 2012-07-31 16:55 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-11 23:32 . 2012-07-31 16:55 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-11 23:32 . 2012-07-31 16:55 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-11 23:32 . 2012-07-31 16:55 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-02-02 02:15 . 2012-07-27 13:49 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-02 02:15 . 2012-07-27 13:49 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-21 15:33 . 2012-09-08 20:01 25640 ----a-w- c:\windows\gdrv.sys
2013-01-19 15:35 . 2012-07-31 23:59 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-19 15:35 . 2012-07-31 14:06 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-16 19:34 . 2012-07-31 14:06 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-24 22:50 . 2012-07-31 14:06 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-24 22:40 . 2012-12-24 22:40 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 15:45 . 2012-12-19 15:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 15:44 . 2012-12-19 15:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 15:44 . 2012-12-19 15:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 15:44 . 2012-12-19 15:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 15:44 . 2012-12-19 15:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 15:44 . 2012-12-19 15:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 15:38 . 2012-12-19 15:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 15:34 . 2012-12-19 15:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 15:34 . 2012-12-19 15:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-21 22:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:47 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:47 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 16:49 . 2012-10-18 00:23 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 20:28 . 2012-12-11 20:28 9728 ----a-w- c:\windows\SysWow64\winrssrv.dll
2012-12-11 20:28 . 2012-12-11 20:28 92160 ----a-w- c:\windows\SysWow64\winrscmd.dll
2012-12-11 20:28 . 2012-12-11 20:28 83456 ----a-w- c:\windows\SysWow64\wevtfwd.dll
2012-12-11 20:28 . 2012-12-11 20:28 78336 ----a-w- c:\windows\SysWow64\wecutil.exe
2012-12-11 20:28 . 2012-12-11 20:28 61440 ----a-w- c:\windows\SysWow64\wecapi.dll
2012-12-11 20:28 . 2012-12-11 20:28 60416 ----a-w- c:\windows\SysWow64\WsmRes.dll
2012-12-11 20:28 . 2012-12-11 20:28 56832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2012-12-11 20:28 . 2012-12-11 20:28 526848 ----a-w- c:\windows\SysWow64\WsmGCDeps.dll
2012-12-11 20:28 . 2012-12-11 20:28 42496 ----a-w- c:\windows\SysWow64\pwrshplugin.dll
2012-12-11 20:28 . 2012-12-11 20:28 39936 ----a-w- c:\windows\SysWow64\winrs.exe
2012-12-11 20:28 . 2012-12-11 20:28 35840 ----a-w- c:\windows\SysWow64\wsmprovhost.exe
2012-12-11 20:28 . 2012-12-11 20:28 30208 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2012-12-11 20:28 . 2012-12-11 20:28 227328 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2012-12-11 20:28 . 2012-12-11 20:28 21504 ----a-w- c:\windows\SysWow64\WsmAgent.dll
2012-12-11 20:28 . 2012-12-11 20:28 20480 ----a-w- c:\windows\SysWow64\winrshost.exe
2012-12-11 20:28 . 2012-12-11 20:28 204105 ----a-w- c:\windows\SysWow64\winrm.vbs
2012-12-11 20:28 . 2012-12-11 20:28 2039296 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2012-12-11 20:28 . 2012-12-11 20:28 1536 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2012-12-11 20:28 . 2012-12-11 20:28 138752 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2012-12-11 20:28 . 2012-12-11 20:28 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2012-12-11 20:28 . 2012-12-11 20:28 46080 ----a-w- c:\windows\system32\winrs.exe
2012-12-11 20:28 . 2012-12-11 20:28 23040 ----a-w- c:\windows\system32\winrshost.exe
2012-12-11 20:28 . 2012-12-11 20:28 1536 ----a-w- c:\windows\system32\winrsmgr.dll
2012-12-11 20:28 . 2012-12-11 20:28 12800 ----a-w- c:\windows\system32\winrssrv.dll
2012-12-11 20:28 . 2012-12-11 20:28 106496 ----a-w- c:\windows\system32\winrscmd.dll
2012-12-11 20:28 . 2012-12-11 20:28 93184 ----a-w- c:\windows\SysWow64\wbem\WmiApRpl.dll
2012-12-11 20:28 . 2012-12-11 20:28 91136 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll
2012-12-11 20:28 . 2012-12-11 20:28 89088 ----a-w- c:\windows\SysWow64\mi.dll
2012-12-11 20:28 . 2012-12-11 20:28 88064 ----a-w- c:\windows\system32\wbem\WMICOOKR.dll
2012-12-11 20:28 . 2012-12-11 20:28 83456 ----a-w- c:\windows\system32\wecapi.dll
2012-12-11 20:28 . 2012-12-11 20:28 77824 ----a-w- c:\windows\SysWow64\wbem\WinMgmt.exe
2012-12-11 20:28 . 2012-12-11 20:28 73728 ----a-w- c:\windows\system32\wbem\xml\wmi2xml.dll
2012-12-11 20:28 . 2012-12-11 20:28 72192 ----a-w- c:\windows\SysWow64\wbem\WMICOOKR.dll
2012-12-11 20:28 . 2012-12-11 20:28 71168 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2012-12-11 20:28 . 2012-12-11 20:28 69632 ----a-w- c:\windows\system32\wbem\wbemcons.dll
2012-12-11 20:28 . 2012-12-11 20:28 66560 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2012-12-11 20:28 . 2012-12-11 20:28 64512 ----a-w- c:\windows\system32\wbem\wbemsvc.dll
2012-12-11 20:28 . 2012-12-11 20:28 630784 ----a-w- c:\windows\system32\WsmGCDeps.dll
2012-12-11 20:28 . 2012-12-11 20:28 60416 ----a-w- c:\windows\system32\WsmRes.dll
2012-12-11 20:28 . 2012-12-11 20:28 59904 ----a-w- c:\windows\SysWow64\prvdmofcomp.dll
2012-12-11 20:28 . 2012-12-11 20:28 51712 ----a-w- c:\windows\system32\wbem\wmitimep.dll
2012-12-11 20:28 . 2012-12-11 20:28 49664 ----a-w- c:\windows\SysWow64\wbem\wbemsvc.dll
2012-12-11 20:28 . 2012-12-11 20:28 494592 ----a-w- c:\windows\system32\wbemcomn2.dll
2012-12-11 20:28 . 2012-12-11 20:28 48128 ----a-w- c:\windows\system32\PSModuleDiscoveryProvider.dll
2012-12-11 20:28 . 2012-12-11 20:28 46080 ----a-w- c:\windows\SysWow64\ncobjapi.dll
2012-12-11 20:28 . 2012-12-11 20:28 45568 ----a-w- c:\windows\system32\wbem\SMTPCons.dll
2012-12-11 20:28 . 2012-12-11 20:28 453120 ----a-w- c:\windows\system32\wbem\wbemess.dll
2012-12-11 20:28 . 2012-12-11 20:28 44544 ----a-w- c:\windows\system32\wbem\scrcons.exe
2012-12-11 20:28 . 2012-12-11 20:28 396288 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2012-12-11 20:28 . 2012-12-11 20:28 39424 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2012-12-11 20:28 . 2012-12-11 20:28 31744 ----a-w- c:\windows\system32\wbem\WinMgmtR.dll
2012-12-11 20:28 . 2012-12-11 20:28 309248 ----a-w- c:\windows\system32\WsmWmiPl.dll
2012-12-11 20:28 . 2012-12-11 20:28 30720 ----a-w- c:\windows\system32\wsmprovhost.exe
2012-12-11 20:28 . 2012-12-11 20:28 29184 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll
2012-12-11 20:28 . 2012-12-11 20:28 28672 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2012-12-11 20:28 . 2012-12-11 20:28 2832384 ----a-w- c:\windows\system32\WsmSvc.dll
2012-12-11 20:28 . 2012-12-11 20:28 283136 ----a-w- c:\windows\SysWow64\wbem\esscli.dll
2012-12-11 20:28 . 2012-12-11 20:28 26112 ----a-w- c:\windows\system32\WsmAgent.dll
2012-12-11 20:28 . 2012-12-11 20:28 258048 ----a-w- c:\windows\system32\wbem\mofd.dll
2012-12-11 20:28 . 2012-12-11 20:28 247296 ----a-w- c:\windows\system32\framedynos.dll
2012-12-11 20:28 . 2012-12-11 20:28 22528 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2012-12-11 20:28 . 2012-12-11 20:28 216576 ----a-w- c:\windows\system32\wecsvc.dll
2012-12-11 20:28 . 2012-12-11 20:28 204105 ----a-w- c:\windows\system32\winrm.vbs
2012-12-11 20:28 . 2012-12-11 20:28 195072 ----a-w- c:\windows\SysWow64\wbem\mofd.dll
2012-12-11 20:28 . 2012-12-11 20:28 192512 ----a-w- c:\windows\SysWow64\framedynos.dll
2012-12-11 20:28 . 2012-12-11 20:28 189952 ----a-w- c:\windows\SysWow64\framedyn.dll
2012-12-11 20:28 . 2012-12-11 20:28 18944 ----a-w- c:\windows\SysWow64\wbem\mofcomp.exe
2012-12-11 20:28 . 2012-12-11 20:28 172544 ----a-w- c:\windows\SysWow64\miutils.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GMouse"="c:\gigabyte force\GIGABYTE FORCE.EXE" [2011-11-08 667648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe"="c:\users\User\AppData\Roaming\AdobeUpdater\color.vbe" [2013-02-03 69824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-04 49152]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-02-11 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-27 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-07-20 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-07-20 29696]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-27 1255736]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130126.002\IDSvia64.sys [2013-01-11 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys [2011-02-08 66160]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Tenda\Common\RaRegistry64.exe [2010-06-28 211808]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-12 138912]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 18:18]
.
2013-02-18 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-11-11 01:27]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 13:21]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 13:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3220468
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Scribblenauts Unlimited_is1 - c:\program files (x86)\WB Games\Scribblenauts Unlimited\unins000.exe
AddRemove-The Elder Scrolls V Skyrim - c:\users\User\Desktop\cod clips\The Elder Scrolls V Skyrim\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-559612745-3904666825-1817983461-1000\Software\SecuROM\License information*]
"datasecu"=hex:66,7d,23,0f,61,61,b1,fa,e8,f2,c3,cd,64,84,6c,83,18,cb,b0,4d,ac,
b8,61,fc,40,d4,18,6d,42,8b,21,19,14,9f,01,d6,a8,cd,63,9a,55,ac,ff,73,3e,3a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Tenda\Common\RaRegistry.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-02-18 18:26:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-18 18:26
.
Pre-Run: 1,100,128,313,344 bytes free
Post-Run: 1,100,167,045,120 bytes free
.
- - End Of File - - DAC1623657EBDC003AD1D35F95F3E210
  • 0

#10
Essexboy
Posted 18 February 2013 - 01:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try this OTL fix please then after the reboot run another MBAM scan



Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [Adobe] C:\Users\User\AppData\Roaming\AdobeUpdater\color.vbe ()
:Files
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6RBMKFU

:Commands
[resethosts]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#11
Adam2013
Posted 18 February 2013 - 01:56 PM

Adam2013

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This time I didn't get a blue screen and it rebooted successfully, by the way did you want me to do a Malwarebytes quick scan or full scan (full scan will take 3 hours)?

Here's the results of the OTL Quick Scan:


OTL logfile created on: 18/02/2013 19:48:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.96 Gb Total Physical Memory | 12.90 Gb Available Physical Memory | 80.81% Memory free
31.92 Gb Paging File | 28.51 Gb Available in Paging File | 89.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1025.81 Gb Free Space | 55.06% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 15:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/01/15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/24 22:50:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe
PRC - [2012/09/12 07:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2012/01/05 11:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/08 06:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
PRC - [2010/06/28 09:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
PRC - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/18 19:44:37 | 000,192,512 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/02/18 19:44:37 | 000,158,720 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2012/05/30 14:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2011/11/08 06:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/01/10 14:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/12/08 15:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/17 18:18:47 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/11 23:32:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/02/04 19:52:50 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/24 22:50:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/06/28 09:51:00 | 000,211,808 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010/06/28 09:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Tenda\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/11 02:18:07 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/06 11:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/20 04:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/20 04:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/07 01:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/24 07:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 19:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/06 15:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/20 10:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/07/20 10:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 14:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/01/06 08:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/01/06 08:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/01/05 11:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 11:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 11:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/11 22:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 15:02:44 | 000,066,160 | ---- | M] (Giga-Byte Technology CO., LTD.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys -- (VirtDiskBus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/14 14:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 23:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 22:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/30 22:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV - [2013/01/21 15:33:44 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/01/16 17:46:45 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 17:46:45 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\eng64.sys -- (NAVENG)
DRV - [2013/01/16 02:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/12 19:13:35 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/11 16:34:02 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130126.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/10 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/07/27 13:02:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 F7 AC ED 61 88 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{3C86EBD6-35F2-45BC-97A2-565F661FABE3}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\..\SearchScopes\{62797A94-95CB-47c9-A188-67005302F5E8}: "URL" = http://uk.search.yah...evm&type=IEBDSV
IE - HKCU\..\SearchScopes\{D3566D1F-8F42-408d-8BED-A48BB259BC1C}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/02/18 19:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/01/13 03:05:13 | 000,000,000 | ---D | M]

[2012/10/18 16:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/18 16:11:48 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Poper Blocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche\1.62_0\
CHR - Extension: Adblock Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.2_0\
CHR - Extension: Minecraft Theme = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnmkpgipfeflohebgbmbjpeopbiioin\1_0\
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Yahoo Mail Checker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbgodfidfimmjgeapafonbdkkkndpmp\1.4.1_0\
CHR - Extension: Minecraft Wiki Searcher = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kffllhckohamkhicfkcncgjekbbfmbji\0.3_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Norton Identity Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: Auto Refresh Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.21_0\
CHR - Extension: 4chan Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\

O1 HOSTS File: ([2013/02/18 19:41:11 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [GMouse] C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDEEB9B-2E4B-46EE-AF3E-028518C1ED4C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 18:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/18 18:11:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/18 18:11:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/18 18:11:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/18 18:11:52 | 000,000,000 | ---D | C] -- C:\Gotcha
[2013/02/18 18:08:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/18 18:07:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/18 18:06:30 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\User\Desktop\Gotcha.exe
[2013/02/18 16:01:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/18 16:01:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013/02/18 15:09:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013/02/18 15:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/16 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AdobeUpdater
[2013/02/16 18:10:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\cod clips
[2013/02/16 00:35:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/02/14 17:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2013/02/14 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2013/02/11 23:32:56 | 002,902,498 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013/02/11 23:32:56 | 001,940,992 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013/02/11 23:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013/02/11 23:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013/02/11 23:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013/02/11 23:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/02/11 22:14:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\savegame
[2013/02/11 20:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2013/02/11 20:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/11 20:29:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Abode After Effects CS5.5
[2013/02/08 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\LEGO Creations
[2013/02/08 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LEGO Company
[2013/02/08 22:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
[2013/02/08 22:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company
[2013/02/07 18:21:17 | 000,059,392 | ---- | C] (Technic) -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/02/06 19:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/06 19:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/06 19:01:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/04 19:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013/02/04 18:36:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DayZCommander
[2013/02/04 18:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013/01/31 17:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2013/01/31 17:31:02 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll
[2013/01/31 17:31:02 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2013/01/31 17:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2013/01/31 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Dxtory Software
[2013/01/30 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/01/30 19:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
[2013/01/29 21:12:38 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Games for Windows - LIVE Demos
[2013/01/26 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/01/26 17:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/01/26 17:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/01/26 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/01/26 17:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/01/24 18:24:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\FTB
[2013/01/21 15:28:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Tekkit Stuff
[2013/01/21 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\College
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 19:49:01 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 19:49:01 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 19:44:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000UA.job
[2013/02/18 19:44:06 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/18 19:42:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/18 19:42:47 | 4265,127,934 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/18 19:41:11 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/02/18 19:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/18 18:11:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/18 18:06:39 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\User\Desktop\Gotcha.exe
[2013/02/18 16:02:25 | 1918,042,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/18 16:01:07 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013/02/18 15:39:56 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2013/02/18 15:10:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013/02/18 15:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/18 00:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000Core.job
[2013/02/17 23:54:30 | 005,798,808 | ---- | M] () -- C:\Users\User\Desktop\Fleet Foxes - Tiger Mountain Peasant Song (Cover).mp3
[2013/02/17 21:12:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/17 21:12:53 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/17 21:12:53 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/17 20:50:04 | 000,075,027 | ---- | M] () -- C:\Users\User\Desktop\66963_502739726431095_858533673_n.jpg
[2013/02/17 20:43:50 | 000,094,359 | ---- | M] () -- C:\Users\User\Desktop\223448_502739733097761_476356545_n.jpg
[2013/02/16 19:21:33 | 000,007,661 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/02/16 18:33:47 | 093,749,015 | ---- | M] () -- C:\Users\User\Desktop\crysis 3 clips rendered.mp4
[2013/02/16 18:29:46 | 000,106,567 | ---- | M] () -- C:\Users\User\Desktop\Untitled.camproj
[2013/02/14 17:49:55 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/12 23:05:02 | 005,059,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 23:04:27 | 001,607,517 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/02/11 23:32:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/02/11 23:32:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/02/11 23:30:40 | 000,000,314 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/02/11 21:01:30 | 000,001,242 | ---- | M] () -- C:\Users\User\Desktop\Adobe After Effects CS5.5.lnk
[2013/02/10 22:07:17 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\Random Clips.lnk
[2013/02/09 19:30:03 | 004,458,120 | ---- | M] () -- C:\Users\User\Desktop\DayZ Heavy Metal Farmer.mp4
[2013/02/07 22:29:54 | 005,812,633 | ---- | M] () -- C:\Users\User\Desktop\Justice - D.A.N.C.E. (Official Video).mp3
[2013/02/07 18:21:18 | 000,059,392 | ---- | M] (Technic) -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/02/06 23:37:37 | 000,001,084 | ---- | M] () -- C:\Users\User\Desktop\OrangeAClock.lnk
[2013/02/06 19:09:37 | 001,921,018 | ---- | M] () -- C:\Users\User\Desktop\It Rains - Crunch Test With Brian 2.25 Rendered.mp3
[2013/02/05 18:06:34 | 012,291,556 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-12-48-81.avi
[2013/02/05 18:05:48 | 030,805,868 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-02-18-41.avi
[2013/02/04 19:51:10 | 000,001,406 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/02/02 23:32:28 | 014,704,506 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-02 21-09-04-20.avi
[2013/01/31 23:18:59 | 248,091,136 | ---- | M] () -- C:\Users\User\Desktop\other rocket stuff.avi
[2013/01/31 23:03:59 | 331,681,708 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 21-23-37-06.avi
[2013/01/31 20:47:12 | 060,067,292 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 19-51-40-12.avi
[2013/01/31 17:52:29 | 000,001,940 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/31 17:52:28 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/31 17:31:06 | 000,001,182 | ---- | M] () -- C:\Users\User\Desktop\Dxtory.lnk
[2013/01/31 02:48:15 | 000,001,054 | ---- | M] () -- C:\Users\User\AppData\Roaming\Network Meter_Settings.ini
[2013/01/31 02:47:19 | 000,000,842 | ---- | M] () -- C:\Users\User\AppData\Roaming\Drives Meter_Settings.ini
[2013/01/31 02:47:05 | 000,000,579 | ---- | M] () -- C:\Users\User\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/01/29 17:52:27 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/01/29 17:52:25 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/01/26 19:30:26 | 000,001,007 | ---- | M] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2013/01/26 19:30:23 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/01/25 20:24:38 | 000,764,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/25 17:04:54 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/25 17:04:11 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 18:24:21 | 000,537,171 | ---- | M] () -- C:\Users\User\Desktop\FTB_Launcher.exe
[2013/01/24 17:02:41 | 000,703,117 | ---- | M] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/18 18:11:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/18 18:11:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/18 18:11:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/18 18:11:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/18 18:11:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/18 16:02:25 | 1918,042,801 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/18 15:39:56 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2013/02/17 23:54:25 | 005,798,808 | ---- | C] () -- C:\Users\User\Desktop\Fleet Foxes - Tiger Mountain Peasant Song (Cover).mp3
[2013/02/17 20:43:49 | 000,094,359 | ---- | C] () -- C:\Users\User\Desktop\223448_502739733097761_476356545_n.jpg
[2013/02/17 20:43:41 | 000,075,027 | ---- | C] () -- C:\Users\User\Desktop\66963_502739726431095_858533673_n.jpg
[2013/02/16 18:33:34 | 093,749,015 | ---- | C] () -- C:\Users\User\Desktop\crysis 3 clips rendered.mp4
[2013/02/14 17:49:55 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/11 23:30:40 | 000,025,262 | ---- | C] () -- C:\Windows\SysNative\xfisk.ini
[2013/02/11 23:30:40 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
[2013/02/11 23:30:30 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2013/02/11 23:30:30 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2013/02/11 23:30:26 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013/02/11 23:30:26 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/02/11 23:30:26 | 000,083,456 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013/02/11 23:30:26 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/02/11 23:30:26 | 000,000,314 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/02/11 20:48:42 | 000,001,242 | ---- | C] () -- C:\Users\User\Desktop\Adobe After Effects CS5.5.lnk
[2013/02/11 20:43:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.5.lnk
[2013/02/11 20:42:45 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.5.lnk
[2013/02/11 20:42:31 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2013/02/11 20:42:09 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.5.lnk
[2013/02/11 20:41:39 | 000,001,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2013/02/11 20:41:33 | 000,001,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.6.lnk
[2013/02/11 20:39:53 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2013/02/11 20:39:42 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2013/02/11 20:38:55 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/02/09 19:04:42 | 004,458,120 | ---- | C] () -- C:\Users\User\Desktop\DayZ Heavy Metal Farmer.mp4
[2013/02/07 22:29:49 | 005,812,633 | ---- | C] () -- C:\Users\User\Desktop\Justice - D.A.N.C.E. (Official Video).mp3
[2013/02/06 23:37:33 | 000,001,084 | ---- | C] () -- C:\Users\User\Desktop\OrangeAClock.lnk
[2013/02/06 23:36:12 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\Random Clips.lnk
[2013/02/06 19:09:36 | 001,921,018 | ---- | C] () -- C:\Users\User\Desktop\It Rains - Crunch Test With Brian 2.25 Rendered.mp3
[2013/02/05 18:06:21 | 012,291,556 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-12-48-81.avi
[2013/02/05 18:05:23 | 030,805,868 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-02-18-41.avi
[2013/02/04 18:36:35 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/02/02 23:54:58 | 000,106,567 | ---- | C] () -- C:\Users\User\Desktop\Untitled.camproj
[2013/02/02 23:32:17 | 014,704,506 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-02 21-09-04-20.avi
[2013/01/31 23:13:50 | 248,091,136 | ---- | C] () -- C:\Users\User\Desktop\other rocket stuff.avi
[2013/01/31 22:59:15 | 331,681,708 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 21-23-37-06.avi
[2013/01/31 20:46:20 | 060,067,292 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 19-51-40-12.avi
[2013/01/31 17:52:29 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/31 17:52:29 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013/01/31 17:52:29 | 000,001,940 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/31 17:31:06 | 000,001,182 | ---- | C] () -- C:\Users\User\Desktop\Dxtory.lnk
[2013/01/31 02:47:19 | 000,000,842 | ---- | C] () -- C:\Users\User\AppData\Roaming\Drives Meter_Settings.ini
[2013/01/31 02:47:05 | 000,000,579 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/01/31 02:39:12 | 000,001,054 | ---- | C] () -- C:\Users\User\AppData\Roaming\Network Meter_Settings.ini
[2013/01/26 19:30:26 | 000,001,007 | ---- | C] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2013/01/25 17:04:54 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/24 18:23:36 | 000,537,171 | ---- | C] () -- C:\Users\User\Desktop\FTB_Launcher.exe
[2012/12/24 22:40:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/11/21 13:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/18 19:17:11 | 000,000,083 | ---- | C] () -- C:\Program Files (x86)\update-NFSMW2012.bat
[2012/11/08 16:42:06 | 000,703,117 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar
[2012/11/08 16:42:06 | 000,703,007 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar.bak
[2012/10/13 11:58:34 | 000,007,661 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2012/10/05 21:54:20 | 000,000,079 | ---- | C] () -- C:\Users\User\AppData\Local\CrystalDiskMark30.ini
[2012/10/03 18:29:25 | 000,018,944 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/08/05 08:43:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/05 08:43:44 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/08/05 08:43:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/05 08:43:39 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/08/01 15:05:59 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/08/01 15:05:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/31 14:06:30 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/31 14:06:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/27 14:03:57 | 000,764,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 13:19:57 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/07/27 13:19:20 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/07/27 13:19:20 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/07/26 14:57:39 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/07/26 14:23:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/26 13:40:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/12/11 20:28:34 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/11 20:28:34 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/12/11 20:28:35 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/07 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013/02/07 18:21:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.techniclauncher
[2013/02/09 19:01:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012/08/29 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Awesomium
[2012/09/02 19:52:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FFsplit
[2013/01/24 18:24:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ftblauncher
[2012/10/31 05:09:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2012/09/28 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012/10/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leawo
[2013/02/08 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LEGO Company
[2013/02/07 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\logs
[2012/09/02 18:58:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2012/07/27 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mount&Blade Warband
[2012/07/31 00:07:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/12/05 21:43:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012/10/27 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Play withSIX
[2012/08/04 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PowerISO
[2012/10/17 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers
[2012/11/28 02:11:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2012/08/31 22:50:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\six-zsync
[2012/10/18 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony
[2012/09/02 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Splashtop
[2012/12/25 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2012/10/20 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TechSmith
[2012/09/15 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2012/08/26 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tific
[2012/10/03 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\tiger-k
[2013/02/18 01:39:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/11/10 16:54:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WB Games
[2012/10/20 17:03:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinFF
[2012/10/06 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\XRay Engine
[2012/11/08 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========



< End of report >
  • 0

#12
Essexboy
Posted 18 February 2013 - 02:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Quick scan is good enough as it covers all the main areas
  • 0

#13
Adam2013
Posted 18 February 2013 - 02:52 PM

Adam2013

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Still finding something :(

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

18/02/2013 20:50:44
MBAM-log-2013-02-18 (20-51-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215124
Time elapsed: 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\User\Local Settings\Temporary Internet Files\Content.IE5\1AC3P33M\svchost[1].exe (Trojan.Bitminer) -> No action taken.

(end)
  • 0

#14
Essexboy
Posted 18 February 2013 - 02:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK can you disable MBAM please as I will need to empty the temp internet files and MBAM is stopping OTL when I try to run that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Files
C:\Users\User\Local Settings\Temporary Internet Files\Content.IE5

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
Adam2013
Posted 18 February 2013 - 03:32 PM

Adam2013

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for all the help so far man, here's the OTL quick scan log after reboot:


OTL logfile created on: 18/02/2013 21:25:13 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.96 Gb Total Physical Memory | 13.27 Gb Available Physical Memory | 83.12% Memory free
31.92 Gb Paging File | 28.72 Gb Available in Paging File | 89.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1025.94 Gb Free Space | 55.07% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 15:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/01/15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/24 22:50:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe
PRC - [2012/09/12 07:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2012/01/05 11:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/08 06:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
PRC - [2010/06/28 09:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
PRC - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/18 21:23:20 | 000,192,512 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/02/18 21:23:20 | 000,158,720 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2012/05/30 14:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2011/11/08 06:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/01/10 14:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/12/08 15:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/17 18:18:47 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/11 23:32:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/02/04 19:52:50 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/24 22:50:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/06/28 09:51:00 | 000,211,808 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010/06/28 09:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Tenda\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/11 02:18:07 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/06 11:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/20 04:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/20 04:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/07 01:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/24 07:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 19:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/06 15:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/20 10:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/07/20 10:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 14:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/01/06 08:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/01/06 08:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/01/05 11:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 11:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 11:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/11 22:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 15:02:44 | 000,066,160 | ---- | M] (Giga-Byte Technology CO., LTD.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys -- (VirtDiskBus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/14 14:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 23:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 22:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/30 22:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV - [2013/01/21 15:33:44 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/01/16 17:46:45 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 17:46:45 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130129.005\eng64.sys -- (NAVENG)
DRV - [2013/01/16 02:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/12 19:13:35 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/11 16:34:02 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130126.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/10 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/07/27 13:02:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 F7 AC ED 61 88 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{3C86EBD6-35F2-45BC-97A2-565F661FABE3}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\..\SearchScopes\{62797A94-95CB-47c9-A188-67005302F5E8}: "URL" = http://uk.search.yah...evm&type=IEBDSV
IE - HKCU\..\SearchScopes\{D3566D1F-8F42-408d-8BED-A48BB259BC1C}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/02/18 21:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/01/13 03:05:13 | 000,000,000 | ---D | M]

[2012/10/18 16:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/18 16:11:48 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Poper Blocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche\1.62_0\
CHR - Extension: Adblock Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.2_0\
CHR - Extension: Minecraft Theme = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnmkpgipfeflohebgbmbjpeopbiioin\1_0\
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Yahoo Mail Checker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbgodfidfimmjgeapafonbdkkkndpmp\1.4.1_0\
CHR - Extension: Minecraft Wiki Searcher = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kffllhckohamkhicfkcncgjekbbfmbji\0.3_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Norton Identity Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: Auto Refresh Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.21_0\
CHR - Extension: 4chan Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\

O1 HOSTS File: ([2013/02/18 21:19:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [GMouse] C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDEEB9B-2E4B-46EE-AF3E-028518C1ED4C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 18:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/18 18:11:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/18 18:11:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/18 18:11:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/18 18:11:52 | 000,000,000 | ---D | C] -- C:\Gotcha
[2013/02/18 18:08:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/18 18:07:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/18 18:06:30 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\User\Desktop\Gotcha.exe
[2013/02/18 16:01:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/18 16:01:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013/02/18 15:09:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013/02/18 15:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/16 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AdobeUpdater
[2013/02/16 18:10:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\cod clips
[2013/02/16 00:35:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/02/14 17:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2013/02/14 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2013/02/11 23:32:56 | 002,902,498 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013/02/11 23:32:56 | 001,940,992 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013/02/11 23:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013/02/11 23:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013/02/11 23:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013/02/11 23:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/02/11 22:14:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\savegame
[2013/02/11 20:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2013/02/11 20:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/11 20:29:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Abode After Effects CS5.5
[2013/02/08 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\LEGO Creations
[2013/02/08 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LEGO Company
[2013/02/08 22:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
[2013/02/08 22:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company
[2013/02/07 18:21:17 | 000,059,392 | ---- | C] (Technic) -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/02/06 19:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/06 19:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/06 19:01:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/04 19:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013/02/04 18:36:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DayZCommander
[2013/02/04 18:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013/01/31 17:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2013/01/31 17:31:02 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll
[2013/01/31 17:31:02 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2013/01/31 17:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2013/01/31 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Dxtory Software
[2013/01/30 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/01/30 19:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
[2013/01/29 21:12:38 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Games for Windows - LIVE Demos
[2013/01/26 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/01/26 17:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/01/26 17:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/01/26 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/01/26 17:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/01/24 18:24:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\FTB
[2013/01/21 15:28:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Tekkit Stuff
[2013/01/21 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\College

========== Files - Modified Within 30 Days ==========

[2013/02/18 21:27:20 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 21:27:20 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 21:22:21 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/18 21:21:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/18 21:21:11 | 4265,127,934 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/18 21:19:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/02/18 21:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/18 20:44:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000UA.job
[2013/02/18 18:11:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/18 18:06:39 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\User\Desktop\Gotcha.exe
[2013/02/18 16:02:25 | 1918,042,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/18 16:01:07 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013/02/18 15:39:56 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2013/02/18 15:10:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013/02/18 15:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/18 00:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559612745-3904666825-1817983461-1000Core.job
[2013/02/17 23:54:30 | 005,798,808 | ---- | M] () -- C:\Users\User\Desktop\Fleet Foxes - Tiger Mountain Peasant Song (Cover).mp3
[2013/02/17 21:12:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/17 21:12:53 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/17 21:12:53 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/17 20:50:04 | 000,075,027 | ---- | M] () -- C:\Users\User\Desktop\66963_502739726431095_858533673_n.jpg
[2013/02/17 20:43:50 | 000,094,359 | ---- | M] () -- C:\Users\User\Desktop\223448_502739733097761_476356545_n.jpg
[2013/02/16 19:21:33 | 000,007,661 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/02/16 18:33:47 | 093,749,015 | ---- | M] () -- C:\Users\User\Desktop\crysis 3 clips rendered.mp4
[2013/02/16 18:29:46 | 000,106,567 | ---- | M] () -- C:\Users\User\Desktop\Untitled.camproj
[2013/02/14 17:49:55 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/12 23:05:02 | 005,059,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 23:04:27 | 001,607,517 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/02/11 23:32:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/02/11 23:32:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/02/11 23:30:40 | 000,000,314 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/02/11 21:01:30 | 000,001,242 | ---- | M] () -- C:\Users\User\Desktop\Adobe After Effects CS5.5.lnk
[2013/02/10 22:07:17 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\Random Clips.lnk
[2013/02/09 19:30:03 | 004,458,120 | ---- | M] () -- C:\Users\User\Desktop\DayZ Heavy Metal Farmer.mp4
[2013/02/07 22:29:54 | 005,812,633 | ---- | M] () -- C:\Users\User\Desktop\Justice - D.A.N.C.E. (Official Video).mp3
[2013/02/07 18:21:18 | 000,059,392 | ---- | M] (Technic) -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/02/06 23:37:37 | 000,001,084 | ---- | M] () -- C:\Users\User\Desktop\OrangeAClock.lnk
[2013/02/06 19:09:37 | 001,921,018 | ---- | M] () -- C:\Users\User\Desktop\It Rains - Crunch Test With Brian 2.25 Rendered.mp3
[2013/02/05 18:06:34 | 012,291,556 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-12-48-81.avi
[2013/02/05 18:05:48 | 030,805,868 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-02-18-41.avi
[2013/02/04 19:51:10 | 000,001,406 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/02/02 23:32:28 | 014,704,506 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-02 21-09-04-20.avi
[2013/01/31 23:18:59 | 248,091,136 | ---- | M] () -- C:\Users\User\Desktop\other rocket stuff.avi
[2013/01/31 23:03:59 | 331,681,708 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 21-23-37-06.avi
[2013/01/31 20:47:12 | 060,067,292 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 19-51-40-12.avi
[2013/01/31 17:52:29 | 000,001,940 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/31 17:52:28 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/31 17:31:06 | 000,001,182 | ---- | M] () -- C:\Users\User\Desktop\Dxtory.lnk
[2013/01/31 02:48:15 | 000,001,054 | ---- | M] () -- C:\Users\User\AppData\Roaming\Network Meter_Settings.ini
[2013/01/31 02:47:19 | 000,000,842 | ---- | M] () -- C:\Users\User\AppData\Roaming\Drives Meter_Settings.ini
[2013/01/31 02:47:05 | 000,000,579 | ---- | M] () -- C:\Users\User\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/01/29 17:52:27 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/01/29 17:52:25 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/01/26 19:30:26 | 000,001,007 | ---- | M] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2013/01/26 19:30:23 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/01/25 20:24:38 | 000,764,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/25 17:04:54 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/25 17:04:11 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 18:24:21 | 000,537,171 | ---- | M] () -- C:\Users\User\Desktop\FTB_Launcher.exe
[2013/01/24 17:02:41 | 000,703,117 | ---- | M] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar

========== Files Created - No Company Name ==========

[2013/02/18 18:11:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/18 18:11:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/18 18:11:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/18 18:11:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/18 18:11:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/18 16:02:25 | 1918,042,801 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/18 15:39:56 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2013/02/17 23:54:25 | 005,798,808 | ---- | C] () -- C:\Users\User\Desktop\Fleet Foxes - Tiger Mountain Peasant Song (Cover).mp3
[2013/02/17 20:43:49 | 000,094,359 | ---- | C] () -- C:\Users\User\Desktop\223448_502739733097761_476356545_n.jpg
[2013/02/17 20:43:41 | 000,075,027 | ---- | C] () -- C:\Users\User\Desktop\66963_502739726431095_858533673_n.jpg
[2013/02/16 18:33:34 | 093,749,015 | ---- | C] () -- C:\Users\User\Desktop\crysis 3 clips rendered.mp4
[2013/02/14 17:49:55 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/11 23:30:40 | 000,025,262 | ---- | C] () -- C:\Windows\SysNative\xfisk.ini
[2013/02/11 23:30:40 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
[2013/02/11 23:30:30 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2013/02/11 23:30:30 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2013/02/11 23:30:26 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013/02/11 23:30:26 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/02/11 23:30:26 | 000,083,456 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013/02/11 23:30:26 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/02/11 23:30:26 | 000,000,314 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/02/11 20:48:42 | 000,001,242 | ---- | C] () -- C:\Users\User\Desktop\Adobe After Effects CS5.5.lnk
[2013/02/11 20:43:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.5.lnk
[2013/02/11 20:42:45 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.5.lnk
[2013/02/11 20:42:31 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2013/02/11 20:42:09 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.5.lnk
[2013/02/11 20:41:39 | 000,001,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2013/02/11 20:41:33 | 000,001,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.6.lnk
[2013/02/11 20:39:53 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2013/02/11 20:39:42 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2013/02/11 20:38:55 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/02/09 19:04:42 | 004,458,120 | ---- | C] () -- C:\Users\User\Desktop\DayZ Heavy Metal Farmer.mp4
[2013/02/07 22:29:49 | 005,812,633 | ---- | C] () -- C:\Users\User\Desktop\Justice - D.A.N.C.E. (Official Video).mp3
[2013/02/06 23:37:33 | 000,001,084 | ---- | C] () -- C:\Users\User\Desktop\OrangeAClock.lnk
[2013/02/06 23:36:12 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\Random Clips.lnk
[2013/02/06 19:09:36 | 001,921,018 | ---- | C] () -- C:\Users\User\Desktop\It Rains - Crunch Test With Brian 2.25 Rendered.mp3
[2013/02/05 18:06:21 | 012,291,556 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-12-48-81.avi
[2013/02/05 18:05:23 | 030,805,868 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-03 19-02-18-41.avi
[2013/02/04 18:36:35 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/02/02 23:54:58 | 000,106,567 | ---- | C] () -- C:\Users\User\Desktop\Untitled.camproj
[2013/02/02 23:32:17 | 014,704,506 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-02-02 21-09-04-20.avi
[2013/01/31 23:13:50 | 248,091,136 | ---- | C] () -- C:\Users\User\Desktop\other rocket stuff.avi
[2013/01/31 22:59:15 | 331,681,708 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 21-23-37-06.avi
[2013/01/31 20:46:20 | 060,067,292 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3 MP Open Beta 2013-01-31 19-51-40-12.avi
[2013/01/31 17:52:29 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/31 17:52:29 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013/01/31 17:52:29 | 000,001,940 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/31 17:31:06 | 000,001,182 | ---- | C] () -- C:\Users\User\Desktop\Dxtory.lnk
[2013/01/31 02:47:19 | 000,000,842 | ---- | C] () -- C:\Users\User\AppData\Roaming\Drives Meter_Settings.ini
[2013/01/31 02:47:05 | 000,000,579 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/01/31 02:39:12 | 000,001,054 | ---- | C] () -- C:\Users\User\AppData\Roaming\Network Meter_Settings.ini
[2013/01/26 19:30:26 | 000,001,007 | ---- | C] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2013/01/25 17:04:54 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/24 18:23:36 | 000,537,171 | ---- | C] () -- C:\Users\User\Desktop\FTB_Launcher.exe
[2012/12/24 22:40:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/11/21 13:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/18 19:17:11 | 000,000,083 | ---- | C] () -- C:\Program Files (x86)\update-NFSMW2012.bat
[2012/11/08 16:42:06 | 000,703,117 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar
[2012/11/08 16:42:06 | 000,703,007 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar.bak
[2012/10/13 11:58:34 | 000,007,661 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2012/10/05 21:54:20 | 000,000,079 | ---- | C] () -- C:\Users\User\AppData\Local\CrystalDiskMark30.ini
[2012/10/03 18:29:25 | 000,018,944 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/08/05 08:43:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/05 08:43:44 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/08/05 08:43:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/05 08:43:39 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/08/01 15:05:59 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/08/01 15:05:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/31 14:06:30 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/31 14:06:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/27 14:03:57 | 000,764,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 13:19:57 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/07/27 13:19:20 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/07/27 13:19:20 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/07/26 14:57:39 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/07/26 14:23:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/26 13:40:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/12/11 20:28:34 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/11 20:28:34 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/12/11 20:28:35 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/07 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013/02/07 18:21:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.techniclauncher
[2013/02/09 19:01:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012/08/29 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Awesomium
[2012/09/02 19:52:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FFsplit
[2013/01/24 18:24:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ftblauncher
[2012/10/31 05:09:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2012/09/28 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012/10/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leawo
[2013/02/08 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LEGO Company
[2013/02/07 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\logs
[2012/09/02 18:58:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2012/07/27 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mount&Blade Warband
[2012/07/31 00:07:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/12/05 21:43:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012/10/27 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Play withSIX
[2012/08/04 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PowerISO
[2012/10/17 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers
[2012/11/28 02:11:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2012/08/31 22:50:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\six-zsync
[2012/10/18 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony
[2012/09/02 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Splashtop
[2012/12/25 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2012/10/20 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TechSmith
[2012/09/15 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2012/08/26 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tific
[2012/10/03 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\tiger-k
[2013/02/18 01:39:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/11/10 16:54:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WB Games
[2012/10/20 17:03:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinFF
[2012/10/06 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\XRay Engine
[2012/11/08 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP